Whiskers is a self-hosted web control plane for your Docker fleet and at the same time a hardened MCP server that lets an AI use the same capabilities, within clear limits on how it touches your infrastructure.

MCP-native layer
The management layer itself speaks Model Context Protocol. AI clients like Claude Code connect to the MCP endpoint and work within their permission scope.
Per-key permissions
Every key has a level: Read / Write / Admin or an explicit tool list. An AI never gets more than you grant it.
Code-enforced guardrails
Security policy is enforced in code at the tool boundary, not in the prompt. What is blocked cannot be talked around by a prompt.
Human-in-the-loop
Sensitive actions raise an approval: you approve or reject before they run, with a push to the in-app bell (and optionally Mattermost/Matrix).
Full agent history
Every AI tool call is recorded: tool, actor, parameters (secrets redacted), verdict, result, duration. Complete traceability.
All-in-one
Containers, logs, metrics, CVE scans, deployment and databases, in one tool, instead of keeping half a dozen tabs open.
SSH-key-free
Hosts are reached over mutual TLS (mTLS), no standing private key for an attacker to steal.
Page-aware agent widget
A floating agent chat on every page that knows where you are and can send a screenshot to a vision model on request.
In-app handbook
A searchable user handbook right inside the app: a chapter for every area, theme-matched.
Kubernetes (k3s)
Manage k3s clusters next to your Docker hosts: pods on the dashboard (grouped by Deployment/StatefulSet), logs, scaling, rollout restarts — the kubeconfig is stored encrypted in the vault. Whiskers itself runs on the cluster via a Helm chart.
Git deployments & registries
Connect a repo — Whiskers clones/pulls it on the target server and brings it up with Docker Compose. Deploy tokens live vault-only, push-to-deploy via HMAC-signed webhooks, private registries with vault credentials.
Set up in minutes
Prebuilt image on ghcr.io, a browser setup wizard instead of a config file, local login or SSO (Google/OIDC), one-click server onboarding.
Backup & rollback
Whiskers backs itself up (encrypted, schedulable, crash-safe restore) and snapshots every container before an update — one-click rollback.
Light & dark, EN & DE
Light/dark/system mode, five color schemes and a bilingual interface (English/German).
Whiskers is open source (Apache-2.0) and currently in beta. View on GitHub →
A closer look



