Most ArgoCD MCP servers hardcode a handler per endpoint. That eats a ton of context window for what's essentially an API wrapper — and it still only covers a fraction of the API.
So I took the approach Cloudflare used for their 2500+ endpoint MCP server: read the OpenAPI spec at startup, expose everything through just search and execute. 103+ endpoints, 2 tools, ~200 tokens of system prompt.
he LLM searches for the right endpoint by keyword (or optional semantic search via Ollama), gets back the method/path/params, then calls it through a generic proxy. No code per endpoint. New ArgoCD version? Restart the server.
Two auth modes: static token for local dev, or OAuth via ArgoCD's built-in Dex for per-user RBAC. There's also a read-only flag that hides and blocks all write operations — useful for letting LLMs observe your cluster/apps without touching anything.
Happy to hear feedback — issues and suggestions welcome on the repo.
mholleville•1h ago
So I took the approach Cloudflare used for their 2500+ endpoint MCP server: read the OpenAPI spec at startup, expose everything through just search and execute. 103+ endpoints, 2 tools, ~200 tokens of system prompt.
he LLM searches for the right endpoint by keyword (or optional semantic search via Ollama), gets back the method/path/params, then calls it through a generic proxy. No code per endpoint. New ArgoCD version? Restart the server.
Two auth modes: static token for local dev, or OAuth via ArgoCD's built-in Dex for per-user RBAC. There's also a read-only flag that hides and blocks all write operations — useful for letting LLMs observe your cluster/apps without touching anything.
Happy to hear feedback — issues and suggestions welcome on the repo.