MCP Directory

Jenkins MCP Server Plugin

Official

Official Jenkins plugin that turns your controller into an MCP server — agents query jobs, trigger builds, read logs.

Unverified
HTTP (remote)
API key
Java

Add to your client

Copy the config for your MCP client and paste it into its config file.

Install / run
claude mcp add jenkins http://jenkins-host/mcp-server/mcp --transport http --header "Authorization: Basic <user:token base64>"

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "jenkins-mcp-server-plugin": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote",
        "https://<your-jenkins-host>/mcp-server/mcp",
        "--header",
        "Authorization: Basic <base64 of username:api-token>"
      ]
    }
  }
}

Claude Desktop connects to remote servers through the `mcp-remote` proxy (installed on first run via npx). Restart Claude Desktop after saving.

Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf

Before you start

  • Jenkins 2.533 or newer with the MCP Server plugin installed from the Plugin Manager
  • A Jenkins API token: user icon → Security → Add new token
  • Base64-encode username:token for the Authorization header (echo -n "<username>:<token>" | base64)

About Jenkins MCP Server Plugin

The plugin embeds an MCP server directly in the Jenkins controller: an Endpoint component handles transport and routing, DefaultMcpServer contributes the built-in tools, and McpToolWrapper turns annotated Java methods into MCP tools. Installation is the whole setup — endpoints and tools register automatically, and behavior is tuned through system properties (log-line limits, keep-alive interval, per-transport disable flags).

Three transports ship enabled: streamable HTTP at /mcp-server/mcp (recommended — handles connection issues most gracefully), SSE at /mcp-server/sse (the README notes GitHub Copilot currently works better here), and a stateless endpoint at /mcp-server/stateless for clients that make independent requests without sessions. Connection resilience got real engineering attention: 30-second keep-alives, an unauthenticated /mcp-health endpoint returning 503 with Retry-After during shutdown, an authenticated /mcp-server/metrics endpoint, and documented Jetty (--httpKeepAliveTimeout=600000) and Nginx timeout settings to avoid proxies killing long-lived streams.

The build-log tooling is the standout for agent use: getBuildLog reads non-blocking snapshots of in-progress builds with cursor pagination (every response carries a nextCursor bound to that job+build), supports end-relative reads via negative skip/limit, and searchBuildLog scans for string or regex matches with a maxMatches cap — practical when an agent needs the failing stanza of a 100k-line log without blowing its context. rebuildBuild, getReplayScripts, and replayBuild close the loop by letting the agent re-run a Pipeline with an edited script.

Trade-offs: it runs inside the controller, so a misconfigured agent hits your CI directly with the token user's permissions — scope a dedicated user if you can. Origin-header validation is off by default (for agent compatibility) and must be enabled explicitly for production. There's no job create/delete tooling, which is arguably a feature.

Tools & capabilities (18)

getJob

Get a Jenkins job by its full path

getJobs

Paginated list of Jenkins jobs sorted by name

triggerBuild

Trigger a build, with JSON parameters for parameterized jobs

getQueueItem

Get information about a queued item by ID

getBuild

Retrieve a specific build or the last build of a job

updateBuild

Update a build's display name and/or description

getBuildLog

Read build log lines with cursor pagination and end-relative reads

searchBuildLog

Search build logs for a string or regex pattern

rebuildBuild

Re-run a build with the same parameters

getReplayScripts

Get main and loaded scripts of a replayable Pipeline build

replayBuild

Run a Pipeline build again with a modified script

getTestResults

Retrieve test results of a specific or last build

getJobScm

SCM configuration of a Jenkins job

getBuildScm

SCM configuration of a specific build

getBuildChangeSets

Change log sets of a specific build

findJobsWithScmUrl

Find jobs using a specific git repository URL

whoAmI

Information about the current authenticated user

getStatus

Health and readiness status of the Jenkins instance

When to use it

  • Debug a failing build in chat: fetch the build, search its log for the error, pull test results and change sets
  • Trigger parameterized builds with branch/env parameters from your IDE agent
  • Replay a Pipeline with an agent-edited Jenkinsfile script to verify a fix before committing
  • Map which jobs build a given repository with findJobsWithScmUrl during migrations

Quick setup

  1. 1Install the "MCP Server" plugin from the Jenkins Plugin Manager (requires Jenkins 2.533+); no further configuration is needed
  2. 2Generate an API token: user icon → Security → Add new token, and copy it immediately
  3. 3Encode credentials: echo -n "<username>:<token>" | base64
  4. 4Point your MCP client at https://<jenkins-host>/mcp-server/mcp with header Authorization: Basic <encoded> (use /mcp-server/sse for GitHub Copilot)
  5. 5Test with "get the last build status of job <name>"

Security notes

Endpoints honor normal Jenkins authentication — the base64 user:token in the Authorization header is encoding, not encryption, and grants that user's full permissions including triggering builds and replaying Pipeline scripts. In production, enable Origin validation (requireOriginMatch / requireOriginHeader system properties) and raise keep-alive and reverse-proxy timeouts per the README; the /mcp-health endpoint is intentionally unauthenticated but exposes only status counts.

Jenkins MCP Server Plugin FAQ

Is the Jenkins MCP plugin official and safe to expose?

It's maintained in the jenkinsci GitHub org under MIT and reuses Jenkins' own authentication — nothing is anonymous except the lightweight /mcp-health status endpoint. Treat the base64 Authorization value like a password, use a least-privilege Jenkins user for the token, and turn on the Origin-validation system properties in production.

Which endpoint should my client use — streamable HTTP, SSE, or stateless?

Streamable HTTP at /mcp-server/mcp for almost everything — the README recommends it for connection reliability. Use /mcp-server/sse for GitHub Copilot (known issues with streamable there) and /mcp-server/stateless for clients that make independent, sessionless requests.

Can it modify my Jenkins instance?

It can trigger, rebuild, and replay builds and update build display names/descriptions — all as the API-token user, so Jenkins permissions are the control point. It has no tools to create or delete jobs, change system configuration, or manage credentials.

Alternatives to Jenkins MCP Server Plugin

Compare all alternatives →

GitHub's official server for repos, issues, PRs, and Actions — local Docker or hosted remote.

Featured
Verified
stdio (local)
API key
Go
7 tools
Updated 20 days agoRepo

Official AWS Labs server that lets agents call any AWS API via the AWS CLI surface.

Verified
stdio (local)
API key
Python
3 tools
Updated 22 days agoRepo

Bulk Kubernetes port forwarding with an MCP server that lets AI assistants forward services, inspect pods, and monitor traffic.

Unverified
stdio (local)
No auth
Go
28 tools
Updated 14 days agoRepo