// the find
argoproj-labs/mcp-for-argocd
An implementation of Model Context Protocol (MCP) server for Argo CD.
An MCP server that exposes Argo CD operations as tools for AI assistants like Claude and Copilot. You point it at your Argo CD instance, and your AI chat client can list apps, trigger syncs, fetch logs, and inspect resource trees through natural language. Donated by the Akuity team and now under the argoproj-labs umbrella.
The token security model is genuinely well-thought-out: the default token is hard-bound to the default base URL so a prompt-injected model can't exfiltrate it to an attacker-controlled host. The multi-instance token registry via a JSON file (not env vars) is the right call for K8s deployments where secrets are mounted volumes. Stateless mode for horizontal scaling is present and correct — sessions in a load-balanced deployment are a common footgun that's pre-empted here. Read-only mode via a single env var is a clean escape hatch for teams that want AI visibility without write access.
The tool surface is write-capable by default with no confirmation step — an AI with a bad prompt can delete or sync an application in one tool call, and read-only mode requires an operator to know to set it. Types are generated from a pinned swagger.json (v2.14.11 in the docs) and require a manual regeneration step with each ArgoCD upgrade, which means they will drift. There's one test file for the server and one for the token registry — the actual ArgoCD client code has no tests, so breakage in the HTTP layer would only surface at runtime. No support for SSO or OIDC flows; token-only auth means teams using Dex or any federated identity have to create a dedicated service account token out-of-band.