16 tools from the Docker MCP Server, categorised by risk level.
View the Docker policy →compose-down Stops Docker Compose services and returns structured status. compose-logs Retrieves Docker Compose service logs as structured entries. 2/5 compose-ps Lists Docker Compose services with structured state and status information. 2/5 compose-up Starts Docker Compose services and returns structured status. 2/5 images Lists Docker images with structured repository, tag, size, and creation info. inspect Shows detailed container or image information with structured state, image, and platform data. 2/5 logs Retrieves container logs as structured line arrays. network-ls Lists Docker networks with structured driver and scope information. 2/5 ps Lists Docker containers with structured status, ports, and state information. pull Pulls a Docker image from a registry and returns structured result with digest info. stats Returns a snapshot of container resource usage (CPU, memory, network/block I/O, PIDs) as structured data. volume-ls Lists Docker volumes with structured driver, mountpoint, and scope information. 2/5 build Builds a Docker image and returns structured build results including image ID, duration, and errors. 4/5 compose-build Builds Docker Compose service images and returns structured per-service build status. 4/5 exec Executes arbitrary commands inside a running Docker container and returns structured output. WARNING: may execute untrusted code. 5/5 run Runs a Docker container from an image and returns structured container ID and status. 5/5 The Docker MCP server exposes 16 tools across 2 categories: Read, Execute.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Docker server.
Docker tools are categorised as Read (12), Execute (4). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept