InfraClaude

Give Claude superpowers over your infrastructure — MCP Server for Kubernetes, Docker, Terraform, Prometheus, and Security tools.

CI License: MIT MCP Compatible TypeScript

InfraClaude is an MCP (Model Context Protocol) server that exposes infrastructure management tools to Claude. Through InfraClaude, Claude Code can query Kubernetes clusters, manage Docker containers, check Prometheus metrics, run Terraform plans, and perform security scans — all through natural language.

Architecture

┌─────────────────────────────────────────────────────────┐
│                Claude Code / Claude Desktop              │
│                                                          │
│  User: "Check if any pods are crashlooping"             │
│                         │                                │
│                    MCP Client                            │
└─────────────────────────┼────────────────────────────────┘
                          │ MCP Protocol (stdio)
                          ▼
┌─────────────────────────────────────────────────────────┐
│                 InfraClaude MCP Server                    │
│                                                          │
│  ┌───────────┐ ┌──────────┐ ┌────────────┐             │
│  │ Kubernetes │ │  Docker  │ │ Prometheus │             │
│  │  16 tools  │ │  9 tools │ │  5 tools   │             │
│  └───────────┘ └──────────┘ └────────────┘             │
│  ┌───────────┐ ┌──────────┐ ┌────────────┐             │
│  │ Terraform │ │ Security │ │   System   │             │
│  │  5 tools  │ │  3 tools │ │  4 tools   │             │
│  └───────────┘ └──────────┘ └────────────┘             │
│                                                          │
│  Safety Layer: Command Guard → RBAC → Audit Logger      │
└─────────────────────────────────────────────────────────┘

Plus: Claude Code Hooks + Custom Skills

Features

• 42+ infrastructure tools across Kubernetes, Docker, Prometheus, Terraform, Security, and System
• Safety-first design — 4-tier risk classification (Safe → Caution → Dangerous → Blocked)
• Audit logging — every operation logged for compliance
• Claude Code hooks — pre/post tool-use safety checks and automation
• Custom skills — K8s troubleshooting, incident response, Docker debugging, security review
• MCP resources — cluster info, service health, infrastructure summary
• MCP prompts — guided troubleshooting, capacity planning, security audit workflows

Quick Start

# Clone and build
git clone https://github.com/batu-sonmez/infraclaude.git
cd infraclaude
npm install
npm run build

# Add to Claude Code (~/.claude/claude_code_config.json)
{
  "mcpServers": {
    "infraclaude": {
      "command": "node",
      "args": ["/path/to/infraclaude/dist/index.js"],
      "env": {
        "KUBECONFIG": "~/.kube/config",
        "PROMETHEUS_URL": "http://localhost:9090"
      }
    }
  }
}

Then in Claude Code:

"Show me all pods in production"
"Why is my pod crashing?"
"Run a security audit on the default namespace"
"What's the CPU usage of my cluster?"
"Scan the nginx:latest image for vulnerabilities"

Demo

Set up a local demo environment with intentionally broken pods:

make demo-setup

Then try the demo scenarios.

Safety Model

InfraClaude classifies every operation by risk level:

Level	Action	Example
Safe	Always allowed	k8s_get_pods, prom_instant_query
Caution	Allowed with warning	k8s_scale_deployment
Dangerous	Requires confirmation	k8s_delete_pod
Blocked	Never allowed	k8s_delete_namespace, terraform_apply

System namespaces (kube-system, kube-public) have additional protections.

See Safety Documentation for details.

Documentation

• Setup Guide
• Tools Reference — all 42+ tools documented
• Safety Model
• Hooks Guide
• Skills Guide

Tech Stack

Component	Technology
MCP Server	TypeScript + @modelcontextprotocol/sdk
Kubernetes	@kubernetes/client-node
Docker	dockerode
Prometheus	Native fetch API
Terraform	CLI wrapper
Security	Trivy, Gitleaks CLI
Testing	Vitest
CI/CD	GitHub Actions

License

MIT — see LICENSE.