Fly.io MCP Server

Official Fly.io MCP server that wraps the flyctl CLI so agents can manage apps, machines, volumes, secrets, certs, and orgs on Fly.io.

Developer Tools by Fly.io (Superfly) Bearer Token active

GitHub Docs

Overview

Fly.io ships an official Model Context Protocol server that exposes the flyctl CLI to AI agents. There are two flavors: the standalone superfly/flymcp repo (a Go binary wrapping a small subset of flyctl commands), and the more complete fly mcp server subcommand built directly into the flyctl binary. The flyctl-built-in server is the canonical way to use Fly.io with MCP today and covers the full Fly.io infrastructure surface.

The server lets an LLM provision and operate Fly.io infrastructure: list and inspect apps, start and stop Machines, manage Volumes for persistent storage, set runtime secrets, attach TLS certificates, view application logs, query platform status, and manage organizations. It supports stdio, SSE, and streamable HTTP transports, with built-in configuration helpers for Claude Desktop, Cursor, VS Code, Zed, Neovim, and Windsurf.

Authentication uses your existing Fly.io credentials. Locally, the server inherits the session from flyctl auth login. For remote deployments, tokens can be passed via the Authorization header, the --access-token flag, or the FLY_ACCESS_TOKEN environment variable. Fly.io explicitly warns that running the server remotely grants whoever holds the token the ability to run commands on your account.

Tools

Tool	Description
`apps`	Manage Fly applications (list, create, destroy, restart). Apps are groups of Machines running your code.
`machine`	Manage Fly Machines, the lightweight VMs that run your app. Start, stop, list, and inspect Machines.
`volumes`	Manage persistent storage Volumes attached to Machines.
`secrets`	Manage runtime secrets exposed as environment variables to your app.
`certs`	Manage TLS certificates for custom domains on deployed apps.
`logs`	Stream or fetch application logs generated by Fly Machines.
`status`	Show an application's current status including deployment details, tasks, and region allocation.
`orgs`	Manage Fly organizations and user access.
`platform`	Retrieve Fly platform information such as regions and VM sizes.

Setup Guide

Option A: Built-in flyctl MCP server (recommended)

Requires flyctl installed and authenticated.

# Install flyctl (macOS)
brew install flyctl

# Authenticate
fly auth login

# Auto-add to Claude Desktop
fly mcp server --claude

Other supported clients: --cursor, --vscode, --zed, --neovim, --windsurf. You can also pass --config <path> to write to an arbitrary MCP client config file.

Manual Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "flyctl": {
      "command": "fly",
      "args": ["mcp", "server"]
    }
  }
}

To explore the available tools interactively, run the MCP inspector:

fly mcp server -i
# then open http://127.0.0.1:6274

Option B: Standalone flymcp Go binary

git clone https://github.com/superfly/flymcp.git
cd flymcp
go mod download
go build -o flymcp

Claude Desktop config:

{
  "mcpServers": {
    "flymcp": {
      "command": "/full/path/to/flymcp",
      "args": []
    }
  }
}

Remote / hosted

For remote deployments, use --sse or --stream and override --bind-addr. Provide a Fly access token via the Authorization: Bearer <token> header, the --access-token flag, or the FLY_ACCESS_TOKEN env var. Note: running the server remotely lets any caller with the token execute commands on your behalf.

Use Cases

Have an agent deploy a new app and scale Machines across regions based on traffic, using apps and machine tools.
Let an LLM rotate runtime secrets (database URLs, API keys) for a Fly app via the secrets tool during an incident response workflow.
Triage production issues by asking the agent to pull recent logs and status for a misbehaving app and summarize errors.
Provision and attach persistent volumes to Machines for stateful services like Postgres or Redis sidecars.
Add a custom domain to an app and have the agent request and verify TLS certs end-to-end.

Example Prompts

"List all my Fly apps and show which ones have machines in the iad region."
"Tail the last 200 log lines for the api-prod app and tell me what's failing."
"Create a 10GB volume in ord for the worker app and attach it to a new Machine."
"Set the STRIPE_SECRET_KEY secret on checkout-prod to the value I just pasted, then restart the app."
"Show the deployment status of marketing-site and roll back if the latest release is unhealthy."

Pros

Official and maintained by Fly.io, with the server bundled directly into the flyctl CLI.
Covers the full Fly.io operational surface: apps, Machines, volumes, secrets, certs, logs, orgs.
Built-in installers for Claude, Cursor, VS Code, Zed, Neovim, and Windsurf, plus an MCP inspector for debugging.
Multiple transports supported (stdio, SSE, streamable HTTP) so it can run locally or on a remote Machine.

Limitations

The fly mcp server subcommand is documented as experimental and flags may change.
Running remotely is risky: any caller with the access token can execute commands against your Fly account.
The standalone superfly/flymcp Go repo only exposes fly-logs and fly-status; for full coverage you need the flyctl-built-in server.

Alternatives

Railway MCP for similar app/deploy management on Railway.
Cloudflare MCP servers for Workers, KV, and edge infrastructure.
Direct use of the flyctl CLI via a generic shell MCP server if you want broader command coverage than the official tool exposes.