An MCP (Model Context Protocol) server that provides AI assistants with search access to Giant Swarm's public documentation and handbook.
- Search public Giant Swarm documentation
- Read and convert documentation pages to Markdown
- Support for both stdio and HTTP transports
- Fast and efficient Go implementation
- Open Settings → Tools & MCP
- Click New MCP Server
- Edit the settings like this:
"giantswarm-search": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"gsoci.azurecr.io/giantswarm/search-mcp:TAG",
"serve"
]
}or alternatively with the binary installed
"giantswarm-search": { "command": "search-mcp", "args": ["serve"] }
Make sure to adapt the version TAG to the version you intend to use. [Check here](https://oci.dag.dev/?repo=gsoci.azurecr.io%2Fgiantswarm%2Fsearch-mcp) for available versions.
### Installation
#### Using Go
```bash
go install github.com/giantswarm/search-mcp@latest
# Pull the image
docker pull gsoci.azurecr.io/giantswarm/search-mcp:TAG
# Run with stdio transport (for direct interaction)
docker run -i --rm gsoci.azurecr.io/giantswarm/search-mcp:TAG serve
# Run with HTTP transport (for network access)
docker run -d -p 8080:8080 \
gsoci.azurecr.io/giantswarm/search-mcp:TAG \
serve --transport=streamable-http --http-addr=:8080
# Check version
docker run --rm gsoci.azurecr.io/giantswarm/search-mcp:TAG versiongit clone https://github.com/giantswarm/search-mcp
cd search-mcp
make build# Run with stdio transport (default, for Cursor)
search-mcp
# or explicitly:
search-mcp serve
# Run with HTTP transport
search-mcp serve --transport=streamable-http --http-addr=:8080
# Run with debug logging
search-mcp serve --debug
# Show version
search-mcp versionThe server provides these tools to AI assistants:
Search Giant Swarm documentation (public docs from docs.giantswarm.io).
Parameters:
term(required): Search termstart_index(optional): Starting index for pagination (default: 0)size(optional): Number of results to return (default: 30)type_filter(optional): Filter by source typebreadcrumb_filter(optional): Filter by section path
Search for DevOps runbooks in the Giant Swarm intranet. Requires authentication.
Search for Ops Recipes (legacy runbooks) in the Giant Swarm intranet. Requires authentication.
Read content from Giant Swarm handbook (public, no authentication required).
Parameters:
url(required): URL from https://handbook.giantswarm.io/
Read content from Giant Swarm intranet. Requires authentication.
Parameters:
url(required): URL from https://intranet.giantswarm.io/
The MCP server supports OAuth 2.1 authentication for accessing Giant Swarm's internal resources (intranet, runbooks, ops recipes).
-
Set environment variables:
export OAUTH_ISSUER_URL=https://dex.operations.awsprod.gigantic.io export OAUTH_CLIENT_ID=searchmcp # export OAUTH_CLIENT_SECRET=<your-secret> # Optional - only if client requires a secret
-
Run in HTTP mode:
search-mcp serve --transport=streamable-http --http-addr=:8080
-
Authenticate:
- Visit http://localhost:8080/oauth/login
- Sign in with your Giant Swarm credentials
- You're authenticated!
-
Set environment variables:
export OAUTH_ISSUER_URL=https://dex.operations.awsprod.gigantic.io export OAUTH_CLIENT_ID=searchmcp # export OAUTH_CLIENT_SECRET=<your-secret> # Optional - only if client requires a secret
-
Run in stdio mode (default):
search-mcp serve
-
Authenticate when needed:
- When you use an intranet tool (like
read_intranet_url), the server will display:- A verification URL (e.g., http://localhost:8080/device)
- A device code (e.g., ABCD-EFGH)
- Visit the URL in your browser and enter the code
- Sign in with your Giant Swarm credentials
- Return to your MCP client and retry the tool
- You're now authenticated!
- When you use an intranet tool (like
Note: Stdio mode uses OAuth Device Authorization Grant (RFC 8628). The server automatically starts a background HTTP server on port 8080 for device authorization.
-
✅ Public tools (no auth required):
read_docs_index- Get index of public documentation pagesread_docs_url- Read public documentation pagesread_handbook_url- Read public handbook pagessearch_docs- Search public documentationsearch- Search public documentation
-
🔒 Intranet tools (authentication required):
read_intranet_url- Read intranet pagessearch_runbook- Search DevOps runbookssearch_ops_recipe- Search ops recipes
Tokens are encrypted and stored at:
- Linux:
~/.config/giantswarm/tokens.enc - macOS:
~/Library/Application Support/giantswarm/tokens.enc - Windows:
%APPDATA%\giantswarm\tokens.enc
Tokens are automatically refreshed before expiration.
For more details, see Authentication Guide.
--transport: Transport type -stdioorstreamable-http(default:stdio)--http-addr: HTTP server address (default::8080)--http-endpoint: HTTP endpoint path (default:/mcp)--debug: Enable debug logging--version: Show version information
None at this time.
- Verify your network connection
- Check that docs.giantswarm.io is accessible
Enable debug logging to see detailed information:
search-mcp serve --debugIf you encounter issues with the pre-built binaries:
git clone https://github.com/giantswarm/search-mcp
cd search-mcp
go build -o search-mcp .
./search-mcp versionFor development setup, building from source, and contributing:
# Clone repository
git clone https://github.com/giantswarm/search-mcp
cd search-mcp
# Install dependencies
go mod download
# Build
make build
# Run tests
make test
# Run locally
make runSee Development Guide for detailed instructions.
- Architecture - How the server works internally
- Security - Security considerations and best practices
- Development - Development setup and contribution guide
Apache License 2.0 - See LICENSE file for details.