@supernova123/docker-mcp-server 0.2.4 → 0.3.0

package/README.md

@@ -141,11 +141,21 @@ claude mcp add docker -- npx -y @supernova123/docker-mcp-server
 
 ## Security
 
+This server has **full Docker daemon access** via the Docker socket. It is designed for local development and trusted environments.
+
 - **Read-only by default**: all container and image tools read state; write operations (start/stop/remove) require explicit tool calls
-- **No API keys needed**: connects to local Docker daemon via socket
+- **No API keys needed**: connects to local Docker socket (`/var/run/docker.sock`), not remote API tokens
 - **No network access**: all operations are local Docker API calls
+- **Input validation**: Zod schemas on every tool parameter — command injection, path traversal, and env injection are rejected at the schema level
+- **Output sanitization**: ANSI escape codes, invisible Unicode, and Docker stream headers are stripped from all tool output
+- **Output size caps**: log output capped at 100KB, general output at 1MB, to prevent LLM context overflow
+- **Parameter bounds**: command arrays limited to 50 args, env to 50 vars, log tail to 10K lines, timeouts enforced (600s health, 300s events)
 - **MIT License**: fully auditable
 
+**Threat model**: any tool that calls Docker through this server can start any container with any flags, including privileged. The threat model is the same as giving a user shell access to the Docker socket. Do not expose this server to untrusted users.
+
+For vulnerability reports, see [SECURITY.md](SECURITY.md).
+
 ## License
 
 MIT

package/SECURITY.md

@@ -0,0 +1,52 @@
+# Security
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in this project, please report it responsibly.
+
+**Email:** security@friendlygeorge.org
+
+Please do not file public GitHub issues for security bugs.
+
+## Supported Versions
+
+The latest release on npm (`@supernova123/docker-mcp-server`) is the only supported version. Security fixes are applied to the latest release only.
+
+## Threat Model
+
+This server has **full Docker daemon access** via the Docker socket (`/var/run/docker.sock`). It is designed for **local development and trusted environments**.
+
+**In scope:**
+- Input validation on all tool parameters (command injection, path traversal, env injection)
+- Output sanitization (ANSI escape stripping, invisible Unicode removal, output size caps)
+- Schema-level bounds on all numeric and array parameters
+
+**Out of scope:**
+- Exposing this server to untrusted users or the public internet
+- Running in multi-tenant environments without additional isolation
+- Docker socket access control (by design, the server needs full daemon access)
+
+**Key security properties:**
+- No embedded credentials — the server uses the Docker socket, not API tokens
+- No network egress — all communication is local Docker API calls
+- Zod input validation on every tool parameter
+- Output sanitization prevents prompt injection via command output
+- Read-only tools marked with `readOnlyHint: true` in MCP metadata
+
+## Security Hardening (v0.2.5+)
+
+Starting with v0.2.5, the server includes:
+- **Command validation:** `exec_in_container` rejects shell metacharacters and enforces POSIX path rules
+- **Path validation:** `build_image` restricts build context to local absolute paths (no URLs)
+- **Output sanitization:** ANSI escapes, invisible Unicode, and Docker stream headers are stripped
+- **Output size caps:** Log output capped at 100KB, general output at 1MB
+- **Parameter bounds:** Command arrays limited to 50 args, env to 50 vars, log tail to 10K lines
+- **Timeout enforcement:** Health watch (600s max), event listening (300s max)
+
+## Dependencies
+
+Run `npm audit` regularly. The CI pipeline includes `npm audit --audit-level=high` on every push.
+
+## License
+
+MIT — see [LICENSE](LICENSE) for details.

package/dist/docker.d.ts

@@ -8,5 +8,10 @@ export declare function createDockerClient(options?: DockerClientOptions): Docke
 export declare function formatError(error: unknown): string;
 export declare function formatContainer(container: Dockerode.ContainerInfo): Record<string, unknown>;
 export declare function formatImage(image: Dockerode.ImageInfo): Record<string, unknown>;
+/**
+ * Sanitize tool output: strip ANSI escapes, invisible Unicode, and truncate.
+ * Prevents prompt injection via output and caps LLM context cost.
+ */
+export declare function sanitizeOutput(text: string, maxLength?: number): string;
 export declare function formatBytes(bytes: number): string;
 //# sourceMappingURL=docker.d.ts.map

package/dist/docker.js

@@ -47,6 +47,25 @@ export function formatImage(image) {
         created: new Date(image.Created).toISOString(),
     };
 }
+/**
+ * Sanitize tool output: strip ANSI escapes, invisible Unicode, and truncate.
+ * Prevents prompt injection via output and caps LLM context cost.
+ */
+export function sanitizeOutput(text, maxLength = 1_000_000) {
+    // Strip ANSI escape codes (CSI, OSC, simple sequences)
+    text = text.replace(/\x1b\[[0-9;?]*[a-zA-Z]/g, "");
+    text = text.replace(/\x1b\][^\x07]*\x07/g, ""); // OSC terminated by BEL
+    text = text.replace(/\x1b[@-Z\\-_]/g, ""); // Single-char escapes
+    // Strip invisible Unicode (Tag chars, bidi overrides, zero-width)
+    text = text.replace(/[\u{E0000}-\u{E007F}\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF]/gu, "");
+    // Strip Docker stream-frame headers (8-byte prefix per frame)
+    text = text.replace(/^[\x00-\x0f]{8}/gm, "");
+    // Truncate to cap memory and LLM context cost
+    if (text.length > maxLength) {
+        return text.slice(0, maxLength) + `\n... [output truncated at ${maxLength} chars]`;
+    }
+    return text;
+}
 export function formatBytes(bytes) {
     if (bytes === 0)
         return "0 B";

package/dist/server.js

@@ -6,11 +6,12 @@ import { registerHealthTools } from "./tools/health.js";
 import { registerLogsTools } from "./tools/logs.js";
 import { registerExecTools } from "./tools/exec.js";
 import { registerNetworkTools } from "./tools/network.js";
+import { registerVolumeTools } from "./tools/volume.js";
 import { registerMonitoringTools } from "./tools/monitoring.js";
 export function createServer(docker) {
     const server = new McpServer({
         name: "docker-mcp-server",
-        version: "0.2.0",
+        version: "0.3.0",
     });
     // Register all tool categories
     registerContainerTools(server, docker);
@@ -20,6 +21,7 @@ export function createServer(docker) {
     registerLogsTools(server, docker);
     registerExecTools(server, docker);
     registerNetworkTools(server, docker);
+    registerVolumeTools(server, docker);
     registerMonitoringTools(server, docker);
     return server;
 }

package/dist/tools/compose.js

@@ -3,7 +3,7 @@ import { existsSync, statSync } from "fs";
 import { join } from "path";
 import { promisify } from "util";
 import { ComposeUpSchema, ComposeDownSchema, ComposePsSchema, ComposeLogsSchema, ComposeRestartSchema, } from "../types.js";
-import { formatError } from "../docker.js";
+import { formatError, sanitizeOutput } from "../docker.js";
 const execAsync = promisify(execCb);
 const COMPOSE_FILE_NAMES = ["docker-compose.yml", "docker-compose.yaml", "compose.yml", "compose.yaml"];
 function resolveComposePath(inputPath) {
@@ -92,7 +92,8 @@ export function registerComposeTools(server) {
             if (params.services?.length)
                 args.push(...params.services);
             const output = runCompose(params.path, args);
-            return { content: [{ type: "text", text: output || "No logs found." }] };
+            // Use 100KB cap for log output to keep LLM context small
+            return { content: [{ type: "text", text: sanitizeOutput(output, 100_000) || "No logs found." }] };
         }
         catch (error) {
             return { content: [{ type: "text", text: `Error: ${formatError(error)}` }], isError: true };

package/dist/tools/exec.js

@@ -1,5 +1,5 @@
 import { ExecInContainerSchema } from "../types.js";
-import { formatError } from "../docker.js";
+import { formatError, sanitizeOutput } from "../docker.js";
 export function registerExecTools(server, docker) {
     server.tool("exec_in_container", "Execute a command inside a running Docker container. Returns stdout, stderr, and exit code.", ExecInContainerSchema.shape, { openWorldHint: false }, async (params) => {
         try {
@@ -18,7 +18,7 @@ export function registerExecTools(server, docker) {
                 stream.on("end", () => resolve(data));
             });
             const inspect = await exec.inspect();
-            const cleanOutput = output.replace(/^[\x00-\x0f]{8}/gm, "");
+            const cleanOutput = sanitizeOutput(output);
             return {
                 content: [{
                         type: "text",

package/dist/tools/logs.js

@@ -1,5 +1,5 @@
 import { StreamLogsSchema, ContainerStatsSchema } from "../types.js";
-import { formatError, formatBytes } from "../docker.js";
+import { formatError, formatBytes, sanitizeOutput } from "../docker.js";
 export function registerLogsTools(server, docker) {
     server.tool("stream_logs", "Get logs from a single Docker container by ID or name. Use stream_logs for one container; use compose_logs for multi-service Compose stacks. Supports tail count (default 100 lines), since timestamp for filtering, and follow mode. Returns UTF-8 log text with multiplexed stream headers stripped, or 'No logs found.' when the container has no output. Read-only and safe to call repeatedly. Returns an error string if the container does not exist.", StreamLogsSchema.shape, { readOnlyHint: true, idempotentHint: true, openWorldHint: false }, async (params) => {
         try {
@@ -12,7 +12,8 @@ export function registerLogsTools(server, docker) {
                 follow: false,
             });
             // Dockerode returns a Buffer with multiplexed stream headers
-            const output = logs.toString("utf-8").replace(/^[\x00-\x0f]{8}/gm, "");
+            // Use 100KB cap for logs to keep LLM context small
+            const output = sanitizeOutput(logs.toString("utf-8"), 100_000);
             return { content: [{ type: "text", text: output || "No logs found." }] };
         }
         catch (error) {

package/dist/tools/monitoring.js

@@ -1,4 +1,5 @@
 import { ContainerHealthStatusSchema, ContainerResourceUsageSchema, WatchEventsSchema, SearchLogsSchema, ResourceAlertCheckSchema, MonitorDashboardSchema, } from "../types.js";
+import { sanitizeOutput } from "../docker.js";
 export function registerMonitoringTools(server, docker) {
     // 1. fleet_status — health status of all running containers
     server.tool("container_health_status", "Check health status, uptime, and restart count for all running Docker containers. Returns JSON with container name, state, health probe status (healthy/unhealthy/no-healthcheck), and restart count. Use this for a quick fleet health overview; for resource metrics use container_resource_usage instead. Returns an array of objects with name, id, state, status, health, uptime, restartCount, and image fields. Read-only and safe to call repeatedly.", ContainerHealthStatusSchema.shape, { readOnlyHint: true, idempotentHint: true, openWorldHint: false }, async (params) => {
@@ -146,7 +147,7 @@ export function registerMonitoringTools(server, docker) {
                         tail: params.tail || 500,
                         since: params.since ? Math.floor(new Date(params.since).getTime() / 1000) : undefined,
                     });
-                    const output = logStream.toString("utf-8").replace(/^[\x00-\x0f]{8}/gm, "");
+                    const output = sanitizeOutput(logStream.toString("utf-8"), 100_000);
                     const lines = output.split("\n");
                     for (const line of lines) {
                         if (regex.test(line)) {

package/dist/tools/volume.d.ts

@@ -0,0 +1,4 @@
+import Dockerode from "dockerode";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerVolumeTools(server: McpServer, docker: Dockerode): void;
+//# sourceMappingURL=volume.d.ts.map

package/dist/tools/volume.js

@@ -0,0 +1,95 @@
+import { CreateVolumeSchema, InspectVolumeSchema, RemoveVolumeSchema, PruneVolumesSchema, } from "../types.js";
+import { formatError } from "../docker.js";
+export function registerVolumeTools(server, docker) {
+    server.tool("create_volume", "Create a Docker volume with optional driver, labels, and options. Returns volume name, driver, and mountpoint.", CreateVolumeSchema.shape, { readOnlyHint: false, destructiveHint: false, idempotentHint: true, openWorldHint: false }, async (params) => {
+        try {
+            const result = await docker.createVolume({
+                Name: params.name,
+                Driver: params.driver || "local",
+                Labels: params.labels,
+                DriverOpts: params.options,
+            });
+            return {
+                content: [{
+                        type: "text",
+                        text: JSON.stringify({
+                            name: result.Name,
+                            driver: result.Driver,
+                            mountpoint: result.Mountpoint,
+                            created: result.CreatedAt,
+                            labels: result.Labels,
+                        }, null, 2),
+                    }],
+            };
+        }
+        catch (error) {
+            return { content: [{ type: "text", text: `Error: ${formatError(error)}` }], isError: true };
+        }
+    });
+    server.tool("inspect_volume", "Inspect a Docker volume. Returns detailed info including name, driver, mountpoint, labels, scope, and usage data.", InspectVolumeSchema.shape, { readOnlyHint: true, idempotentHint: true, openWorldHint: false }, async (params) => {
+        try {
+            const volume = docker.getVolume(params.name);
+            const info = await volume.inspect();
+            return {
+                content: [{
+                        type: "text",
+                        text: JSON.stringify({
+                            name: info.Name,
+                            driver: info.Driver,
+                            mountpoint: info.Mountpoint,
+                            labels: info.Labels,
+                            scope: info.Scope,
+                            options: info.Options,
+                            status: info.Status || null,
+                            usage: info.UsageData || null,
+                        }, null, 2),
+                    }],
+            };
+        }
+        catch (error) {
+            return { content: [{ type: "text", text: `Error: ${formatError(error)}` }], isError: true };
+        }
+    });
+    server.tool("remove_volume", "Remove a Docker volume. Use force=true to remove even if in use by containers.", RemoveVolumeSchema.shape, { readOnlyHint: false, destructiveHint: true, idempotentHint: true, openWorldHint: false }, async (params) => {
+        try {
+            const volume = docker.getVolume(params.name);
+            await volume.remove({ force: params.force || false });
+            return {
+                content: [{
+                        type: "text",
+                        text: JSON.stringify({ success: true, name: params.name, message: `Volume '${params.name}' removed` }),
+                    }],
+            };
+        }
+        catch (error) {
+            return { content: [{ type: "text", text: `Error: ${formatError(error)}` }], isError: true };
+        }
+    });
+    server.tool("prune_volumes", "Remove all unused Docker volumes. Returns count of removed volumes and reclaimed space.", PruneVolumesSchema.shape, { readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: false }, async (params) => {
+        try {
+            const filters = {};
+            if (params.filter) {
+                const match = params.filter.match(/label=(.+)/);
+                if (match) {
+                    filters.label = [match[1]];
+                }
+            }
+            const result = await docker.pruneVolumes({
+                filters: Object.keys(filters).length > 0 ? filters : undefined,
+            });
+            return {
+                content: [{
+                        type: "text",
+                        text: JSON.stringify({
+                            volumes_deleted: result.VolumesDeleted || [],
+                            space_reclaimed: result.SpaceReclaimed || 0,
+                        }, null, 2),
+                    }],
+            };
+        }
+        catch (error) {
+            return { content: [{ type: "text", text: `Error: ${formatError(error)}` }], isError: true };
+        }
+    });
+}
+//# sourceMappingURL=volume.js.map

package/dist/types.d.ts

@@ -306,6 +306,46 @@ export declare const ListVolumesSchema: z.ZodObject<{
 }, {
     filter?: string | undefined;
 }>;
+export declare const CreateVolumeSchema: z.ZodObject<{
+    name: z.ZodString;
+    driver: z.ZodOptional<z.ZodString>;
+    labels: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    options: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    labels?: Record<string, string> | undefined;
+    options?: Record<string, string> | undefined;
+    driver?: string | undefined;
+}, {
+    name: string;
+    labels?: Record<string, string> | undefined;
+    options?: Record<string, string> | undefined;
+    driver?: string | undefined;
+}>;
+export declare const InspectVolumeSchema: z.ZodObject<{
+    name: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+}, {
+    name: string;
+}>;
+export declare const RemoveVolumeSchema: z.ZodObject<{
+    name: z.ZodString;
+    force: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    name: string;
+    force?: boolean | undefined;
+}, {
+    name: string;
+    force?: boolean | undefined;
+}>;
+export declare const PruneVolumesSchema: z.ZodObject<{
+    filter: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    filter?: string | undefined;
+}, {
+    filter?: string | undefined;
+}>;
 export declare const ContainerHealthStatusSchema: z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>;
 export declare const ContainerResourceUsageSchema: z.ZodObject<{
     sort_by: z.ZodOptional<z.ZodEnum<["cpu", "memory", "network"]>>;
@@ -320,15 +360,15 @@ export declare const WatchEventsSchema: z.ZodObject<{
     since: z.ZodOptional<z.ZodString>;
     duration: z.ZodOptional<z.ZodNumber>;
 }, "strip", z.ZodTypeAny, {
+    duration?: number | undefined;
     since?: string | undefined;
     container?: string | undefined;
     event_type?: "all" | "start" | "stop" | "die" | "restart" | "health_status" | "oom" | undefined;
-    duration?: number | undefined;
 }, {
+    duration?: number | undefined;
     since?: string | undefined;
     container?: string | undefined;
     event_type?: "all" | "start" | "stop" | "die" | "restart" | "health_status" | "oom" | undefined;
-    duration?: number | undefined;
 }>;
 export declare const SearchLogsSchema: z.ZodObject<{
     pattern: z.ZodString;

package/dist/types.js

@@ -1,4 +1,9 @@
 import { z } from "zod";
+// Validation regexes (shared across schemas)
+const SAFE_CMD_ARG = /^[A-Za-z0-9_./:@%+=,\-]+$/;
+const SAFE_PATH = /^\/[A-Za-z0-9_./\-]+$/;
+const SAFE_ENV_KEY = /^[A-Z_][A-Z0-9_]*$/;
+const SAFE_BUILD_CONTEXT = /^\/[A-Za-z0-9_./\-]+$/;
 // Container lifecycle schemas
 export const ListContainersSchema = z.object({
     all: z.boolean().optional().describe("Include stopped containers (default: false)"),
@@ -48,11 +53,12 @@ export const PullImageSchema = z.object({
     tag: z.string().optional().describe("Tag to pull (default: 'latest')"),
 });
 export const BuildImageSchema = z.object({
-    context: z.string().describe("Build context path or Dockerfile content"),
+    context: z.string().regex(SAFE_BUILD_CONTEXT, "Build context must be a local absolute path (no URLs, no '..')")
+        .max(4096).describe("Build context path (local absolute path only)"),
     tag: z.string().describe("Tag for the built image (e.g., 'myapp:v1')"),
-    dockerfile: z.string().optional().describe("Dockerfile name relative to context (default: 'Dockerfile')"),
-    build_args: z.record(z.string()).optional().describe("Build arguments"),
-    target: z.string().optional().describe("Target build stage"),
+    dockerfile: z.string().max(256).optional().describe("Dockerfile name relative to context (default: 'Dockerfile')"),
+    build_args: z.record(z.string().regex(SAFE_ENV_KEY, "Build arg key must be POSIX-style").max(256), z.string().max(4096)).optional().describe("Build arguments (keys must be POSIX-style)"),
+    target: z.string().max(256).optional().describe("Target build stage"),
 });
 export const RemoveImageSchema = z.object({
     image: z.string().describe("Image name or ID"),
@@ -93,8 +99,8 @@ export const CheckHealthSchema = z.object({
 });
 export const WatchHealthSchema = z.object({
     container_id: z.string().describe("Container ID or name"),
-    timeout: z.number().optional().describe("Max seconds to wait (default: 60)"),
-    interval: z.number().optional().describe("Seconds between polls (default: 5)"),
+    timeout: z.number().max(600).optional().describe("Max seconds to wait (default: 60, max: 600)"),
+    interval: z.number().max(60).optional().describe("Seconds between polls (default: 5, max: 60)"),
 });
 export const SetRestartPolicySchema = z.object({
     container_id: z.string().describe("Container ID or name"),
@@ -104,19 +110,21 @@ export const SetRestartPolicySchema = z.object({
 // Logs schemas
 export const StreamLogsSchema = z.object({
     container_id: z.string().describe("Container ID or name"),
-    tail: z.number().optional().describe("Number of lines to show (default: 100)"),
+    tail: z.number().max(10000).optional().describe("Number of lines to show (default: 100, max: 10000)"),
     since: z.string().optional().describe("Show logs since timestamp (e.g., '2026-01-01T00:00:00Z')"),
     follow: z.boolean().optional().describe("Follow log output (default: false)"),
 });
 export const ContainerStatsSchema = z.object({
     container_id: z.string().describe("Container ID or name"),
 });
-// Exec schema
+// Exec schema (validated per Finding 8.1 — command/working_dir/env constraints)
 export const ExecInContainerSchema = z.object({
     container_id: z.string().describe("Container ID or name"),
-    command: z.array(z.string()).describe("Command to execute"),
-    working_dir: z.string().optional().describe("Working directory inside container"),
-    env: z.record(z.string()).optional().describe("Environment variables"),
+    command: z.array(z.string().max(500).regex(SAFE_CMD_ARG, "Command arg contains disallowed characters"))
+        .min(1).max(50).describe("Command to execute (max 50 args, alphanumeric + safe chars only)"),
+    working_dir: z.string().regex(SAFE_PATH, "Working directory must be an absolute path without '..'")
+        .max(1000).optional().describe("Working directory inside container (absolute path)"),
+    env: z.record(z.string().regex(SAFE_ENV_KEY, "Env key must be POSIX-style (A-Z, 0-9, _)").max(100), z.string().max(1000)).optional().describe("Environment variables (keys must be POSIX-style)"),
 });
 // Network/Volume schemas
 export const ListNetworksSchema = z.object({
@@ -125,6 +133,22 @@ export const ListNetworksSchema = z.object({
 export const ListVolumesSchema = z.object({
     filter: z.string().optional().describe("Filter by name or driver"),
 });
+export const CreateVolumeSchema = z.object({
+    name: z.string().min(1).max(255).describe("Volume name"),
+    driver: z.string().optional().describe("Volume driver (default: 'local')"),
+    labels: z.record(z.string(), z.string()).optional().describe("Labels to apply to the volume"),
+    options: z.record(z.string(), z.string()).optional().describe("Driver-specific options"),
+});
+export const InspectVolumeSchema = z.object({
+    name: z.string().min(1).describe("Volume name or ID to inspect"),
+});
+export const RemoveVolumeSchema = z.object({
+    name: z.string().min(1).describe("Volume name or ID to remove"),
+    force: z.boolean().optional().describe("Force removal even if in use (default: false)"),
+});
+export const PruneVolumesSchema = z.object({
+    filter: z.string().optional().describe("Filter by label (e.g., 'label=key=value')"),
+});
 // Monitoring schemas (v0.2.0)
 export const ContainerHealthStatusSchema = z.object({});
 export const ContainerResourceUsageSchema = z.object({
@@ -134,12 +158,12 @@ export const WatchEventsSchema = z.object({
     container: z.string().optional().describe("Filter by container name or ID"),
     event_type: z.enum(["start", "stop", "die", "restart", "health_status", "oom", "all"]).optional().describe("Filter by event type (default: all)"),
     since: z.string().optional().describe("Show events since timestamp (e.g., '2026-01-01T00:00:00Z')"),
-    duration: z.number().optional().describe("Max seconds to listen (default: 30)"),
+    duration: z.number().max(300).optional().describe("Max seconds to listen (default: 30, max: 300)"),
 });
 export const SearchLogsSchema = z.object({
-    pattern: z.string().describe("Regex or grep pattern to search for"),
-    containers: z.array(z.string()).optional().describe("Specific containers to search (default: all running)"),
-    tail: z.number().optional().describe("Max lines to scan per container (default: 500)"),
+    pattern: z.string().max(1000).describe("Regex or grep pattern to search for"),
+    containers: z.array(z.string()).max(50).optional().describe("Specific containers to search (default: all running, max: 50)"),
+    tail: z.number().max(10000).optional().describe("Max lines to scan per container (default: 500, max: 10000)"),
     since: z.string().optional().describe("Only search logs since timestamp"),
     ignore_case: z.boolean().optional().describe("Case-insensitive search (default: false)"),
 });

package/glama.json

@@ -0,0 +1,12 @@
+{
+  "$schema": "https://glama.ai/schemas/glama.json",
+  "maintainers": ["friendlygeorge"],
+  "title": "Docker MCP Server",
+  "description": "31 tools for AI agent Docker management — container lifecycle, Compose stack operations, health checks, log streaming, and fleet monitoring through the Model Context Protocol.",
+  "tags": ["docker", "containers", "mcp", "compose", "health-checks", "monitoring", "devops", "ai-agents", "typescript", "self-healing"],
+  "repository": "https://github.com/friendlygeorge/docker-mcp-server",
+  "license": "MIT",
+  "categories": ["virtualization", "developer-tools"],
+  "language": "TypeScript",
+  "runtime": "node"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@supernova123/docker-mcp-server",
-  "version": "0.2.4",
+  "version": "0.3.0",
   "mcpName": "io.github.friendlygeorge/docker-mcp-server",
   "description": "MCP server for Docker — container management, health checks, auto-restart, Compose lifecycle, and log streaming for Claude, Cursor, and AI agents",
   "type": "module",

package/src/docker.ts

@@ -56,6 +56,26 @@ export function formatImage(image: Dockerode.ImageInfo): Record<string, unknown>
   };
 }
 
+/**
+ * Sanitize tool output: strip ANSI escapes, invisible Unicode, and truncate.
+ * Prevents prompt injection via output and caps LLM context cost.
+ */
+export function sanitizeOutput(text: string, maxLength = 1_000_000): string {
+  // Strip ANSI escape codes (CSI, OSC, simple sequences)
+  text = text.replace(/\x1b\[[0-9;?]*[a-zA-Z]/g, "");
+  text = text.replace(/\x1b\][^\x07]*\x07/g, ""); // OSC terminated by BEL
+  text = text.replace(/\x1b[@-Z\\-_]/g, "");       // Single-char escapes
+  // Strip invisible Unicode (Tag chars, bidi overrides, zero-width)
+  text = text.replace(/[\u{E0000}-\u{E007F}\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF]/gu, "");
+  // Strip Docker stream-frame headers (8-byte prefix per frame)
+  text = text.replace(/^[\x00-\x0f]{8}/gm, "");
+  // Truncate to cap memory and LLM context cost
+  if (text.length > maxLength) {
+    return text.slice(0, maxLength) + `\n... [output truncated at ${maxLength} chars]`;
+  }
+  return text;
+}
+
 export function formatBytes(bytes: number): string {
   if (bytes === 0) return "0 B";
   const k = 1024;

package/src/docker.ts.bak

@@ -0,0 +1,85 @@
+import Dockerode from "dockerode";
+
+export interface DockerClientOptions {
+  socketPath?: string;
+  host?: string;
+  port?: number;
+}
+
+export function createDockerClient(options?: DockerClientOptions): Dockerode {
+  if (options?.socketPath) {
+    return new Dockerode({ socketPath: options.socketPath });
+  }
+  if (options?.host && options?.port) {
+    return new Dockerode({ host: options.host, port: options.port });
+  }
+  // Default: local socket
+  return new Dockerode({ socketPath: "/var/run/docker.sock" });
+}
+
+export function formatError(error: unknown): string {
+  if (error instanceof Error) return error.message;
+  if (typeof error === "string") return error;
+  return String(error);
+}
+
+export function formatContainer(container: Dockerode.ContainerInfo): Record<string, unknown> {
+  return {
+    id: container.Id.substring(0, 12),
+    name: container.Names[0]?.replace(/^\//, ""),
+    image: container.Image,
+    state: container.State,
+    status: container.Status,
+    created: new Date(container.Created * 1000).toISOString(),
+    ports: container.Ports.map((p) => ({
+      private: p.PrivatePort,
+      public: p.PublicPort,
+      type: p.Type,
+    })),
+    labels: container.Labels,
+    mounts: container.Mounts.map((m) => ({
+      type: m.Type,
+      source: m.Source,
+      destination: m.Destination,
+      mode: m.Mode,
+      rw: m.RW,
+    })),
+  };
+}
+
+export function formatImage(image: Dockerode.ImageInfo): Record<string, unknown> {
+  return {
+    id: image.Id.substring(0, 19),
+    tags: image.RepoTags || ["<none>:<none>"],
+    size: image.Size,
+    created: new Date(image.Created).toISOString(),
+  };
+}
+
+/**
+ * Sanitize tool output: strip ANSI escapes, invisible Unicode, and truncate.
+ * Prevents prompt injection via output and caps LLM context cost.
+ */
+export function sanitizeOutput(text: string, maxLength = 1_000_000): string {
+  // Strip ANSI escape codes (CSI, OSC, simple sequences)
+  text = text.replace(/\x1b\[[0-9;?]*[a-zA-Z]/g, "");
+  text = text.replace(/\x1b\][^\x07]*\x07/g, ""); // OSC terminated by BEL
+  text = text.replace(/\x1b[@-Z\\-_]/g, "");       // Single-char escapes
+  // Strip invisible Unicode (Tag chars, bidi overrides, zero-width)
+  text = text.replace(/[\uE0001-\uE007F\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF]/g, "");
+  // Strip Docker stream-frame headers (8-byte prefix per frame)
+  text = text.replace(/^[\x00-\x0f]{8}/gm, "");
+  // Truncate to cap memory and LLM context cost
+  if (text.length > maxLength) {
+    return text.slice(0, maxLength) + `\n... [output truncated at ${maxLength} chars]`;
+  }
+  return text;
+}
+
+export function formatBytes(bytes: number): string {
+  if (bytes === 0) return "0 B";
+  const k = 1024;
+  const sizes = ["B", "KB", "MB", "GB", "TB"];
+  const i = Math.floor(Math.log(bytes) / Math.log(k));
+  return parseFloat((bytes / Math.pow(k, i)).toFixed(2)) + " " + sizes[i];
+}

package/src/server.ts

@@ -7,12 +7,13 @@ import { registerHealthTools } from "./tools/health.js";
 import { registerLogsTools } from "./tools/logs.js";
 import { registerExecTools } from "./tools/exec.js";
 import { registerNetworkTools } from "./tools/network.js";
+import { registerVolumeTools } from "./tools/volume.js";
 import { registerMonitoringTools } from "./tools/monitoring.js";
 
 export function createServer(docker: Dockerode): McpServer {
   const server = new McpServer({
     name: "docker-mcp-server",
-    version: "0.2.0",
+    version: "0.3.0",
   });
 
   // Register all tool categories
@@ -23,6 +24,7 @@ export function createServer(docker: Dockerode): McpServer {
   registerLogsTools(server, docker);
   registerExecTools(server, docker);
   registerNetworkTools(server, docker);
+  registerVolumeTools(server, docker);
   registerMonitoringTools(server, docker);
 
   return server;