freshcrate
Skin:/
Language:English/įŽ€äŊ“中文
Home > MCP Servers > ProxmoxMCP-Plus

ProxmoxMCP-Plus

Enhanced Proxmox MCP server with advanced virtualization management and full OpenAPI integration.

python
Why this rank:Strong adoptionRecent releaseHealthy release cadence

Description

Enhanced Proxmox MCP server with advanced virtualization management and full OpenAPI integration.

README

ProxmoxMCP-Plus

ProxmoxMCP-Plus Logo

Open-source MCP server for Proxmox VE automation.
This repository provides a secure control plane for VM and container lifecycle operations, plus an OpenAPI bridge for integrations.

Documentation strategy: this README is the stable entrypoint, while detailed runbooks and references live in Wiki. This keeps onboarding fast while preserving operational depth in one canonical location.

Quick Start | Security | API Reference | Troubleshooting

1) Project Positioning and Value

ProxmoxMCP-Plus is designed for teams that need:

  • Reliable MCP-native automation for Proxmox clusters
  • Operationally safe execution paths with policy controls
  • Integration flexibility across MCP clients and HTTP/OpenAPI consumers
  • A documentation model where README stays concise and Wiki carries deep guidance

This project builds on canvrno/ProxmoxMCP, and extends it for enterprise-oriented deployment and operations.

Target audience:

  • Platform engineering teams operating Proxmox at scale
  • AI platform teams exposing virtualization controls to assistant workflows
  • Infrastructure teams requiring auditable and policy-aware automation

2) Architecture and Capability Overview

High-level architecture:

  • MCP Server: stdio MCP interface for assistants and MCP clients
  • Tooling Layer: VM, container, storage, snapshot, backup, and cluster operations
  • Security Layer: token auth, command policy, and scoped execution controls
  • Observability Layer: logging and health visibility
  • OpenAPI Bridge: HTTP exposure for external platforms

Capability groups:

Domain Coverage
Compute Lifecycle VM and LXC create/start/stop/reset/delete/update
Data Protection Snapshot, backup, and restore workflows
Platform Operations Node, cluster, storage, and ISO/template management
Remote Execution Optional command execution for VM and container workflows
Integrations MCP clients, OpenAPI consumers, and WebUI-based automation

Full endpoint and tool details are maintained in Wiki: API & Tool Reference.

Operational boundaries:

  • ProxmoxMCP-Plus orchestrates Proxmox operations; it does not replace cluster-level backup/HA design.
  • Security controls in this service must be paired with network segmentation and Proxmox RBAC.
  • OpenAPI exposure is intended for controlled environments, not unauthenticated public access.

3) Quick Start

Prerequisites:

  • Python 3.9+
  • uv package manager
  • Proxmox API token with required permissions

Minimal setup:

git clone https://github.com/RekklesNA/ProxmoxMCP-Plus.git
cd ProxmoxMCP-Plus
uv venv
uv pip install -e ".[dev]"

Create runtime config:

cp proxmox-config/config.example.json proxmox-config/config.json

Set required fields in proxmox-config/config.json:

  • proxmox.host
  • auth.user
  • auth.token_name
  • auth.token_value

Run MCP server:

python main.py

Optional OpenAPI mode:

docker compose up -d

Health endpoint:

curl -f http://localhost:8811/health

For production deployment details, use Operator Guide.

Validation path for first run:

  1. Start server and verify no startup auth errors.
  2. Call a read-only tool such as node or VM listing.
  3. Validate /health when OpenAPI mode is enabled.
  4. Proceed to write operations only after policy and RBAC validation.

4) Integration Entry Points

Integration expectations:

  • Keep client-specific connection settings outside committed source files.
  • Use environment-specific API keys when exposing OpenAPI.
  • Test with read-only operations before enabling lifecycle mutation workflows.

5) Security & Compliance

Security posture summary:

  • API-token based Proxmox authentication
  • Environment-aware controls (dev_mode for development-only relaxation)
  • Command execution policy and allow/deny constraints
  • Operational logging and health visibility

Security baseline, hardening checklist, and threat boundaries are documented in Security Guide.

Minimum production controls:

  • Enforce security.dev_mode=false
  • Restrict ingress to trusted networks or VPN paths
  • Terminate TLS at an approved reverse proxy
  • Rotate API credentials regularly and monitor denied operations

6) Contributing / Development

Developer workflow:

pytest
ruff .
mypy .
black .

Contribution standards, local setup, and validation expectations are maintained in Developer Guide.

Pull request quality bar:

  • Behavior changes are covered by tests
  • Type and lint checks pass in CI
  • Documentation updates are included when interfaces or operations change

7) Support / FAQ

Support channels:

FAQ shortcuts:

Escalation guidance:

  • For security-sensitive incidents, collect logs and request context before remediation.
  • For breaking behavior after upgrade, compare against Release & Upgrade Notes.

8) Wiki Navigation Panel

GitHub Wiki is the source of truth for detailed documentation.
If Wiki is not enabled yet, enable it in repository settings first, then publish the seed pages from docs/wiki/.

Documentation Map

Topic What it covers Wiki link
Home Documentation landing page and navigation Home
Operator Guide Deployment, runtime operations, OpenAPI, production checklist Operator Guide
Developer Guide Local setup, coding standards, testing and release flow Developer Guide
Security Guide Auth model, command policy, hardening and audit guidance Security Guide
Integrations Guide Claude, Cline, Open WebUI, MCP transport setup Integrations Guide
API & Tool Reference Tool groups, endpoint behavior, and request notes API & Tool Reference
Troubleshooting Incident patterns, diagnostics, and recovery actions Troubleshooting
Release & Upgrade Notes Version-level changes and upgrade actions Release & Upgrade Notes

Local seed pages for Wiki bootstrap are available in docs/wiki/.

Documentation Contract

README remains intentionally concise and stable.
Detailed operational guidance, examples, and runbooks live in Wiki.

The following entry points are treated as stable documentation interfaces:

  • Quick Start: repository bootstrap and first-run verification
  • Security: baseline controls and hardening navigation
  • API Reference: tool and endpoint behavior index
  • Troubleshooting: incident diagnosis and recovery guidance

When documentation changes:

  1. Update the relevant Wiki page first.
  2. Keep README links stable unless there is a structural migration.
  3. Record version-impacting documentation updates in Release & Upgrade Notes.

License

MIT License

Release History

VersionChangesUrgencyDate
v0.5.8# ProxmoxMCP-Plus v0.5.8 Release date: 2026-06-07 ## Windows SSH Compatibility Fixes (Issue #100) This release fixes four critical bugs that prevented `execute_container_command` and `get_node_status` from working correctly on Windows 11 with Claude Code (VS Code extension). All bugs are also observable on any platform that runs the MCP server headless without a TTY. ### Bug 1 - SSH command never includes the username - **File:** `src/proxmox_mcp/tools/console/container_manager.pyHigh6/7/2026
v0.5.7# ProxmoxMCP-Plus v0.5.7 Release date: 2026-05-30 ## Visual Documentation Improvements - Replaced the README hero architecture diagram with a new publication-style SVG. - The new diagram is grounded in the actual project architecture: - MCP stdio clients - MCP Streamable HTTP at `/mcp` - OpenAPI automation through `/docs`, `/openapi.json`, `/health`, `/readyz`, and `/metrics` - FastMCP server boundary - OpenAPI proxy - built-in tool registry and domain tool plugins - command polHigh5/30/2026
v0.5.3# ProxmoxMCP-Plus v0.5.3 Release date: 2026-05-27 ## Fixes - `manifest.json` now declares all 42 tools registered at runtime, including job, VM config, container config, container IP, container command, and SSH key tools. - VM and LXC command execution logs no longer record command text, command output, or command error content by default. - OpenSSH-based LXC command execution and API SSH tunnel debug logs no longer expose full command lines or local key/known-hosts paths. - Error logging nowHigh5/27/2026
v0.5.2# ProxmoxMCP-Plus v0.5.2 Release date: 2026-05-12 ## Fixes - `retry_job` now claims a retry with an atomic SQLite status transition before replaying the operation, preventing concurrent retry requests from duplicating high-risk work. - `cancel_job` now discards stale cancel results when the backing UPID changes while the cancellation request is in flight. - `setup.py` now matches the project metadata and requires `paramiko>=5.0.0,<6.0.0`. - `update_container_ssh_keys` is now classified as a hHigh5/12/2026
v0.4.9# ProxmoxMCP-Plus v0.4.9 This release supersedes v0.4.8 with the same production reliability work plus a CodeQL-blocking log-injection fix. ## What Changed - Sanitized high-risk retry audit log values before writing them to logs, preventing forged log lines from job IDs or persisted tool names. - Kept the v0.4.8 reliability hardening: - SQLite `JobStore` WAL, busy timeout, migration tracking, indexes, SQL filtering/limits, and explicit close lifecycle. - Policy checks for high-risk job reHigh5/9/2026
v0.4.6# ProxmoxMCP-Plus v0.4.6 Released: 2026-05-02 ## Fixes - Makes `api_tunnel` effective by connecting Proxmox API calls to the configured local tunnel endpoint when the tunnel is enabled. - Refreshes persisted job records from SQLite before job reads and controls so OpenAPI `/jobs` can see jobs created by the MCP subprocess after proxy startup. - Prevents LXC creation secrets from being persisted in SQLite retry recipes when `password` or `ssh_public_keys` are provided. - Stops `rollbaHigh5/2/2026
v0.4.4īģŋ# ProxmoxMCP-Plus v0.4.4 Release date: 2026-04-28 ## Summary This maintenance release updates GitHub Actions workflow dependencies to current Node 24-compatible major versions. ## Changes - Updated checkout and Python setup actions used by CI and release workflows. - Updated artifact upload/download actions used by the PyPI publishing workflow. - Updated Docker login, metadata, and build/push actions used by the GHCR publishing workflow. ## Upgrade Notes - No runtime or config migratioHigh4/28/2026
v0.4.1# ProxmoxMCP-Plus v0.4.1 ## Highlights - Fixed MCP client examples so their default TLS settings pass startup validation. - Added `PROXMOX_DEV_MODE` to Claude Desktop, manifest, and OpenCode examples. - Cleaned up duplicated long-running job documentation in the README. - Fixed the stale `test_scripts/run_real_e2e.py` path in the README. - Added an explicit Quick Start step to copy `config.example.json` to `config.json`. ## Upgrade Notes - No runtime configuration migration is required. - IfHigh4/25/2026
v0.2.1## Why this release matters `v0.2.1` turns the project's MCP Registry path into a repeatable release workflow instead of a one-off manual step. This release is aimed at making discovery and installation more reliable across GitHub Copilot and other MCP Registry consumers. ## User-visible highlights - added `server.json` metadata for MCP Registry publication - added PyPI README ownership marker required for registry verification - aligned the published CLI entrypoint with the PyPI package namHigh4/18/2026
v0.2.0## Why this release matters `v0.2.0` makes the project easier to trust, easier to run, and easier to explain. This release is aimed at LLM, AI agent, homelab, and self-hosted users who want one Proxmox control plane for both `MCP` and `OpenAPI`. ## User-visible highlights - real Proxmox live E2E coverage for VM, LXC, snapshot, backup, restore, ISO, SSH, OpenAPI, and Docker flows - source-vs-installed-package test isolation fix so `pytest` runs against the repository `src` tree - container SSHigh4/18/2026
v0.1.0## Highlights - unify Python package metadata for proxmox-mcp-plus - add local build and release documentation - add GitHub Actions workflows for PyPI and GHCR publishingHigh4/18/2026
0.0.0No release found — using repo HEADHigh4/11/2026
main@2026-04-11Latest activity on main branchHigh4/11/2026
main@2026-04-11Latest activity on main branchHigh4/11/2026
main@2026-04-11Latest activity on main branchHigh4/11/2026
main@2026-04-11Latest activity on main branchHigh4/11/2026
main@2026-04-11Latest activity on main branchHigh4/11/2026

Dependencies & License Audit

Loading dependencies...

Similar Packages

AI-Skills🤖 Enhance AI capabilities with modular Skills that provide expert knowledge, workflows, and integrations for any project.main@2026-06-07
telegram-mcp🤖 Manage multiple Telegram accounts effortlessly with AI-driven tools for bulk messaging, scheduling, and more in one easy-to-use platform.main@2026-06-07
Enterprise-Multi-AI-Agent-Systems-🤖 Build and deploy scalable Multi-AI Agent systems with LangGraph and Groq LLMs to enhance intelligence across enterprise applications.main@2026-06-07
AIDomesticCoreAIJ🛠ī¸ Build a robust AI Kernel for stable, auditable, and sovereign AI systems, ensuring secure execution and compliance across various domains.main@2026-06-07
argus-mcp🔍 Enhance code quality with Argus MCP, an AI-driven code review server using a Zero-Trust model for safe and efficient development.main@2026-06-07

More in MCP Servers

agentroveYour own Claude Code UI, sandbox, in-browser VS Code, terminal, multi-provider support (Anthropic, OpenAI, GitHub Copilot, OpenRouter), custom skills, and MCP servers.
node9-proxyThe Execution Security Layer for the Agentic Era. Providing deterministic "Sudo" governance and audit logs for autonomous AI agents.
mcp-compressorAn MCP server wrapper for reducing tokens consumed by MCP tools.
claude-plugins-officialOfficial, Anthropic-managed directory of high quality Claude Code Plugins.