Whiskers is a self-hosted web control plane for your Docker fleet and at the same time a hardened MCP server that lets an AI use the same capabilities, within clear limits on how it touches your infrastructure.

Whiskers dashboard: your whole fleet
Whiskers dashboard: your whole fleet

MCP-native layer

The management layer itself speaks Model Context Protocol. AI clients like Claude Code connect to the MCP endpoint and work within their permission scope.

Per-key permissions

Every key has a level: Read / Write / Admin or an explicit tool list. An AI never gets more than you grant it.

Code-enforced guardrails

Security policy is enforced in code at the tool boundary, not in the prompt. What is blocked cannot be talked around by a prompt.

Human-in-the-loop

Sensitive actions raise an approval: you approve or reject before they run, with a push to the in-app bell (and optionally Mattermost/Matrix).

Full agent history

Every AI tool call is recorded: tool, actor, parameters (secrets redacted), verdict, result, duration. Complete traceability.

All-in-one

Containers, logs, metrics, CVE scans, deployment and databases, in one tool, instead of keeping half a dozen tabs open.

SSH-key-free

Hosts are reached over mutual TLS (mTLS), no standing private key for an attacker to steal.

Page-aware agent widget

A floating agent chat on every page that knows where you are and can send a screenshot to a vision model on request.

In-app handbook

A searchable user handbook right inside the app: a chapter for every area, theme-matched.

Kubernetes (k3s)

Manage k3s clusters next to your Docker hosts: pods on the dashboard (grouped by Deployment/StatefulSet), logs, scaling, rollout restarts — the kubeconfig is stored encrypted in the vault. Whiskers itself runs on the cluster via a Helm chart.

Git deployments & registries

Connect a repo — Whiskers clones/pulls it on the target server and brings it up with Docker Compose. Deploy tokens live vault-only, push-to-deploy via HMAC-signed webhooks, private registries with vault credentials.

Set up in minutes

Prebuilt image on ghcr.io, a browser setup wizard instead of a config file, local login or SSO (Google/OIDC), one-click server onboarding.

Backup & rollback

Whiskers backs itself up (encrypted, schedulable, crash-safe restore) and snapshots every container before an update — one-click rollback.

Light & dark, EN & DE

Light/dark/system mode, five color schemes and a bilingual interface (English/German).

Whiskers is open source (Apache-2.0) and currently in beta. View on GitHub →

A closer look

AI agent widget: advisor or acting agent
AI agent widget: advisor or acting agent
Guardrails: security policy enforced in code
Guardrails: security policy enforced in code
CVE Monitor: deduplicated vulnerability findings
CVE Monitor: deduplicated vulnerability findings