Argo CD MCP Server
MCP server for Argo CD GitOps continuous delivery on Kubernetes
Score Breakdown
Server Info
- Package
- argocd-mcp
- Registry
- npm
- Repository
- argoproj-labs/mcp-for-argocd
- Maintainer
- Community
- Category
- Cloud & Infrastructure
- Tags
- gitopskubernetescd
- Last Scanned
- 7 Apr 2026
Findings
4 issuesAuthentication & Identity
MEDIUMHTTP/SSE transport supports per-request credentials
Supports stdio, SSE, and Streamable HTTP transports. Auth is via ARGOCD_API_TOKEN env var or x-argocd-api-token/x-argocd-base-url request headers for HTTP/SSE modes. No MCP OAuth implementation. Has a MCP_READ_ONLY env var that disables all write tools when set to true.
Implement the MCP OAuth spec so users authenticate directly without platform mediation.
Tool Schema Quality
CRITICALDangerous execution surface: run_resource_action allows executing arbitrary named actions on Kubernetes resources
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
LLM Safety
MEDIUM1 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
Data Exposure
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Tools
15 total| Name | Description | Risk |
|---|---|---|
| list_applications | list_applications returns list of applications | read |
| list_clusters | list_clusters returns list of clusters registered with ArgoCD | read |
| get_application | get_application returns application by application name. Optionally specify the application namespace to get applications from non-default namespaces. | read |
| get_application_resource_tree | get_application_resource_tree returns resource tree for application by application name. Optionally specify the application namespace to get resource tree from applications in non-default namespaces. | read |
| get_application_managed_resources | get_application_managed_resources returns managed resources for application by application name with optional filtering. Use filters to avoid token limits with large applications. Examples: kind="ConfigMap" for config maps only, namespace="production" for specific namespace, or combine multiple filters. | read |
| get_application_workload_logs | get_application_workload_logs returns logs for application workload (Deployment, StatefulSet, Pod, etc.) by application name and resource ref and optionally container name | read |
| get_application_events | get_application_events returns events for application by application name. Optionally specify the application namespace to get events from applications in non-default namespaces. | read |
| get_resource_events | get_resource_events returns events for a resource that is managed by an application | read |
| get_resources | get_resources return manifests for resources specified by resourceRefs. If resourceRefs is empty or not provided, fetches all resources managed by the application. | read |
| get_resource_actions | get_resource_actions returns actions for a resource that is managed by an application | read |
| create_application | create_application creates a new ArgoCD application in the specified namespace. The application.metadata.namespace field determines where the Application resource will be created (e.g., "argocd", "argocd-apps", or any custom namespace). | write |
| update_application | update_application updates application | write |
| delete_application | delete_application deletes application. Specify applicationNamespace if the application is in a non-default namespace to avoid permission errors. | admin |
| sync_application | sync_application syncs application. Specify applicationNamespace if the application is in a non-default namespace to avoid permission errors. | write |
| run_resource_action | run_resource_action runs an action on a resource | admin |
Deploy Argo CD MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow