Labsco
OctopusDeploy logo

Octopus Deploy Official MCP Server

98

from OctopusDeploy

The Octopus MCP Server provides your AI assistant with powerful tools that allow it to inspect, query, and diagnose problems within your Octopus instance, transforming it into your ultimate DevOps wingmate.

🔥🔥🔥🔥✓ VerifiedAccount requiredNeeds API keys
<picture> <source media="(prefers-color-scheme: dark)" srcset="https://github.com/octopusdeploy/mcp-server/blob/main/images/OctopusDeploy_Logo_DarkMode.png?raw=true"> <source media="(prefers-color-scheme: light)" srcset="https://github.com/octopusdeploy/mcp-server/blob/main/images/OctopusDeploy_Logo_LightMode.png?raw=true"> <img alt="Octopus Deploy Logo" src="https://github.com/octopusdeploy/mcp-server/blob/main/images/OctopusDeploy_Logo_LightMode.png?raw=true" /> </picture>

Octopus Deploy Official MCP Server

Octopus makes it easy to deliver software to Kubernetes, multi-cloud, on-prem infrastructure, and anywhere else. Automate the release, deployment, and operations of your software and AI workloads with a tool that can handle CD at scale in ways no other tool can.

Model Context Protocol (MCP) allows the AI assistants you use in your day to day work, like Claude Code, or ChatGPT, to connect to the systems and services you own in a standardized fashion, allowing them to pull information from those systems and services to answer questions and perform tasks.

The Octopus MCP Server provides your AI assistant with powerful tools that allow it to inspect, query, and diagnose problems within your Octopus instance, transforming it into your ultimate DevOps wingmate. For a list of supported use-cases and sample prompts, see our documentation.

Octopus Server Compatibility

Most tools exposed by the MCP Server use stable APIs that have been available from at least version 2021.1 of Octopus Server. Tools that are newer will specify the minimum supported version in the documentation. Alternatively, you can use the command line argument --list-tools-by-version to check how specific tools relate to versions of Octopus.

🔨 Tools

URL-Based Tools

Quick start: Paste Octopus URLs directly to investigate issues without manual ID extraction.

  • get_deployment_from_url: Get deployment details from deployment URL (returns taskId for follow-up)
  • get_task_from_url: Get task details and logs from task URL

Deployment investigation workflow:

Copy & paste — that's it
1. get_deployment_from_url with deployment URL
   → Returns deployment context + taskResourceUri + grepTaskLogHint

2a. Fetch the structured activity tree via resources/read (or read_resource)
    octopus://spaces/{spaceName}/tasks/{taskId}/details

2b. Or call grep_task_log with the taskId to search the raw log without
    fetching the full body:
       grep_task_log({ spaceName, taskId, pattern: "error|fail", caseInsensitive: true })

Task investigation (direct task URL):

Copy & paste — that's it
get_task_from_url with task URL
→ Returns task details and logs immediately

These tools eliminate manual ID extraction by:

  • Parsing URLs automatically
  • Resolving space IDs to space names
  • Validating ID formats
  • Providing clear error messages

Example URLs:

  • Deployment: https://your-octopus.com/app#/Spaces-1/projects/my-app/deployments/Deployments-123
  • Task: https://your-octopus.com/app#/Spaces-1/tasks/ServerTasks-456

See Working with URLs for detailed workflows, examples, and best practices.

Core Tools

  • list_spaces: List all spaces in the Octopus Deploy instance
  • list_environments: List all environments in a given space

API Catalog & Backstop

These tools and resources let the agent reach Octopus REST endpoints that don't have a dedicated curated tool, with hard server-side gating between read, write, and delete operations.

  • grep_llms_txt: Search the Octopus API catalog (octopus://api/llms.txt) with grep-style semantics (minimum supported Octopus version: 2026.2.3916). The catalog body is large (typically 300+ KB) — call this rather than reading the resource body directly. Parameters mirror GNU grep (pattern, caseInsensitive, invertMatch, fixedString, beforeContext, afterContext, maxCount). Useful for discovering endpoints (POST /releases), enumerating delete endpoints (DELETE ), or finding the body type for a write operation (Body: Create.*Command).
  • execute: Structured REST backstop. Reaches any Octopus REST endpoint under /api. The HTTP method is the authoritative read/write/delete classifier — never an isWrite flag the LLM can set. Method gating is hard-coded server-side:
    • GET is always allowed (subject to the path shape check + sensitive denylist).
    • POST/PUT/PATCH are blocked when --read-only is set; otherwise they require user confirmation via elicitation.
    • DELETE requires --allow-deletes (and is blocked when --read-only is set) plus a stronger "IRREVERSIBLE" elicitation message.
    • The sensitive denylist (API-key endpoints, DELETE /api/spaces/{id}, DELETE /api/users/{id}) is enforced even with both flags on.
    • The path is required to be /api or start with /api/ — absolute URLs, SDK-relative ~/api/... paths, and host-relative paths outside /api (e.g. /octopus/portal/...) are rejected up front, so execute stays bounded to the Octopus REST API surface.
    • Per-toolset path allowlist applies only when --toolsets has been narrowed. With every toolset enabled (the default, or explicit --toolsets all) the allowlist is bypassed and any path under /api is reachable subject to the gates above. When --toolsets is narrowed the allowlist becomes the kill-switch: paths only resolve if their owning toolset is enabled, so disabling a toolset (e.g. certificates) makes its paths unreachable through execute even on GET.

Catalog data is also exposed as MCP Resources:

  • octopus://api/llms.txt — markdown catalog of every Octopus REST endpoint (HTTP method, path, query params, request/response types). Requires Octopus Server 2026.2.3916 or later. 5-minute in-memory cache keyed on the configured server URL. Prefer grep_llms_txt to reading the body directly.
  • octopus://api/capabilities — JSON describing the running session: server version, enabled toolsets, available tools (with their minimumOctopusVersion), and whether --read-only / --allow-deletes is on. Useful for the agent to discover what's reachable in this session.

Projects

  • list_projects: List all projects in a given space

Deployments

  • deploy_release: Deploy a release to environments (supports both tenanted and untenanted deployments)
  • list_deployments: List deployments in a space with optional filtering

Releases

  • create_release: Create a new release for a project
  • find_releases: Find releases in a space (can get a specific release by ID, or list/filter releases by project)

Release detail is also available as an MCP Resource at octopus://spaces/{spaceName}/releases/{releaseId} — fetch via resources/read (or the read_resource backstop tool) to get the full release body, including release notes and selected packages.

Runbooks

  • find_runbooks: Find runbooks in a project (can get a specific runbook by ID, or list/filter runbooks by partial name). Each summary includes the published snapshot ID, multi-tenancy mode, and environment scope so callers can pick valid targets before running.
  • run_runbook: Run a runbook against one or more environments. Supports tenanted runs (by tenant name or tenant tag), prompted variables, guided failure mode, scheduled run windows, and step or machine inclusion/exclusion. Defaults to the runbook's published snapshot if runbookSnapshotId is omitted.

The full runbook body (including runtime policy fields) is available as an MCP Resource at octopus://spaces/{spaceName}/runbooks/{runbookId}.

Tasks

Task data is primarily exposed as MCP Resources. Use resources/read (or the read_resource backstop tool) with one of:

  • octopus://spaces/{spaceName}/tasks/{taskId} — lightweight metadata (state, timing, completion flags)
  • octopus://spaces/{spaceName}/tasks/{taskId}/details — full ServerTaskDetails (Progress, ActivityLogs tree, etc.)

For log search, use the grep_task_log tool rather than a /log resource:

  • grep_task_log: Search a task's activity log without fetching the full body. Parameters mirror GNU grep (pattern, caseInsensitive, invertMatch, fixedString, beforeContext, afterContext, maxCount). Returns matching lines with 1-indexed lineNumber, optional before/after context arrays, and a totalMatches count across the whole log.

There is intentionally no /log resource: activity logs can be multi-megabyte, and an addressable resource would tempt callers to fetch the entire body when grep is almost always the right primitive.

Tenants

  • find_tenants: Find tenants in a space (can get a specific tenant by ID or list/search tenants with filters)
  • get_tenant_variables: Get tenant variables by type (all, common, or project)
  • get_missing_tenant_variables: Get tenant variables that are missing values

Kubernetes

  • get_kubernetes_live_status: Get live status of Kubernetes resources for a project and environment (minimum supported version: 2025.3)

Machines (Deployment Targets)

  • find_deployment_targets: Find deployment targets in a space (can get a specific target by ID or list/search targets with filters)

Certificates

  • find_certificates: Find certificates in a space (can get a specific certificate by ID or list/search certificates with filters)

Accounts

  • find_accounts: Find accounts in a space (can get a specific account by ID or list/search accounts with filters)

Interruptions

  • find_interruptions: Find pending or historical interruptions (manual interventions, approvals, guided-failure prompts) in a space, optionally filtered by task, project, environment, regarding document, responsibility, or pending state. Returns slim summaries; dereference the octopus://spaces/{spaceName}/interruptions/{interruptionId} resource for the full Form definition (control types, Markdown instructions, button options, submitted Form.Values).

Feature Toggles

  • find_feature_toggles: List customer feature toggles in a project. Each summary includes per-environment state (isEnabled, rolloutPercentage, clientRolloutPercentage) plus a resourceUri so "where is X turned on" is answerable from the list response.
  • update_feature_toggle: Adjust an existing toggle. Narrow surface — flip an environment on/off, change rollout percentages, or update the toggle-level description / default state. Internally fetches the current toggle, applies your patches in memory, and PUTs the merged body, so unmentioned environments and unmentioned fields are preserved. Patches that reference an environment not already configured on the toggle are rejected.

The full toggle body (description, tenants, segments, minimum versions) is available as an MCP Resource at octopus://spaces/{spaceName}/projects/{projectId}/featuretoggles/{slug}. Rollout group bodies are addressable at octopus://spaces/{spaceName}/projects/{projectId}/rolloutgroups/{rolloutGroupId} for read-only inspection.

Out of scope (use the Octopus UI): creating new feature toggles, deleting toggles, renaming or retagging, attaching/detaching rollout groups, tenant targeting, segments, minimum-version filters, and rollout-group / SDK client-identifier management.

Additional Tools

  • get_deployment_process: Get deployment process by ID for projects or releases
  • get_variables: Get all project variables and library variable set variables for a project (supports config-as-code projects via gitRef)
  • get_branches: Get Git branches for a version-controlled project (minimum supported version: 2021.2)
  • get_current_user: Get information about the current authenticated user

🔒 Security Considerations

The Octopus MCP Server includes both read and write operations. Important security considerations:

Read Operations

  • Can read full deployment logs, which could include production secrets if they were not marked as secrets
  • Access to sensitive configuration data and variables
  • Exercise caution when connecting to tools and models you do not fully trust

Write Operations

By default, the following write operations are available:

  • Creating releases: Can create new releases for projects
  • Deploying releases: Can trigger deployments to environments (including production)
  • Running runbooks: Can execute runbooks against environments and tenants
  • Updating feature toggles: Can flip per-environment state and change rollout percentages on existing toggles
  • Arbitrary POST/PUT/PATCH via the execute backstop: Bounded to paths under /api, with an always-on sensitive denylist. The per-toolset path allowlist applies only when --toolsets has been narrowed; with all toolsets enabled (the default) the only path gates are the /api boundary and the sensitive denylist.

Pass --read-only to disable all of the above. DELETE requests through execute require an additional --allow-deletes flag — a deliberate opt-in for irreversible operations — and remain blocked when --read-only is set.

Critical Security Measures:

  1. Least Privilege: Use API keys with the minimum permissions needed for your use case
  2. Opt In to Read-Only Mode: Writes are enabled by default. For production, pass --read-only unless you have a specific, controlled use case for write operations. DELETE always requires the additional --allow-deletes opt-in.
  3. Method gating is server-side and hard-coded: The HTTP method passed to execute is the authoritative classifier. The agent cannot bypass the gate by misrepresenting what the call does — POST/PUT/PATCH/DELETE requests get tier-specific gating regardless of the prose in the request body.
  4. Toolset filtering doubles as a kill switch: Narrowing --toolsets removes both the disabled toolsets' curated tools and their paths from the execute allowlist. (The allowlist is only consulted when toolsets are narrowed; with all toolsets enabled execute is bounded by the /api shape check and the sensitive denylist instead.)
  5. Prompt Injection Risk: Running agents in fully automated fashion could make you vulnerable to prompt-injection attacks

Recommendation: For production environments, pass --read-only unless you have a specific, controlled use case for write operations. Leave --allow-deletes off unless you specifically need DELETE semantics through execute.

🤝 Contributions

Contributions are welcome! :heart: Please read our Contributing Guide for information about how to get involved in this project.

We are eager to hear how you plan to use Octopus MCP Server and what features you would like to see included in future version.

Please use Issues to provide feedback, or request features.

If you are a current Octopus customer, please report any issues you experience using our MCP server to our support team. This will ensure you get a timely response within our standard support guarantees.

License

This project is licensed under the terms of Mozilla Public License 2.0 open source license.