User ManualPodWarden
Settings: MCP
Model Context Protocol server configuration and token management
What you see
URL: /settings (MCP tab)
The MCP tab manages PodWarden's built-in Model Context Protocol (MCP) server. MCP allows AI agents and tools (such as Claude Code) to interact with your PodWarden instance programmatically using a standardized protocol.
Fields
| Field | Description |
|---|---|
| MCP server status | Whether the MCP server is running and accepting connections |
| Endpoint URL | The URL where the MCP server is accessible (e.g. https://podwarden.example.com/mcp) |
| Tokens | List of active MCP access tokens (prefixed with pwm_) |
Available actions
| Action | What it does |
|---|---|
| Generate token | Creates a new MCP access token (prefixed with pwm_). The token is displayed once -- copy it immediately |
| Revoke token | Permanently deactivates an MCP token. Revoked tokens cannot be re-activated |
How MCP works
PodWarden exposes an MCP endpoint at /mcp that provides 41 infrastructure management tools to AI agents. With a valid pwm_ token, an agent can:
- List and inspect clusters, hosts, workloads, and deployments
- Create and modify stacks and assignments
- Deploy and undeploy workloads
- Check ingress DNS, HTTP, and TLS status
- Manage backup policies and snapshots
- Run provisioning jobs
Token security
- MCP tokens start with
pwm_to distinguish them from Hub API keys (pwc_). - Each token has full access to all MCP tools -- there is no per-tool scoping.
- Tokens are stored as hashed values in the database.
- Revoke any token that may have been compromised.
Related docs
- MCP Overview -- Full MCP documentation
- MCP Setup -- How to configure MCP clients
- MCP Tools -- Complete list of available MCP tools
- MCP Tokens -- Token management and authentication details
- Settings -- DDNS -- Previous settings tab
- Settings -- Users -- Next settings tab