Module: DockerMCP
- Defined in:
- lib/docker_mcp.rb,
lib/docker_mcp/server.rb,
lib/docker_mcp/version.rb,
lib/docker_mcp/tag_image.rb,
lib/docker_mcp/pull_image.rb,
lib/docker_mcp/push_image.rb,
lib/docker_mcp/build_image.rb,
lib/docker_mcp/list_images.rb,
lib/docker_mcp/list_volumes.rb,
lib/docker_mcp/remove_image.rb,
lib/docker_mcp/create_volume.rb,
lib/docker_mcp/list_networks.rb,
lib/docker_mcp/remove_volume.rb,
lib/docker_mcp/run_container.rb,
lib/docker_mcp/create_network.rb,
lib/docker_mcp/exec_container.rb,
lib/docker_mcp/remove_network.rb,
lib/docker_mcp/stop_container.rb,
lib/docker_mcp/list_containers.rb,
lib/docker_mcp/start_container.rb,
lib/docker_mcp/create_container.rb,
lib/docker_mcp/remove_container.rb,
lib/docker_mcp/copy_to_container.rb,
lib/docker_mcp/recreate_container.rb,
lib/docker_mcp/fetch_container_logs.rb
Overview
DockerMCP provides a Model Context Protocol (MCP) server for comprehensive Docker management.
This module serves as the main namespace for all Docker MCP functionality, providing tools to interact with Docker containers, images, networks, and volumes through a standardized MCP interface. It enables AI assistants and other MCP clients to perform Docker operations programmatically.
Security Warning
This tool provides powerful capabilities that can be potentially dangerous:
-
Execute arbitrary commands inside containers
-
Access and modify container filesystems
-
Create, modify, and delete Docker resources
Use with caution and ensure proper security measures are in place.
Example Usage
# Initialize the MCP server
server = DockerMCP::Server.new
# The server provides access to 22 Docker management tools:
# - Container management (create, run, start, stop, remove, etc.)
# - Image management (pull, build, tag, push, remove)
# - Network management (create, list, remove)
# - Volume management (create, list, remove)
Dependencies
Requires:
-
Docker Engine installed and running
-
Ruby 3.2+
-
docker-api gem for Docker interactions
-
mcp gem for Model Context Protocol support
Defined Under Namespace
Constant Summary collapse
- VERSION =
Current version of the DockerMCP gem.
This constant follows semantic versioning (SemVer) principles:
-
MAJOR version for incompatible API changes
-
MINOR version for backwards-compatible functionality additions
-
PATCH version for backwards-compatible bug fixes
-
'0.3.0'- TAG_IMAGE_DEFINITION =
MCP tool for tagging Docker images.
This tool provides the ability to assign repository names and tags to Docker images. Tagging is essential for image organization, versioning, and distribution through Docker registries.
Features
-
Tag existing images with custom repository names
-
Support for version and environment tags
-
Force tagging to overwrite existing tags
-
Registry-compatible naming conventions
-
Automatic tag defaulting to “latest”
-
Comprehensive error handling and validation
Security Considerations
Image tagging involves several security considerations:
-
**Registry Authentication**: Tags may trigger registry operations
-
**Namespace Conflicts**: Overwriting tags can affect other deployments
-
**Image Identity**: Improper tagging can lead to deployment confusion
-
**Version Management**: Incorrect tags can compromise CI/CD pipelines
-
**Registry Pollution**: Excessive tagging can clutter registries
**Security Recommendations**:
-
Use consistent naming conventions
-
Implement tag governance policies
-
Verify image identity before tagging
-
Avoid overwriting production tags
-
Use semantic versioning for releases
-
Monitor tag usage and lifecycle
Parameters
-
id: Image ID or current name:tag to tag (required)
-
repo: Repository name (required, e.g., “username/imagename” or “registry/username/imagename”)
-
tag: Tag for the image (optional, default: “latest”)
-
force: Force tag even if it already exists (optional, default: true)
Example Usage
# Tag image with version response = TagImage.call( server_context: context, id: "myapp:dev", repo: "myregistry/myapp", tag: "v1.2.3" ) # Tag for production deployment response = TagImage.call( server_context: context, id: "abc123def456", repo: "production/webapp", tag: "stable", force: false ) # Tag with registry prefix response = TagImage.call( server_context: context, id: "local-build:latest", repo: "registry.company.com/team/service", tag: "release-candidate" ) -
ToolForge.define(:tag_image) do description 'Tag a Docker image' param :id, type: :string, description: 'Image ID or current name:tag to tag' param :repo, type: :string, description: 'Repository name (e.g., "username/imagename" or "registry/username/imagename")' param :tag, type: :string, description: 'Tag for the image (default: "latest")', required: false, default: 'latest' param :force, type: :boolean, description: 'Force tag even if it already exists (default: true)', required: false, default: true execute do |id:, repo:, tag: 'latest', force: true| image = Docker::Image.get(id) image.tag('repo' => repo, 'tag' => tag, 'force' => force) "Image tagged successfully as #{repo}:#{tag}" rescue Docker::Error::NotFoundError "Image #{id} not found" rescue StandardError => e "Error tagging image: #{e.message}" end end
- TagImage =
TAG_IMAGE_DEFINITION.to_mcp_tool
- PULL_IMAGE_DEFINITION =
MCP tool for pulling Docker images from registries.
This tool provides the ability to download Docker images from Docker registries (like Docker Hub) to the local system. It supports flexible tag specification and handles various image naming conventions.
Features
-
Pull images from any accessible Docker registry
-
Flexible tag specification (explicit or default)
-
Support for official and user repositories
-
Automatic latest tag handling
-
Comprehensive error handling
-
Progress tracking through Docker daemon
Security Considerations
Pulling images can introduce security risks:
-
**Malicious Images**: Images may contain malware or backdoors
-
**Vulnerable Software**: Images may have known security vulnerabilities
-
**Untrusted Sources**: Images from unknown publishers may be compromised
-
**Supply Chain Attacks**: Legitimate-looking images may be malicious
-
**Resource Consumption**: Large images can consume significant disk space
**Security Recommendations**:
-
Only pull images from trusted registries and publishers
-
Verify image signatures when available
-
Scan pulled images for vulnerabilities
-
Use specific tags rather than ‘latest’
-
Monitor registry access and authentication
-
Regularly update and patch images
Tag Handling
The tool handles tags intelligently:
-
If image includes tag (e.g., “nginx:1.21”), use as specified
-
If separate tag provided, append to image name
-
If no tag specified, default to “latest”
-
Supports all Docker tag conventions
Parameters
-
from_image: Image name to pull (required, e.g., “ubuntu” or “ubuntu:22.04”)
-
tag: Tag to pull (optional, defaults to “latest” if not specified in from_image)
Example Usage
# Pull latest version response = PullImage.call( server_context: context, from_image: "nginx" ) # Pull specific version response = PullImage.call( server_context: context, from_image: "postgres", tag: "13.8" ) -
ToolForge.define(:pull_image) do description 'Pull a Docker image' param :from_image, type: :string, description: 'Image name to pull (e.g., "ubuntu" or "ubuntu:22.04")' param :tag, type: :string, description: 'Tag to pull (optional, defaults to "latest" if not specified in from_image)', required: false execute do |from_image:, tag: nil| # If tag is provided separately, append it to from_image # If from_image already has a tag (contains :), use as-is # Otherwise default to :latest image_with_tag = if tag "#{from_image}:#{tag}" elsif from_image.include?(':') from_image else "#{from_image}:latest" end image = Docker::Image.create('fromImage' => image_with_tag) "Image #{image_with_tag} pulled successfully. ID: #{image.id}" rescue Docker::Error::NotFoundError "Image #{image_with_tag} not found" rescue StandardError => e "Error pulling image: #{e.message}" end end
- PullImage =
PULL_IMAGE_DEFINITION.to_mcp_tool
- PUSH_IMAGE_DEFINITION =
MCP tool for pushing Docker images to registries.
This tool provides the ability to upload Docker images to Docker registries such as Docker Hub, private registries, or cloud-based container registries. It supports various push configurations and authentication scenarios.
Features
-
Push images to any Docker registry
-
Support for tagged and untagged pushes
-
Registry authentication integration
-
Comprehensive error handling and validation
-
Multi-registry support
-
Progress tracking and status reporting
-
Registry namespace validation
Security Considerations
Pushing images involves significant security risks:
-
**Credential Exposure**: Registry credentials may be exposed
-
**Image Integrity**: Pushed images become publicly accessible
-
**Supply Chain Risk**: Malicious images can be distributed
-
**Registry Security**: Vulnerable registries can be compromised
-
**Network Exposure**: Push operations traverse networks
-
**Access Control**: Improper permissions can lead to unauthorized access
**Security Recommendations**:
-
Use secure registry authentication
-
Scan images for vulnerabilities before pushing
-
Implement image signing and verification
-
Use private registries for sensitive images
-
Monitor registry access and usage
-
Implement proper RBAC for registry operations
-
Validate image content before distribution
Parameters
-
name: Image name or ID to push (required)
-
tag: Tag to push (optional, pushes all tags if not specified)
-
repo_tag: Full repo:tag to push (optional, e.g., “registry/repo:tag”)
Example Usage
# Push to Docker Hub response = PushImage.call( server_context: context, name: "username/myapp", tag: "v1.0.0" ) # Push to private registry response = PushImage.call( server_context: context, name: "myapp", repo_tag: "registry.company.com/team/myapp:latest" ) # Push all tags response = PushImage.call( server_context: context, name: "username/myapp" ) -
ToolForge.define(:push_image) do description 'Push a Docker image' param :name, type: :string, description: 'Image name or ID to push' param :tag, type: :string, description: 'Tag to push (optional, pushes all tags if not specified)', required: false param :repo_tag, type: :string, description: 'Full repo:tag to push (e.g., "registry/repo:tag") (optional)', required: false execute do |name:, tag: nil, repo_tag: nil| # Construct the full image identifier image_identifier = tag ? "#{name}:#{tag}" : name # Validate that the image name includes a registry/username unless name.include?('/') || repo_tag&.include?('/') next 'Error: Image name must include registry/username ' \ "(e.g., 'username/#{name}'). Local images cannot be " \ 'pushed without a registry prefix.' end # Verify the image exists begin Docker::Image.get(image_identifier) rescue Docker::Error::NotFoundError next "Image #{image_identifier} not found" end # Use the Docker CLI to push the image push_target = repo_tag || image_identifier _, stderr, status = Open3.capture3('docker', 'push', push_target) if status.success? "Image #{push_target} pushed successfully" else error_msg = stderr.strip error_msg = 'Failed to push image' if error_msg.empty? "Error pushing image: #{error_msg}" end rescue StandardError => e "Error pushing image: #{e.message}" end end
- PushImage =
PUSH_IMAGE_DEFINITION.to_mcp_tool
- BUILD_IMAGE_DEFINITION =
MCP tool for building Docker images.
This tool provides the ability to build Docker images from Dockerfile content. It creates custom images by executing Dockerfile instructions and supports comprehensive build configuration including tagging and build arguments.
Features
-
Build images from Dockerfile content strings
-
Support for custom image tagging
-
Comprehensive build output and error reporting
-
Handles all standard Dockerfile instructions
-
Build context management
-
Progress tracking and logging
Security Considerations
Image building involves significant security risks:
-
**Code Execution**: Dockerfile RUN commands execute arbitrary code
-
**Network Access**: Build process can access networks and repositories
-
**File System Access**: Can read local files and directories
-
**Credential Exposure**: May expose build-time secrets and credentials
-
**Supply Chain Risk**: Downloaded packages may contain malware
-
**Resource Consumption**: Builds can consume significant CPU, memory, and storage
**Security Recommendations**:
-
Review all Dockerfile content before building
-
Use trusted base images only
-
Avoid embedding secrets in image layers
-
Implement build isolation and sandboxing
-
Monitor build resource consumption
-
Scan built images for vulnerabilities
-
Use multi-stage builds to minimize attack surface
Parameters
-
dockerfile: Dockerfile content as a string (required)
-
tag: Tag for the built image (optional, e.g., “myimage:latest”)
Example Usage
# Build simple image dockerfile_content = "FROM alpine:latest\nRUN apk add --no-cache curl\nCMD [\"curl\", \"--version\"]\n" response = BuildImage.call( server_context: context, dockerfile: dockerfile_content, tag: "my-curl:latest" ) # Build web server image dockerfile_content = "FROM nginx:alpine\nCOPY nginx.conf /etc/nginx/nginx.conf\nEXPOSE 80\nCMD [\"nginx\", \"-g\", \"daemon off;\"]\n" response = BuildImage.call( server_context: context, dockerfile: dockerfile_content, tag: "custom-nginx:v1.0" ) -
ToolForge.define(:build_image) do description 'Build a Docker image' param :dockerfile, type: :string, description: 'Dockerfile content as a string' param :tag, type: :string, description: 'Tag for the built image (e.g., "myimage:latest")', required: false execute do |dockerfile:, tag: nil| # Build the image image = Docker::Image.build(dockerfile) # If a tag was specified, tag the image if tag # Split tag into repo and tag parts repo, image_tag = tag.split(':', 2) image_tag ||= 'latest' image.tag('repo' => repo, 'tag' => image_tag, 'force' => true) end response_text = "Image built successfully. ID: #{image.id}" response_text += ", Tag: #{tag}" if tag response_text rescue StandardError => e "Error building image: #{e.message}" end end
- BuildImage =
BUILD_IMAGE_DEFINITION.to_mcp_tool
- LIST_IMAGES_DEFINITION =
MCP tool for listing Docker images.
This tool provides comprehensive information about all Docker images stored on the local system. It returns detailed metadata including image sizes, creation dates, tags, and usage statistics.
Features
-
Lists all locally stored Docker images
-
Provides detailed image metadata and statistics
-
Shows image sizes and storage usage
-
Displays repository tags and digests
-
Includes creation timestamps and labels
-
Reports container usage counts
Security Considerations
This tool provides information that could be useful for:
-
**System Analysis**: Reveals installed software and versions
-
**Vulnerability Assessment**: Shows potential attack surfaces
-
**Resource Planning**: Exposes storage usage patterns
Monitor access to this tool in production environments.
Return Format
Returns an array of image objects with comprehensive metadata:
-
Repository tags and digests
-
Image sizes and virtual sizes
-
Creation timestamps
-
Container usage counts
-
Labels and annotations
-
Parent-child relationships
Example Usage
images = ListImages.call(server_context: context) images.each do |image| puts "#{image['RepoTags']}: #{image['Size']} bytes" end -
ToolForge.define(:list_images) do description 'List Docker images' execute do Docker::Image.all.map(&:info) end end
- ListImages =
LIST_IMAGES_DEFINITION.to_mcp_tool
- LIST_VOLUMES_DEFINITION =
MCP tool for listing Docker volumes.
This tool provides comprehensive information about all Docker volumes configured on the system. It returns detailed volume metadata including mount points, drivers, usage statistics, and associated containers.
Features
-
Lists all Docker volumes (named and anonymous)
-
Provides detailed volume metadata
-
Shows mount points and storage locations
-
Displays driver information and options
-
Includes creation timestamps and labels
-
Reports volume scope and capabilities
Security Considerations
Volume information can reveal sensitive details about:
-
**Data Storage**: Persistent data locations and structures
-
**File System Access**: Mount points and storage paths
-
**Container Dependencies**: Volume usage patterns
-
**Data Persistence**: Backup and recovery points
Monitor access to this tool and implement appropriate controls.
Return Format
Returns an array of volume objects with comprehensive metadata:
-
Volume names and mount points
-
Driver types and configurations
-
Creation timestamps
-
Labels and options
-
Scope information
-
Storage usage details
Example Usage
volumes = ListVolumes.call(server_context: context) volumes.each do |volume| puts "#{volume['Name']}: #{volume['Mountpoint']}" end -
ToolForge.define(:list_volumes) do description 'List Docker volumes' execute do Docker::Volume.all.map(&:info) end end
- ListVolumes =
LIST_VOLUMES_DEFINITION.to_mcp_tool
- REMOVE_IMAGE_DEFINITION =
MCP tool for removing Docker images.
This tool provides the ability to delete Docker images from the local Docker daemon. It supports various removal options including forced removal and parent image cleanup management.
Features
-
Remove images by ID, name, or tag
-
Force removal of images in use
-
Control untagged parent image cleanup
-
Comprehensive error handling
-
Validation of image existence
-
Safe removal with dependency checking
Security Considerations
Image removal involves important considerations:
-
**Data Loss**: Removed images cannot be recovered locally
-
**Service Disruption**: Removing images used by running containers
-
**Storage Cleanup**: Improper cleanup can leave orphaned layers
-
**Registry Impact**: Local removal doesn’t affect registry copies
-
**Dependency Conflicts**: Force removal can break container dependencies
**Security Recommendations**:
-
Verify image is not in use before removal
-
Use force option only when necessary
-
Consider impact on running containers
-
Backup important images before removal
-
Monitor disk space after removal operations
-
Implement image lifecycle policies
Parameters
-
id: Image ID, name, or name:tag (required)
-
force: Force removal of the image (optional, default: false)
-
noprune: Do not delete untagged parents (optional, default: false)
Example Usage
# Remove specific image response = RemoveImage.call( server_context: context, id: "myapp:old-version" ) # Force remove image in use response = RemoveImage.call( server_context: context, id: "abc123def456", force: true ) # Remove without cleaning parent images response = RemoveImage.call( server_context: context, id: "test-image:latest", noprune: true ) -
ToolForge.define(:remove_image) do description 'Remove a Docker image' param :id, type: :string, description: 'Image ID, name, or name:tag' param :force, type: :boolean, description: 'Force removal of the image (default: false)', required: false, default: false param :noprune, type: :boolean, description: 'Do not delete untagged parents (default: false)', required: false, default: false execute do |id:, force: false, noprune: false| image = Docker::Image.get(id) image.remove(force: force, noprune: noprune) "Image #{id} removed successfully" rescue Docker::Error::NotFoundError "Image #{id} not found" rescue StandardError => e "Error removing image: #{e.message}" end end
- RemoveImage =
REMOVE_IMAGE_DEFINITION.to_mcp_tool
- CREATE_VOLUME_DEFINITION =
MCP tool for creating Docker volumes.
This tool provides the ability to create Docker volumes for persistent data storage. Volumes are essential for maintaining data across container lifecycles and enabling data sharing between containers.
Features
-
Create named Docker volumes
-
Support for multiple volume drivers
-
Persistent data storage management
-
Volume driver configuration
-
Comprehensive error handling
-
Volume lifecycle management
Security Considerations
Volume creation involves important security considerations:
-
**Data Persistence**: Volumes store data beyond container lifecycle
-
**Access Control**: Volume permissions affect data security
-
**Data Isolation**: Improper volumes can compromise data separation
-
**Storage Security**: Volume drivers may have security implications
-
**Resource Usage**: Volumes consume disk space and system resources
-
**Data Leakage**: Shared volumes can expose sensitive data
**Security Recommendations**:
-
Use appropriate volume drivers for security requirements
-
Implement proper access controls and permissions
-
Monitor volume usage and capacity
-
Regular backup of critical volume data
-
Audit volume access patterns
-
Use encryption for sensitive data volumes
-
Implement volume lifecycle policies
Parameters
-
name: Name of the volume (required)
-
driver: Driver to use (optional, default: “local”)
Volume Drivers
-
local: Default driver for local filesystem storage
-
nfs: Network File System driver for shared storage
-
cifs: Common Internet File System driver
-
rexray: REX-Ray driver for cloud storage integration
-
convoy: Convoy driver for snapshot management
Example Usage
# Create basic local volume response = CreateVolume.call( server_context: context, name: "app-data" ) # Create volume with specific driver response = CreateVolume.call( server_context: context, name: "shared-storage", driver: "nfs" ) # Create database volume response = CreateVolume.call( server_context: context, name: "postgres-data", driver: "local" ) -
ToolForge.define(:create_volume) do description 'Create a Docker volume' param :name, type: :string, description: 'Name of the volume' param :driver, type: :string, description: 'Driver to use (default: local)', required: false, default: 'local' execute do |name:, driver: 'local'| = { 'Name' => name, 'Driver' => driver } Docker::Volume.create(name, ) "Volume #{name} created successfully" rescue Docker::Error::ConflictError "Volume #{name} already exists" rescue StandardError => e "Error creating volume: #{e.message}" end end
- CreateVolume =
CREATE_VOLUME_DEFINITION.to_mcp_tool
- LIST_NETWORKS_DEFINITION =
MCP tool for listing Docker networks.
This tool provides comprehensive information about all Docker networks configured on the system. It returns detailed network configuration including IPAM settings, connected containers, and network drivers.
Features
-
Lists all Docker networks (built-in and custom)
-
Provides detailed network configuration
-
Shows IPAM (IP Address Management) settings
-
Displays connected containers
-
Includes driver information and options
-
Reports network scope and capabilities
Security Considerations
Network information can be sensitive as it reveals:
-
**Network Topology**: Internal network architecture
-
**IP Addressing**: Subnet configurations and ranges
-
**Container Connectivity**: Service interconnections
-
**Network Isolation**: Security boundary configurations
Restrict access to this tool in production environments.
Return Format
Returns an array of network objects with comprehensive metadata:
-
Network names and IDs
-
Driver types and configurations
-
IPAM settings and subnet information
-
Connected container details
-
Network options and labels
-
Scope and capability flags
Example Usage
networks = ListNetworks.call(server_context: context) networks.each do |network| puts "#{network['Name']}: #{network['Driver']}" end -
ToolForge.define(:list_networks) do description 'List Docker networks' execute do Docker::Network.all.map(&:info) end end
- ListNetworks =
LIST_NETWORKS_DEFINITION.to_mcp_tool
- REMOVE_VOLUME_DEFINITION =
MCP tool for removing Docker volumes.
This tool provides the ability to delete Docker volumes when they are no longer needed. Volume removal is critical for preventing storage leaks and maintaining clean Docker environments.
Features
-
Remove volumes by name
-
Force removal of volumes in use
-
Validation of volume existence
-
Comprehensive error handling
-
Safe volume cleanup procedures
-
Prevention of accidental data loss
Security Considerations
Volume removal involves critical data considerations:
-
**Data Loss**: Removed volumes and their data are permanently deleted
-
**Service Disruption**: Removing volumes can break running containers
-
**Data Recovery**: Volume data cannot be recovered after removal
-
**Container Dependencies**: Applications may fail without expected volumes
-
**Storage Cleanup**: Improper removal can leave orphaned data
-
**Backup Requirements**: Critical data should be backed up before removal
**Security Recommendations**:
-
Always backup critical data before volume removal
-
Verify no containers are using the volume
-
Use force option only when absolutely necessary
-
Document volume removal in change management
-
Implement volume lifecycle and retention policies
-
Monitor storage usage after volume removal
-
Consider data migration instead of removal
Parameters
-
name: Volume name (required)
-
force: Force removal of the volume (optional, default: false)
Example Usage
# Remove unused volume response = RemoveVolume.call( server_context: context, name: "old-app-data" ) # Force remove volume in use response = RemoveVolume.call( server_context: context, name: "stuck-volume", force: true ) # Clean up test volumes response = RemoveVolume.call( server_context: context, name: "test-data-volume" ) -
ToolForge.define(:remove_volume) do description 'Remove a Docker volume' param :name, type: :string, description: 'Volume name' param :force, type: :boolean, description: 'Force removal of the volume (default: false)', required: false, default: false execute do |name:, force: false| volume = Docker::Volume.get(name) volume.remove(force: force) "Volume #{name} removed successfully" rescue Docker::Error::NotFoundError "Volume #{name} not found" rescue StandardError => e "Error removing volume: #{e.message}" end end
- RemoveVolume =
REMOVE_VOLUME_DEFINITION.to_mcp_tool
- RUN_CONTAINER_DEFINITION =
MCP tool for running Docker containers.
This tool creates and immediately starts a Docker container from a specified image in a single operation. It combines the functionality of create_container and start_container for convenience when immediate execution is desired.
Features
-
Creates and starts containers in one operation
-
Supports all container configuration options
-
Configures command execution and environment variables
-
Sets up port exposure and network configuration
-
Applies advanced host configurations and volume mounts
-
Handles container naming and labeling
Security Considerations
Running containers involves significant security considerations:
-
**Immediate Execution**: Starts processes immediately upon creation
-
**Resource Consumption**: Consumes CPU, memory, and storage resources
-
**Network Exposure**: Creates active network endpoints
-
**File System Access**: Potentially accesses host directories
-
**Process Isolation**: Runs processes with configured privileges
Implement strict access controls and resource monitoring.
Parameters
-
image: Docker image to use (required)
-
name: Custom container name (optional)
-
cmd: Command to execute as space-separated string (optional)
-
env: Environment variables as comma-separated KEY=VALUE pairs (optional)
-
exposed_ports: Port exposure configuration as JSON object (optional)
-
host_config: Advanced host configuration as JSON object (optional)
Example Usage
# Simple container execution response = RunContainer.call( server_context: context, image: "alpine:latest", cmd: "echo 'Hello World'" ) # Web server with port binding response = RunContainer.call( server_context: context, image: "nginx:latest", name: "web-server", exposed_ports: {"80/tcp" => {}}, host_config: { "PortBindings" => {"80/tcp" => [{"HostPort" => "8080"}]} } ) -
ToolForge.define(:run_container) do description 'Run a Docker container (create and start)' param :image, type: :string, description: 'Image name to use (e.g., "ubuntu:22.04")' param :name, type: :string, description: 'Container name (optional)', required: false param :cmd, type: :string, description: 'Command to run as space-separated string (optional, e.g., "npm start" or "python app.py")', required: false param :env, type: :string, description: 'Environment variables as comma-separated KEY=VALUE pairs (optional)', required: false param :exposed_ports, type: :object, description: 'Exposed ports as {"port/protocol": {}} (optional)', required: false param :host_config, type: :object, description: 'Host configuration including port bindings, volumes, etc. (optional)', required: false execute do |image:, name: nil, cmd: nil, env: nil, exposed_ports: nil, host_config: nil| config = { 'Image' => image } config['name'] = name if name # Parse cmd string into array if provided config['Cmd'] = Shellwords.split(cmd) if cmd && !cmd.strip.empty? # Parse env string into array if provided config['Env'] = env.split(',').map(&:strip) if env && !env.strip.empty? config['ExposedPorts'] = exposed_ports if exposed_ports config['HostConfig'] = host_config if host_config container = Docker::Container.create(config) container.start container_name = container.info['Names']&.first&.delete_prefix('/') "Container started successfully. ID: #{container.id}, Name: #{container_name}" rescue Docker::Error::NotFoundError "Image #{image} not found" rescue Docker::Error::ConflictError "Container with name #{name} already exists" rescue StandardError => e "Error running container: #{e.message}" end end
- RunContainer =
RUN_CONTAINER_DEFINITION.to_mcp_tool
- CREATE_NETWORK_DEFINITION =
MCP tool for creating Docker networks.
This tool provides the ability to create custom Docker networks for container communication and isolation. Networks enable secure and controlled communication between containers and external systems.
Features
-
Create custom Docker networks
-
Support for multiple network drivers (bridge, overlay, host, etc.)
-
Duplicate name checking and validation
-
Network configuration and options
-
Comprehensive error handling
-
Network isolation and security controls
Security Considerations
Network creation involves important security considerations:
-
**Network Isolation**: Improper networks can compromise container isolation
-
**Traffic Control**: Networks affect inter-container communication
-
**External Access**: Bridge networks may expose containers externally
-
**Resource Usage**: Networks consume system resources
-
**DNS Resolution**: Custom networks affect service discovery
-
**Firewall Bypass**: Networks can bypass host firewall rules
**Security Recommendations**:
-
Use appropriate network drivers for use case
-
Implement network segmentation strategies
-
Monitor network traffic and usage
-
Avoid exposing internal networks externally
-
Use network policies for access control
-
Regular audit of network configurations
Parameters
-
name: Name of the network (required)
-
driver: Driver to use (optional, default: “bridge”)
-
check_duplicate: Check for networks with duplicate names (optional, default: true)
Network Drivers
-
bridge: Default driver for single-host networking
-
overlay: Multi-host networking for Docker Swarm
-
host: Uses host’s network stack directly
-
none: Disables networking for containers
-
macvlan: Assigns MAC addresses to containers
Example Usage
# Create basic bridge network response = CreateNetwork.call( server_context: context, name: "app-network" ) # Create overlay network for swarm response = CreateNetwork.call( server_context: context, name: "swarm-network", driver: "overlay" ) # Create network allowing duplicates response = CreateNetwork.call( server_context: context, name: "test-network", driver: "bridge", check_duplicate: false ) -
ToolForge.define(:create_network) do description 'Create a Docker network' param :name, type: :string, description: 'Name of the network' param :driver, type: :string, description: 'Driver to use (default: bridge)', required: false, default: 'bridge' param :check_duplicate, type: :boolean, description: 'Check for networks with duplicate names (default: true)', required: false, default: true execute do |name:, driver: 'bridge', check_duplicate: true| = { 'Name' => name, 'Driver' => driver, 'CheckDuplicate' => check_duplicate } network = Docker::Network.create(name, ) "Network #{name} created successfully. ID: #{network.id}" rescue Docker::Error::ConflictError "Network #{name} already exists" rescue StandardError => e "Error creating network: #{e.message}" end end
- CreateNetwork =
CREATE_NETWORK_DEFINITION.to_mcp_tool
- EXEC_CONTAINER_DEFINITION =
MCP tool for executing commands inside Docker containers.
This tool provides the ability to execute arbitrary commands inside running Docker containers. It supports interactive and non-interactive execution, environment variable injection, working directory specification, and user context switching within the container.
Features
-
Execute arbitrary commands in running containers
-
Support for command arguments and shell parsing
-
Environment variable injection
-
Working directory specification
-
User context switching (run as specific user)
-
Standard input, output, and error handling
-
Configurable execution timeouts
Security Considerations
**CRITICAL WARNING**: This tool provides arbitrary command execution capabilities with significant security implications:
-
**Code Execution**: Can run any command available in the container
-
**File System Access**: Can read, write, and modify container files
-
**Network Access**: Can initiate network connections from container
-
**Process Manipulation**: Can start, stop, and signal processes
-
**Data Exposure**: Can access sensitive data within the container
-
**Privilege Escalation**: May exploit container or kernel vulnerabilities
-
**Resource Consumption**: Can consume container and host resources
**Security Recommendations**:
-
Implement strict access controls and authentication
-
Use dedicated execution containers with minimal privileges
-
Monitor and log all command executions
-
Apply resource limits and timeouts
-
Validate and sanitize all command inputs
-
Consider using read-only file systems where possible
-
Implement network segmentation for container environments
Parameters
-
id: Container ID or name (required)
-
cmd: Command to execute (shell-parsed into arguments) (required)
-
working_dir: Working directory for command execution (optional)
-
user: User to run the command as (optional, e.g., “1000” or “username”)
-
env: Environment variables as comma-separated KEY=VALUE pairs (optional)
-
stdin: Input to send to command via stdin (optional)
-
timeout: Timeout in seconds (optional, default: 60)
Example Usage
# Basic command execution response = ExecContainer.call( server_context: context, id: "web-container", cmd: "nginx -t" ) # Advanced execution with environment response = ExecContainer.call( server_context: context, id: "app-container", cmd: "bundle exec rails console", working_dir: "/app", user: "rails", env: "RAILS_ENV=production,DEBUG=true", timeout: 300 ) -
ToolForge.define(:exec_container) do description 'Execute a command inside a running Docker container. ' \ 'WARNING: This provides arbitrary command execution within the container. ' \ 'Ensure proper security measures are in place.' param :id, type: :string, description: 'Container ID or name' param :cmd, type: :string, description: 'Command to execute (e.g., "ls -la /app" or "python script.py")' param :working_dir, type: :string, description: 'Working directory for the command (optional)', required: false param :user, type: :string, description: 'User to run the command as (optional, e.g., "1000" or "username")', required: false param :env, type: :string, description: 'Environment variables as comma-separated KEY=VALUE pairs (optional)', required: false param :stdin, type: :string, description: 'Input to send to the command via stdin (optional)', required: false param :timeout, type: :integer, description: 'Timeout in seconds (optional, default: 60)', required: false, default: 60 execute do |id:, cmd:, working_dir: nil, user: nil, env: nil, stdin: nil, timeout: 60| container = Docker::Container.get(id) # Parse command string into array cmd_array = Shellwords.split(cmd) # Parse environment variables from comma-separated string to array env.split(',').map(&:strip) if env && !env.empty? # Execute the command stdout_data = [] stderr_data = [] exit_code = nil begin # Use container.exec which returns [stdout, stderr, exit_code] result = if stdin container.exec(cmd_array, stdin: StringIO.new(stdin), wait: timeout) else container.exec(cmd_array, wait: timeout) end stdout_data = result[0] stderr_data = result[1] exit_code = result[2] rescue Docker::Error::TimeoutError return "Command execution timed out after #{timeout} seconds" end # Format response response_text = "Command executed in container #{id}\n" response_text += "Exit code: #{exit_code}\n\n" if stdout_data && !stdout_data.empty? stdout_str = stdout_data.join response_text += "STDOUT:\n#{stdout_str}\n" unless stdout_str.strip.empty? end if stderr_data && !stderr_data.empty? stderr_str = stderr_data.join response_text += "\nSTDERR:\n#{stderr_str}\n" unless stderr_str.strip.empty? end response_text.strip rescue Docker::Error::NotFoundError "Container #{id} not found" rescue StandardError => e "Error executing command: #{e.message}" end end
- ExecContainer =
EXEC_CONTAINER_DEFINITION.to_mcp_tool
- REMOVE_NETWORK_DEFINITION =
MCP tool for removing Docker networks.
This tool provides the ability to delete Docker networks when they are no longer needed. Network removal helps maintain clean network configurations and prevents resource leaks.
Features
-
Remove networks by ID or name
-
Validation of network existence
-
Comprehensive error handling
-
Prevention of removing networks in use
-
Safe cleanup of network resources
-
Network dependency checking
Security Considerations
Network removal involves important considerations:
-
**Service Disruption**: Removing active networks disconnects containers
-
**Data Isolation**: Network removal can affect container communication
-
**Resource Cleanup**: Improper removal can leave network artifacts
-
**Container Dependencies**: Containers may fail without expected networks
-
**Network Policies**: Removal affects security and access policies
**Security Recommendations**:
-
Verify no containers are connected before removal
-
Check for dependent services and applications
-
Document network removal in change logs
-
Implement network lifecycle management
-
Monitor for orphaned network resources
-
Use network removal as part of cleanup procedures
Parameters
-
id: Network ID or name (required)
Example Usage
# Remove network by name response = RemoveNetwork.call( server_context: context, id: "app-network" ) # Remove network by ID response = RemoveNetwork.call( server_context: context, id: "abc123def456" ) # Clean up test networks response = RemoveNetwork.call( server_context: context, id: "test-isolated-network" ) -
ToolForge.define(:remove_network) do description 'Remove a Docker network' param :id, type: :string, description: 'Network ID or name' execute do |id:| network = Docker::Network.get(id) network.delete "Network #{id} removed successfully" rescue Docker::Error::NotFoundError "Network #{id} not found" rescue StandardError => e "Error removing network: #{e.message}" end end
- RemoveNetwork =
REMOVE_NETWORK_DEFINITION.to_mcp_tool
- STOP_CONTAINER_DEFINITION =
MCP tool for stopping Docker containers.
This tool gracefully stops a running Docker container by sending a SIGTERM signal to the main process, allowing it to shut down cleanly. If the container doesn’t stop within the specified timeout, it will be forcefully killed with SIGKILL.
Features
-
Graceful container shutdown with SIGTERM
-
Configurable timeout for forced termination
-
Supports container identification by ID or name
-
Handles both running and already-stopped containers
-
Provides clear feedback on operation status
-
Preserves container and data integrity
Security Considerations
Stopping containers affects service availability:
-
**Service Disruption**: Terminates running services and processes
-
**Data Integrity**: May interrupt ongoing operations
-
**Resource Release**: Frees CPU, memory, and network resources
-
**State Preservation**: Maintains container state for future restart
Coordinate container stops with dependent services and users.
Parameters
-
id: Container ID or name (required)
-
Accepts full container IDs
-
Accepts short container IDs (first 12+ characters)
-
Accepts custom container names
-
-
timeout: Seconds to wait before killing container (optional, default: 10)
Example Usage
# Stop with default timeout response = StopContainer.call( server_context: context, id: "web-server" ) # Stop with custom timeout response = StopContainer.call( server_context: context, id: "database", timeout: 30 ) -
ToolForge.define(:stop_container) do description 'Stop a Docker container' param :id, type: :string, description: 'Container ID or name' param :timeout, type: :integer, description: 'Seconds to wait before killing the container (default: 10)', required: false, default: 10 execute do |id:, timeout: 10| container = Docker::Container.get(id) container.stop('timeout' => timeout) "Container #{id} stopped successfully" rescue Docker::Error::NotFoundError "Container #{id} not found" rescue StandardError => e "Error stopping container: #{e.message}" end end
- StopContainer =
STOP_CONTAINER_DEFINITION.to_mcp_tool
- LIST_CONTAINERS_DEFINITION =
MCP tool for listing Docker containers.
This tool provides comprehensive information about all Docker containers on the system, including both running and stopped containers. It returns detailed metadata for each container including names, images, status, network configuration, and resource usage.
Features
-
Lists all containers (running and stopped)
-
Provides detailed container metadata
-
Shows network configuration and port mappings
-
Displays resource usage and statistics
-
Includes mount point information
-
Shows container labels and annotations
Security Considerations
This tool provides system information that could be useful for:
-
**System Reconnaissance**: Reveals running services and configurations
-
**Network Discovery**: Shows internal network topology
-
**Resource Analysis**: Exposes system resource usage patterns
Use with appropriate access controls in production environments.
Return Format
Returns an array of container objects with comprehensive metadata:
-
Container names and IDs
-
Image information and tags
-
Current state and status
-
Network settings and port bindings
-
Mount points and volumes
-
Labels and environment details
Example Usage
containers = ListContainers.call(server_context: context) containers.each do |container| puts "#{container['Names'].first}: #{container['State']}" end -
ToolForge.define(:list_containers) do description 'List Docker containers' param :all, type: :boolean, description: 'Show all containers (default shows all containers including stopped ones)', required: false, default: true execute do |all: true| Docker::Container.all(all: all).map(&:info) end end
- ListContainers =
LIST_CONTAINERS_DEFINITION.to_mcp_tool
- START_CONTAINER_DEFINITION =
MCP tool for starting Docker containers.
This tool starts a previously created Docker container that is currently in a “created” or “stopped” state. It transitions the container to a “running” state and begins executing the configured command or entrypoint.
Features
-
Starts containers by ID or name
-
Supports both short and full container IDs
-
Works with custom container names
-
Provides clear success/failure feedback
-
Handles container state transitions
-
Preserves all container configuration
Security Considerations
Starting containers involves security implications:
-
**Process Execution**: Begins running container processes
-
**Resource Activation**: Activates CPU, memory, and I/O usage
-
**Network Activation**: Brings network interfaces online
-
**Service Exposure**: Makes configured services accessible
Ensure proper monitoring and access controls are in place.
Parameters
-
id: Container ID or name (required)
-
Accepts full container IDs
-
Accepts short container IDs (first 12+ characters)
-
Accepts custom container names
-
Example Usage
# Start by container name response = StartContainer.call( server_context: context, id: "web-server" ) # Start by container ID response = StartContainer.call( server_context: context, id: "a1b2c3d4e5f6" ) -
ToolForge.define(:start_container) do description 'Start a Docker container' param :id, type: :string, description: 'Container ID or name' execute do |id:| container = Docker::Container.get(id) container.start "Container #{id} started successfully" rescue Docker::Error::NotFoundError "Container #{id} not found" rescue StandardError => e "Error starting container: #{e.message}" end end
- StartContainer =
START_CONTAINER_DEFINITION.to_mcp_tool
- CREATE_CONTAINER_DEFINITION =
MCP tool for creating Docker containers.
This tool creates a new Docker container from a specified image without starting it. The container is created in a “created” state and can be started later using the start_container tool. This two-step process allows for container configuration before execution.
Features
-
Creates containers from any available Docker image
-
Supports custom container naming
-
Configures command execution and environment variables
-
Sets up port exposure and network configuration
-
Applies advanced host configurations
-
Handles container labeling and metadata
Security Considerations
Container creation is a powerful operation that can:
-
**Resource Allocation**: Consume system resources and storage
-
**Network Access**: Create network endpoints and bindings
-
**File System Access**: Mount host directories and volumes
-
**Security Context**: Run with elevated privileges if configured
Implement proper access controls and resource limits.
Parameters
-
image: Docker image to use (required)
-
name: Custom container name (optional)
-
cmd: Command to execute as space-separated string (optional)
-
env: Environment variables as comma-separated KEY=VALUE pairs (optional)
-
exposed_ports: Port exposure configuration as JSON object (optional)
-
host_config: Advanced host configuration as JSON object (optional)
Example Usage
# Simple container creation response = CreateContainer.call( server_context: context, image: "nginx:latest", name: "web-server" ) # Advanced container with configuration response = CreateContainer.call( server_context: context, image: "postgres:13", name: "database", env: "POSTGRES_PASSWORD=secret,POSTGRES_DB=myapp", exposed_ports: {"5432/tcp" => {}}, host_config: { "PortBindings" => {"5432/tcp" => [{"HostPort" => "5432"}]}, "Binds" => ["/host/data:/var/lib/postgresql/data:rw"] } ) -
ToolForge.define(:create_container) do description 'Create a Docker container' param :image, type: :string, description: 'Image name to use (e.g., "ubuntu:22.04")' param :name, type: :string, description: 'Container name (optional)', required: false param :cmd, type: :string, description: 'Command to run as space-separated string (optional, e.g., "npm start" or "python app.py")', required: false param :env, type: :string, description: 'Environment variables as comma-separated KEY=VALUE pairs (optional)', required: false param :exposed_ports, type: :object, description: 'Exposed ports as {"port/protocol": {}} (optional)', required: false param :host_config, type: :object, description: 'Host configuration including port bindings, volumes, etc. (optional)', required: false execute do |image:, name: nil, cmd: nil, env: nil, exposed_ports: nil, host_config: nil| config = { 'Image' => image } config['name'] = name if name # Parse cmd string into array if provided config['Cmd'] = Shellwords.split(cmd) if cmd && !cmd.strip.empty? # Parse env string into array if provided config['Env'] = env.split(',').map(&:strip) if env && !env.strip.empty? config['ExposedPorts'] = exposed_ports if exposed_ports config['HostConfig'] = host_config if host_config container = Docker::Container.create(config) container_name = container.info['Names']&.first&.delete_prefix('/') "Container created successfully. ID: #{container.id}, Name: #{container_name}" rescue Docker::Error::NotFoundError "Image #{image} not found" rescue Docker::Error::ConflictError "Container with name #{name} already exists" rescue StandardError => e "Error creating container: #{e.message}" end end
- CreateContainer =
CREATE_CONTAINER_DEFINITION.to_mcp_tool
- REMOVE_CONTAINER_DEFINITION =
MCP tool for removing Docker containers.
This tool permanently removes a Docker container from the system, including its file system, configuration, and metadata. This is a destructive operation that cannot be undone. The container must be stopped before removal unless force is specified.
Features
-
Permanent container removal from system
-
Supports forced removal of running containers
-
Optional removal of associated volumes
-
Handles container identification by ID or name
-
Provides comprehensive error handling
-
Frees all associated system resources
Security Considerations
Container removal is a destructive operation with implications:
-
**Data Loss**: Permanently destroys container file system
-
**Configuration Loss**: Removes container settings and metadata
-
**Service Disruption**: Eliminates containerized services
-
**Resource Recovery**: Frees storage, memory, and system resources
-
**Audit Trail**: May remove forensic evidence if needed
Implement proper backup and approval workflows for production systems.
Parameters
-
id: Container ID or name (required)
-
Accepts full container IDs
-
Accepts short container IDs (first 12+ characters)
-
Accepts custom container names
-
-
force: Force removal of running container (optional, default: false)
-
volumes: Remove associated volumes (optional, default: false)
Example Usage
# Remove stopped container response = RemoveContainer.call( server_context: context, id: "old-web-server" ) # Force remove running container with volumes response = RemoveContainer.call( server_context: context, id: "problematic-container", force: true, volumes: true ) -
ToolForge.define(:remove_container) do description 'Remove a Docker container' param :id, type: :string, description: 'Container ID or name' param :force, type: :boolean, description: 'Force removal of running container (default: false)', required: false, default: false param :volumes, type: :boolean, description: 'Remove associated volumes (default: false)', required: false, default: false execute do |id:, force: false, volumes: false| container = Docker::Container.get(id) container.delete(force: force, v: volumes) "Container #{id} removed successfully" rescue Docker::Error::NotFoundError "Container #{id} not found" rescue StandardError => e "Error removing container: #{e.message}" end end
- RemoveContainer =
REMOVE_CONTAINER_DEFINITION.to_mcp_tool
- COPY_TO_CONTAINER_DEFINITION =
MCP tool for copying files and directories to Docker containers.
This tool provides the ability to copy files and directories from the local host filesystem into running Docker containers. It supports both individual files and entire directory trees, with optional ownership modification within the container.
Features
-
Copy files and directories from host to container
-
Supports recursive directory copying
-
Preserves file permissions and metadata
-
Optional ownership modification after copy
-
Works with running containers
-
Comprehensive error handling and validation
Security Considerations
File copying operations have significant security implications:
-
**File System Access**: Reads local host file system content
-
**Container Modification**: Alters container file system state
-
**Data Injection**: Can introduce malicious files into containers
-
**Permission Escalation**: May affect container security context
-
**Resource Consumption**: Large copies can consume storage and I/O
-
**Path Traversal**: Improper paths could access unintended locations
**Security Recommendations**:
-
Validate and sanitize all file paths
-
Implement access controls for source file locations
-
Monitor file copy operations and sizes
-
Use read-only mounts where possible
-
Apply resource limits to prevent abuse
Parameters
-
id: Container ID or name (required)
-
source_path: Path to file/directory on local filesystem (required)
-
destination_path: Path inside container for copied content (required)
-
owner: Owner for copied files (optional, e.g., “1000:1000” or “username:group”)
Example Usage
# Copy single file response = CopyToContainer.call( server_context: context, id: "web-server", source_path: "/local/config.conf", destination_path: "/etc/nginx/nginx.conf" ) # Copy directory with ownership change response = CopyToContainer.call( server_context: context, id: "app-container", source_path: "/local/app-data", destination_path: "/var/lib/app", owner: "app:app" ) -
ToolForge.define(:copy_to_container) do description 'Copy a file or directory from the local filesystem into a running Docker container. ' \ 'The source path is on the local machine, and the destination path is inside the container.' param :id, type: :string, description: 'Container ID or name' param :source_path, type: :string, description: 'Path to the file or directory on the local filesystem to copy' param :destination_path, type: :string, description: 'Path inside the container where the file/directory should be copied' param :owner, type: :string, description: 'Owner for the copied files (optional, e.g., "1000:1000" or "username:group")', required: false # Helper method for adding files/directories to tar class_helper :add_to_tar do |tar, path, archive_path| if File.directory?(path) # Add directory entry tar.mkdir(archive_path, File.stat(path).mode) # Add directory contents Dir.entries(path).each do |entry| next if ['.', '..'].include?(entry) full_path = File.join(path, entry) archive_entry_path = File.join(archive_path, entry) add_to_tar(tar, full_path, archive_entry_path) end else # Add file File.open(path, 'rb') do |file| tar.add_file_simple(archive_path, File.stat(path).mode, file.size) do |tar_file| IO.copy_stream(file, tar_file) end end end end execute do |id:, source_path:, destination_path:, owner: nil| container = Docker::Container.get(id) # Verify source path exists next "Source path not found: #{source_path}" unless File.exist?(source_path) # Create a tar archive of the source tar_io = StringIO.new tar_io.set_encoding('ASCII-8BIT') Gem::Package::TarWriter.new(tar_io) do |tar| add_to_tar(tar, source_path, File.basename(source_path)) end tar_io.rewind # Copy to container container.archive_in_stream(destination_path) do tar_io.read end # Optionally change ownership if owner chown_path = File.join(destination_path, File.basename(source_path)) container.exec(['chown', '-R', owner, chown_path]) end file_type = File.directory?(source_path) ? 'directory' : 'file' response_text = "Successfully copied #{file_type} from #{source_path} to #{id}:#{destination_path}" response_text += "\nOwnership changed to #{owner}" if owner response_text rescue Docker::Error::NotFoundError "Container #{id} not found" rescue StandardError => e "Error copying to container: #{e.message}" end end
- CopyToContainer =
COPY_TO_CONTAINER_DEFINITION.to_mcp_tool
- RECREATE_CONTAINER_DEFINITION =
MCP tool for recreating Docker containers.
This tool provides a complete container recreation process that stops the existing container, removes it, and creates a new container with the same configuration. This is useful for applying image updates, clearing container state, or resolving container corruption issues.
Features
-
Complete container recreation with preserved configuration
-
Automatic stop, remove, and recreate sequence
-
Preserves original container configuration and settings
-
Configurable stop timeout for graceful shutdown
-
Handles both running and stopped containers
-
Maintains container networking and volume configurations
Security Considerations
Container recreation involves several security considerations:
-
**Service Downtime**: Temporary service interruption during recreation
-
**Data Loss**: Container file system changes are lost (volumes preserved)
-
**Resource Allocation**: New container may have different resource usage
-
**Network Reconfiguration**: IP addresses may change
-
**State Reset**: Application state within container is lost
Plan recreations carefully and coordinate with dependent services.
Parameters
-
id: Container ID or name to recreate (required)
-
timeout: Seconds to wait before killing container when stopping (optional, default: 10)
Process Flow
-
Inspect existing container to capture configuration
-
Stop the running container (if running)
-
Remove the stopped container
-
Create new container with captured configuration
-
Return new container information
Example Usage
# Recreate with default timeout response = RecreateContainer.call( server_context: context, id: "web-server" ) # Recreate with extended timeout response = RecreateContainer.call( server_context: context, id: "database", timeout: 30 ) -
ToolForge.define(:recreate_container) do description 'Recreate a Docker container (stops, removes, and recreates with same configuration)' param :id, type: :string, description: 'Container ID or name to recreate' param :timeout, type: :integer, description: 'Seconds to wait before killing the container when stopping (default: 10)', required: false, default: 10 execute do |id:, timeout: 10| # Get the existing container old_container = Docker::Container.get(id) config = old_container.json # Extract configuration we need to preserve image = config['Config']['Image'] name = config['Name']&.delete_prefix('/') cmd = config['Config']['Cmd'] env = config['Config']['Env'] exposed_ports = config['Config']['ExposedPorts'] host_config = config['HostConfig'] # Stop and remove the old container old_container.stop('timeout' => timeout) if config['State']['Running'] old_container.delete # Create new container with same config new_config = { 'Image' => image, 'Cmd' => cmd, 'Env' => env, 'ExposedPorts' => exposed_ports, 'HostConfig' => host_config } new_config['name'] = name if name new_container = Docker::Container.create(new_config) # Start if the old one was running new_container.start if config['State']['Running'] "Container #{id} recreated successfully. New ID: #{new_container.id}" rescue Docker::Error::NotFoundError "Container #{id} not found" rescue StandardError => e "Error recreating container: #{e.message}" end end
- RecreateContainer =
RECREATE_CONTAINER_DEFINITION.to_mcp_tool
- FETCH_CONTAINER_LOGS_DEFINITION =
MCP tool for fetching Docker container logs.
This tool retrieves log output from Docker containers, including both standard output and standard error streams. It supports filtering by stream type, limiting output length, timestamp inclusion, and retrieving logs from both running and stopped containers.
Features
-
Fetch logs from running and stopped containers
-
Separate or combined stdout and stderr streams
-
Configurable output length limiting (tail functionality)
-
Optional timestamp inclusion for log entries
-
Support for container identification by ID or name
-
Comprehensive error handling and status reporting
Security Considerations
Container logs may contain sensitive information:
-
**Application Data**: Database queries, API keys, user data
-
**System Information**: Internal paths, configuration details
-
**Error Details**: Stack traces revealing application internals
-
**Access Patterns**: User behavior and system usage information
-
**Debugging Information**: Temporary credentials or session data
Implement proper access controls and data sanitization for log access.
Parameters
-
id: Container ID or name (required)
-
stdout: Include stdout in logs (optional, default: true)
-
stderr: Include stderr in logs (optional, default: true)
-
timestamps: Show timestamps for log entries (optional, default: false)
-
tail: Number of lines to show from end of logs (optional, default: all)
Example Usage
# Fetch all logs response = FetchContainerLogs.call( server_context: context, id: "web-server" ) # Fetch recent errors with timestamps response = FetchContainerLogs.call( server_context: context, id: "app-container", stdout: false, stderr: true, timestamps: true, tail: 100 ) -
ToolForge.define(:fetch_container_logs) do description 'Fetch Docker container logs' param :id, type: :string, description: 'Container ID or name' param :stdout, type: :boolean, description: 'Include stdout (default: true)', required: false, default: true param :stderr, type: :boolean, description: 'Include stderr (default: true)', required: false, default: true param :tail, type: :integer, description: 'Number of lines to show from the end of logs (default: all)', required: false param :timestamps, type: :boolean, description: 'Show timestamps (default: false)', required: false, default: false execute do |id:, stdout: true, stderr: true, tail: nil, timestamps: false| container = Docker::Container.get(id) = { stdout: stdout, stderr: stderr, timestamps: } [:tail] = tail if tail container.logs() rescue Docker::Error::NotFoundError "Container #{id} not found" rescue StandardError => e "Error fetching logs: #{e.message}" end end
- FetchContainerLogs =
FETCH_CONTAINER_LOGS_DEFINITION.to_mcp_tool