Skip to main content
The platform MCP server gives AI agents full programmatic access to CNAP — managing clusters, deploying products, monitoring infrastructure, and automating operations through the same API that powers the dashboard. 
https://dash.cnap.tech/mcp
Authentication uses OAuth 2.1 with PKCE. MCP clients that support the MCP authorization spec handle this automatically.
This is the platform MCP server for managing CNAP resources. For the documentation MCP server used to search docs, see Documentation MCP.

Why Code Mode

Most MCP servers register one tool per API endpoint — list-clusters, get-install, create-product, and so on. As the API grows, the tool list explodes, eating context window tokens and requiring constant maintenance. Code Mode (also called programmatic tool calling) replaces hundreds of individual tools with just two:
  1. search — discover endpoints by querying the OpenAPI spec
  2. execute — call endpoints by writing JavaScript against a typed API client
The agent writes code to make API calls, chain results, and filter data — all in a single tool invocation. A single execute call can fan out dozens of internal API requests in parallel, aggregate results, and return a summary. Less token overhead, fewer round trips, and zero maintenance when the API evolves. Inspired by CodeAct, this works because LLMs are better at writing code than making individual tool calls — they have seen millions of lines of real-world code but only contrived tool-calling examples.

CodeAct

Apple ML research on LLM code generation for tool use

Code Mode

Cloudflare’s introduction of the pattern

PTC

Anthropic’s recommended approach
CNAP’s implementation uses the open-source cnap-tech/codemode library.

How It Works

Tools

Discover available API endpoints by querying the OpenAPI spec. The agent writes a JavaScript function that receives the full spec as spec: 
// List all endpoints
async () => {
  const results = [];
  for (const [path, methods] of Object.entries(spec.paths)) {
    for (const [method, op] of Object.entries(methods)) {
      results.push({ method: method.toUpperCase(), path, summary: op.summary });
    }
  }
  return results;
}

execute

Call API endpoints by writing JavaScript that uses cnap.request(). The agent discovers endpoints with search first, then calls them: 
// List all workspaces
async () => {
  const res = await cnap.request({ method: "GET", path: "/v1/workspaces" });
  return res.body;
}

// Chain calls: find a workspace, then list its clusters
async () => {
  const ws = await cnap.request({ method: "GET", path: "/v1/workspaces" });
  const first = ws.body.data[0];
  const clusters = await cnap.request({
    method: "GET",
    path: "/v1/clusters",
    headers: { "X-Workspace-Id": first.id }
  });
  return { workspace: first.name, clusters: clusters.body.data };
}
Authentication is handled automatically — the agent cannot set or read the Authorization header. All requests run inside a sandboxed V8 isolate.

Kubernetes Access

The API includes a transparent Kubernetes proxy and a command execution endpoint, giving agents direct access to cluster resources — pod logs, resource listing, API discovery, and running commands.

Kubernetes Access Guide

Learn how agents use the kube proxy and exec endpoints with full examples

Resources & Prompts

The MCP server also exposes resources and prompts:
TypeNameDescription
Resourcecnap://user/profileCurrent authenticated user info
Promptinfrastructure-overviewAnalyze clusters, installs, and products in a workspace
Promptdeployment-statusCheck deployment health and identify issues
Both prompts accept a workspaceId argument.

Security

All agent-generated code runs in a sandboxed V8 isolate with strict resource limits — there is no access to Node.js APIs, the filesystem, or the network beyond the CNAP API.
  • No auth access — the sandbox cannot read or set the Authorization header; auth is injected server-side
  • Memory limit — 64 MB per isolate
  • CPU timeout — 30 seconds
  • Request limit — 50 API calls per execution
  • Response limit — 10 MB max response size
  • In-process routing — requests never leave the server

Code Mode in Action

See real examples of agents composing complex operations

Kubernetes Access

Kube API proxy, pod logs, and command execution

Documentation MCP

Search and query CNAP docs in real-time

Quick Setup

Configure your AI tool to connect in under a minute