
How to add Jenkins MCP Server Plugin to Windsurf
Official Jenkins plugin that turns your controller into an MCP server — agents query jobs, trigger builds, read logs. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 95★ · http · apikey · official
Windsurf config for Jenkins MCP Server Plugin
claude mcp add jenkins http://jenkins-host/mcp-server/mcp --transport http --header "Authorization: Basic <user:token base64>"{
"mcpServers": {
"jenkins-mcp-server-plugin": {
"serverUrl": "https://<your-jenkins-host>/mcp-server/mcp",
"headers": {
"Authorization": "Basic <base64 of username:api-token>"
}
}
}
}Remote server — no local install needed. Restart the client after saving the config.
Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the Jenkins MCP Server Plugin config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5Jenkins MCP Server Plugin's tools become available to Cascade.
Before you start
- Jenkins 2.533 or newer with the MCP Server plugin installed from the Plugin Manager
- A Jenkins API token: user icon → Security → Add new token
- Base64-encode username:token for the Authorization header (echo -n "<username>:<token>" | base64)
What Jenkins MCP Server Plugin can do in Windsurf
getJobGet a Jenkins job by its full path
getJobsPaginated list of Jenkins jobs sorted by name
triggerBuildTrigger a build, with JSON parameters for parameterized jobs
getQueueItemGet information about a queued item by ID
getBuildRetrieve a specific build or the last build of a job
updateBuildUpdate a build's display name and/or description
getBuildLogRead build log lines with cursor pagination and end-relative reads
searchBuildLogSearch build logs for a string or regex pattern
Security
Endpoints honor normal Jenkins authentication — the base64 user:token in the Authorization header is encoding, not encryption, and grants that user's full permissions including triggering builds and replaying Pipeline scripts. In production, enable Origin validation (requireOriginMatch / requireOriginHeader system properties) and raise keep-alive and reverse-proxy timeouts per the README; the /mcp-health endpoint is intentionally unauthenticated but exposes only status counts.
Jenkins MCP Server Plugin + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the Jenkins MCP Server Plugin config there under the "mcpServers" key and restart the client.
Is Jenkins MCP Server Plugin safe to use with Windsurf?
Endpoints honor normal Jenkins authentication — the base64 user:token in the Authorization header is encoding, not encryption, and grants that user's full permissions including triggering builds and replaying Pipeline scripts. In production, enable Origin validation (requireOriginMatch / requireOriginHeader system properties) and raise keep-alive and reverse-proxy timeouts per the README; the /mcp-health endpoint is intentionally unauthenticated but exposes only status counts.
Is the Jenkins MCP plugin official and safe to expose?
It's maintained in the jenkinsci GitHub org under MIT and reuses Jenkins' own authentication — nothing is anonymous except the lightweight /mcp-health status endpoint. Treat the base64 Authorization value like a password, use a least-privilege Jenkins user for the token, and turn on the Origin-validation system properties in production.
Which endpoint should my client use — streamable HTTP, SSE, or stateless?
Streamable HTTP at /mcp-server/mcp for almost everything — the README recommends it for connection reliability. Use /mcp-server/sse for GitHub Copilot (known issues with streamable there) and /mcp-server/stateless for clients that make independent, sessionless requests.
Can it modify my Jenkins instance?
It can trigger, rebuild, and replay builds and update build display names/descriptions — all as the API-token user, so Jenkins permissions are the control point. It has no tools to create or delete jobs, change system configuration, or manage credentials.