This MCP server provides Coolify 4.1.x capabilities for deploying, diagnosing, and managing apps, services, and databases. It is described as a tool-oriented interface that focuses on operational workflows across application and infrastructure components, based on the server description provided for io.github.clezcoding/awesome-coolify.
🛠️ Key Features
Coolify 4.1.x integration
Deploy apps and services
Diagnose application/service issues
Manage databases
🚀 Use Cases
Deploy and manage apps on Coolify 4.1.x
Troubleshoot (“diagnose”) running services
Oversee database management alongside services and apps
⚡ Developer Benefits
Targeted operations for apps, services, and databases
Aligned with Coolify versioning (4.1.x)
⚠️ Limitations
Only Coolify 4.1.x is explicitly indicated in the provided description
No additional tool counts, topics, or technical details were supplied
awesome-coolify-mcp — a friendly mascot next to a glowing dashboard showing a server fleet, a terminal, a deploy arrow, and a safety shield
awesome-coolify-mcp
One MCP server. Every self-hosted Coolify instance you own.
Verify connectivity, discover your fleet, deploy, tail logs, diagnose incidents, and run gated emergency ops —
straight from Cursor, Claude, VS Code, Windsurf, or any MCP-speaking agent.
Self-hosted Coolify is one of the best open-source alternatives to Heroku/Vercel-style PaaS platforms — but wiring it up to an AI coding agent has historically meant piecing together several small, overlapping community MCP integrations, each with its own schema, its own error format, and its own idea of what "safe" looks like.
awesome-coolify-mcp replaces that patchwork with a single, community-maintained MCP server that speaks Coolify's REST API 4.1.x through a clean, action-based tool surface. Source, docs, and npm distribution live in one public repo — clezcoding/awesome-coolify — while the installable package stays awesome-coolify-mcp. Instead of memorizing dozens of near-identical tool names, your agent calls domain tools with an action field:
Under the hood, every call goes through the same request pipeline: Zod-validated input, retrying HTTP client, secret-aware output masking, and structured error envelopes with recovery hints — so your agent fails gracefully instead of guessing.
NOTE
This is a community project built for people who run their own Coolify instances. It is not affiliated with or endorsed by Coolify Labs.
🆚 Why awesome-coolify-mcp
Typical setup without it
With awesome-coolify-mcp
Several overlapping community MCP tools, each with its own schema
One server, one consistent schema
Dozens of granular, single-purpose tools per resource
Default secret masking + confirmation gates on destructive actions
Read a wall of raw JSON to find what changed
Bounded, paginated projections tuned for LLM context windows
Today, the focus covers day-2 operations plus growing infrastructure CRUD: verify connectivity, discover your fleet, deploy, pull logs, diagnose incidents, run gated emergency ops — and manage SSH keys, servers, projects, and environments. Full CRUD for applications, services, and databases is next — see Coming soon.
✨ Features
Action-based tools across 14 domains — call application({ action: "deploy", uuid }) instead of hunting through dozens of tool names. Domains span ops (system, resource, diagnose, application, deployment, service, database, emergency), infrastructure CRUD (private_key, server, project, environment), plus docs and meta.
Ops workflows that mirror real incidents — a single system.infrastructure_overview call for the big picture, fuzzy resource.find when you only remember a name or domain, diagnose.app / diagnose.server for a specific suspect, and diagnose.scan when you just know something is wrong fleet-wide.
Deploy lifecycle that agents can actually drive — start/stop/restart, deploy with optional wait-and-poll or force rebuild, list/get/cancel deployments, and bounded runtime or build logs that won't blow your context window.
Service & database lifecycle — start/stop/restart/get, plus service redeploy with an optional fresh image pull.
Safety by default, not by convention — emergency mutations require an explicit confirm: true; sensitive keys (password, token, secret, private, env) render as *** unless you opt in with reveal: true.
Agent-friendly failure modes — every error is a parseable envelope with a code, a human message, and recoveryHints; transient network/429/5xx failures retry automatically with exponential backoff.
Broad client coverage out of the box — Cursor, VS Code / GitHub Copilot, Claude Desktop, Claude Code, Windsurf, and 15+ more via the install configurator.
🏗️ How it works
Architecture: MCP clients talk to awesome-coolify-mcp's domain tools, which talk to the Coolify REST API 4.1.x
The server itself is intentionally boring: it holds no long-lived state and never touches your IDE's config files. Your MCP host (Cursor, Claude, VS Code, …) injects COOLIFY_URL and COOLIFY_TOKEN through its MCP config's env block; the process reads them from its environment (or an optional local .env when you run it directly from the CLI) and forwards authenticated requests to your Coolify instance over HTTPS.
Run it directly with npx — no global install needed:
bash
npx -y awesome-coolify-mcp
Wire the two required environment variables into your MCP host (see Install for every client). Once connected, a minimal smoke test looks like this:
js
meta({ action: "version" }) // server identity — no Coolify callsystem({ action: "verify" }) // authenticate + connectivity checksystem({ action: "infrastructure_overview" }) // servers, projects, apps, services, DBs at a glance
IMPORTANT
Emergency actions (stop_all, redeploy_project, restart_project) require confirm: true. Call them withoutconfirm first — you'll get a would_affect preview and no mutation runs. Only pass reveal: true when you genuinely need plaintext secrets back.
📦 Install
There are three equally supported paths — pick whichever fits your workflow.
1. One-click deeplink
Best when you already have your Coolify URL and token handy. Placeholder credentials work fine too — you'll be prompted to fill them in, or you can swap them afterwards.
How these links work (click to expand)
Both editors implement a protocol handler that reads a JSON server configuration straight out of the URL:
Client
Scheme
Encoding
Cursor
cursor://anysphere.cursor-deeplink/mcp/install?name=…&config=… (mirrored at https://cursor.com/en/install-mcp?… for a friendlier landing page)
config is base64-encoded JSON
VS Code / Copilot
vscode:mcp/install?name=…&config=…
config is URL-encoded JSON
Clicking the button opens your editor, shows the server it's about to add, and lets you review or edit the command/env before accepting — nothing is installed silently.
2. Install configurator (GitHub Pages)
Use the browser configurator to type in your real COOLIFY_URL / COOLIFY_TOKEN and generate a ready-to-paste snippet for your exact client — JSON, TOML, or YAML depending on what that client expects.
Everything runs client-side in your browser. Your token is never sent to a backend, logged, or stored anywhere but the config file you paste it into.
3. Manual MCP config
Paste this into your host's MCP configuration file. Cursor example (~/.cursor/mcp.json for global, or .cursor/mcp.json in a project):
Native inputs prompts for URL/token — no plaintext in the file
Claude Desktop
claude_desktop_config.json
Manual JSON or configurator output today
Claude Code
~/.claude.json or .mcp.json
stdio via npx -y awesome-coolify-mcp
Windsurf
~/.codeium/windsurf/mcp_config.json
Same npx + env pattern as Cursor
The install configurator covers a much wider matrix — OpenCode, Codex CLI, Gemini CLI, Cline, Kilo Code, Goose, LM Studio, Hermes Agent, Kimi Code, Google Antigravity, OpenClaw, and more — with the correct config shape for each.
NOTE
Claude Desktop currently ships as manual JSON / configurator output only — a dedicated .mcpb bundle is on the roadmap (see Coming soon).
🔐 Environment variables
Variable
Required
Default
Description
COOLIFY_URL
yes
—
Coolify base URL, no trailing slash — e.g. https://coolify.example.com
COOLIFY_TOKEN
yes
—
Bearer API token, scoped to your team
COOLIFY_VERIFY_SSL
no
true
Set to false only for self-signed certs on local/dev instances
COOLIFY_MCP_LOG
no
info
Log verbosity: debug · info · error
Credentials are read from the process environment (your IDE's MCP env block) or an optional local .env file when running the CLI directly. They are never echoed back inside tool responses.
🧰 Tools reference
Every domain is exposed as one MCP tool with an action discriminator, so your agent's tool list stays short while the capability surface stays wide.
Manage Coolify private keys with PEM content masked by default.
Action
Purpose
list / get
List or fetch a key (PEM masked unless reveal: true)
create / update
Add or rotate SSH keys
delete / delete_preview
Remove a key, or preview dependents before delete
🖧 server — server CRUD & validation
Action
Purpose
get
Server details, domains, and reachability
create / update
Register or reconfigure a server
validate
Trigger Coolify's server validation check
delete / delete_preview
Remove a server, or preview dependents first
📁 project — project CRUD
Action
Purpose
list / get
Discover or inspect projects
create / update
Stand up or rename projects
delete / delete_preview
Delete a project, or preview blast radius first
🌍 environment — environment CRUD
Action
Purpose
list / get
List or inspect environments inside a project
create
Add a new environment to a project
delete / delete_preview
Remove an environment, or preview dependents first
📚 docs — offline guides
Action
Purpose
search
Search a bundled, curated Coolify troubleshooting index — not a live web fetch, so it works offline and can't be used as an external fetch vector
🚨 emergency — high-impact ops (gated)
Reach for these only when you mean it — every action below is behind a confirmation gate.
Action
Purpose
stop_all
Stop every running application, fleet-wide — requires confirm: true
redeploy_project
Redeploy every app in a project — requires confirm: true
restart_project
Restart every app in a project — requires confirm: true
🛡️ Safety model
Confirmation gate
Destructive emergency actions follow a strict two-step pattern:
Call with confirm omitted or false → you get back a would_affect preview and error code COOLIFY_CONFIRM_REQUIRED — nothing is mutated.
Call again with confirm: true → the action actually executes.
Regular app/service/database mutations (start, stop, deploy, …) are not behind this gate — they simply follow Coolify's own API semantics, since they're scoped to one resource rather than your whole fleet.
Secret masking
Keys matching password, token, secret, private, or env render as *** by default in tool output.
Pass reveal: true only when you explicitly need plaintext — for example, to copy an env var into another system.
Log line bodies are not masked. Treat raw logs like you would any other sensitive output: don't paste them into long-lived agent memory or public tickets.
⚠️ Structured errors & retries
Every API failure comes back as a parseable envelope your agent can reason about, instead of a raw stack trace:
json
{"code":"COOLIFY_401","message":"Unauthorized — invalid or expired API token","recoveryHints":["Verify the token in Coolify UI → Keys & Tokens","Ensure the token has the required team permissions"],"httpStatus":401}
Code
Meaning
COOLIFY_401
Invalid or missing token
COOLIFY_404
Resource not found
COOLIFY_422
Validation error
COOLIFY_500
Coolify server error
COOLIFY_NETWORK
Connection failed
COOLIFY_TIMEOUT
Request timed out
COOLIFY_CONFIRM_REQUIRED
Emergency preview — pass confirm: true to proceed
COOLIFY_AMBIGUOUS_MATCH
Name matched multiple resources — pick a UUID from the ranked list
Transient failures (HTTP 429, 5xx, or network errors) retry automatically up to 3 times with exponential backoff (1s → 2s → 4s) before giving up and returning the error to your agent.
npm distribution + install configurator for 15+ clients
✅ Shipped
Service/database log tailing is temporarily on hold — Coolify 4.1.x's REST API doesn't expose a /services/{uuid}/logs or /databases/{uuid}/logs endpoint yet (the fix has merged upstream but isn't backported to 4.1.x). It'll ship the moment the endpoint is reachable, with no half-working stub in the meantime.
🔮 Coming soon
The next milestone focuses on creation for workloads, not just infrastructure scaffolding — turning awesome-coolify-mcp into a tool that can stand up new applications, services, and databases from scratch, not only manage what already exists. Planned areas, roughly in order of priority:
Full CRUD for applications, services, and databases — create, update, and delete, not just start/stop/deploy
Environment variable management — read, write, bulk-sync from a local .env
One-click services — full service catalog with compose YAML, storage, and env configuration
Database backups — schedules, executions, and on-demand triggers