Fastly
STDIOAI-powered Fastly CDN management through natural language interactions with comprehensive security features
AI-powered Fastly CDN management through natural language interactions with comprehensive security features
🤖 AI-powered Fastly management - Securely control your Fastly infrastructure through natural language interactions with AI assistants.
A Model Context Protocol (MCP) server that provides AI agents with secure access to Fastly services. Ask your AI assistant to manage CDN configurations, deploy Compute services, analyze performance metrics, and more - all through simple conversational commands.
The Fastly MCP server is an open-source, actively developed tool with Tier 1 support. Our open-source support policy is detailed in our documentation. We also welcome your feedback on our community forum.
With this MCP server, your AI assistant can:
Before getting started, ensure you have:
fastly whoami)Choose the installation method that works best for you:
Download the latest release for your platform:
| Platform | Download |
|---|---|
| macOS (Intel) | Download |
| macOS (Apple Silicon) | Download |
| Linux (64-bit) | Download |
| Windows (64-bit) | Download |
After downloading:
macOS/Linux:
# Make it executable chmod +x fastly-mcp # Move to a directory in your PATH (optional) sudo mv fastly-mcp /usr/local/bin/
Windows:
# Rename the downloaded file to add .exe extension if needed Rename-Item fastly-mcp fastly-mcp.exe # Move to a directory in your PATH (optional) # Example: Move to your user's local bin directory mkdir $env:USERPROFILE\bin -Force Move-Item fastly-mcp.exe $env:USERPROFILE\bin\ # Add to PATH if not already there [Environment]::SetEnvironmentVariable("Path", $env:Path + ";$env:USERPROFILE\bin", [EnvironmentVariableTarget]::User)
go install github.com/fastly/mcp/cmd/fastly-mcp@latest
Finding Your Installation Directory
When you use go install, the location of the installed binary depends on your Go environment configuration.
The binary is installed to $GOPATH/bin or $GOBIN if set. You can check these locations:
go env GOBIN go env GOPATH # If GOBIN is empty, it uses GOPATH/bin
git clone https://github.com/fastly/mcp.git cd mcp make build # Binary will be at ./bin/fastly-mcp
Get up and running in just 3 steps!
First, ensure the Fastly CLI is authenticated with your account:
# Check if you're already authenticated fastly whoami
If not authenticated, follow these steps:
Get your API token from the Fastly web interface
Create a Fastly profile using the CLI:
fastly profile create
Windows Users: Run these commands in PowerShell, Command Prompt, or Windows Terminal.
⚠️ Important: The
FASTLY_API_TOKENenvironment variable is not recommended for MCP clients as it may not be properly inherited by the MCP server process. Always usefastly profile createfor reliable authentication.
~/Library/Application Support/fastly/config.toml~/.config/fastly/config.toml%APPDATA%\fastly\config.tomlChoose your AI assistant and follow the configuration steps:
{ "mcpServers": { "fastly": { "command": "/path/to/fastly-mcp", // Windows: "C:\\path\\to\\fastly-mcp.exe" "args": [] } } }
Navigate to Settings → MCP Servers → Add Server, or edit the configuration directly:
{ "mcpServers": { "fastly": { "command": "/path/to/fastly-mcp", // Windows: "C:\\path\\to\\fastly-mcp.exe" "args": [] } } }
Add to your Claude configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.json~/.config/Claude/claude_desktop_config.json{ "mcpServers": { "fastly": { "command": "/path/to/fastly-mcp", // Windows: "C:\\path\\to\\fastly-mcp.exe" "args": [] } } }
Simply run this command:
macOS/Linux:
claude mcp add fastly /path/to/fastly-mcp
Windows:
claude mcp add fastly C:\path\to\fastly-mcp.exe
🎉 You're all set! Start by asking your AI assistant about your Fastly services:
👤 You: "Show me all my Fastly services"
🤖 Assistant: "I'll list all your Fastly services for you..."
Authentication Issues?
fastly profile create to set up authenticationFASTLY_API_TOKEN environment variable with MCPfastly whoamifastly profile create with the new tokenfastly profile create instead of environment variablesfastly profile list to see available profilesAI assistant doesn't see the Fastly tools?
fastly-mcp is correct"Command not found" errors?
which fastlywhere fastlyfastly whoamiecho %PATH% (cmd) or $env:Path (PowerShell)Permission denied errors?
chmod +x /path/to/fastly-mcpThe server provides eight powerful tools for AI agents:
fastly_list_commandsLists all available Fastly CLI commands
{ "tool": "fastly_list_commands" }
fastly_describeGets detailed information about a specific command
{ "tool": "fastly_describe", "arguments": { "command": "service list" } }
fastly_executeExecutes a Fastly CLI command with specified parameters
{ "tool": "fastly_execute", "arguments": { "command": "service", "args": ["list"], "flags": [ {"name": "json"} ] } }
current_timeReturns the current time in multiple formats for temporal context
{ "tool": "current_time" }
{ "unix": 1736531400, "unix_milli": 1736531400000, "iso": "2025-01-10T18:30:00Z", "utc": "2025-01-10 18:30:00 UTC", "local": "2025-01-10 10:30:00 PST", "timezone": "PST", "time_offset": "-08:00" }
When command outputs exceed 25KB (configurable via --output-cache-threshold), they are automatically cached with a preview. Use these tools to access the full data:
fastly_result_readRead paginated data from cached results
{ "tool": "fastly_result_read", "arguments": { "result_id": "result_abc123", "offset": 0, "limit": 20 } }
fastly_result_queryQuery/filter cached data
{ "tool": "fastly_result_query", "arguments": { "result_id": "result_abc123", "filter": "name=production" } }
fastly_result_summaryGet statistical summary of cached data
{ "tool": "fastly_result_summary", "arguments": { "result_id": "result_abc123" } }
fastly_result_listList all currently cached results
{ "tool": "fastly_result_list" }
When a command returns more than 25KB of data (default, configurable):
Example cached response:
{ "success": true, "result_id": "result_abc123", "cached": true, "cache_metadata": { "total_size": 150000, "data_type": "json_array", "total_items": 156 }, "preview": { "type": "json_array", "first_items": [/* first 5 items */], "total_items": 156, "truncated": true }, "instructions": "Output cached due to size. Use result_id with retrieval tools.", "next_steps": [ "Use fastly_result_read to get paginated data", "Use fastly_result_query to filter results", "Use fastly_result_summary for overview" ] }
macOS/Linux:
fastly-mcp
Windows:
fastly-mcp.exe
macOS/Linux:
# Default port 8080 fastly-mcp --http # Custom port fastly-mcp --http :9000 # With Server-Sent Events fastly-mcp --http --sse
Windows:
# Default port 8080 fastly-mcp.exe --http # Custom port fastly-mcp.exe --http :9000 # With Server-Sent Events fastly-mcp.exe --http --sse
macOS/Linux:
# List commands fastly-mcp list-commands # Get help fastly-mcp describe service list # Execute command fastly-mcp execute '{"command":"version","args":[]}'
Windows:
# List commands fastly-mcp.exe list-commands # Get help fastly-mcp.exe describe service list # Execute command (note the escaped quotes) fastly-mcp.exe execute '{\"command\":\"version\",\"args\":[]}'
We've designed this server with multiple layers of security:
These commands require explicit human approval via --user-reviewed flag:
delete - Removes resourcespurge - Clears cachecreate - Creates resourcesupdate - Modifies resourcesactivate - Deploys changesdeactivate - Disables servicesupload - Uploads packagesHuman Confirmation Required: AI agents must:
--user-reviewed flagExample after human approval:
{ "tool": "fastly_execute", "arguments": { "command": "service", "args": ["delete"], "flags": [ {"name": "service-id", "value": "abc123"}, {"name": "user-reviewed"} ] } }
These commands are completely blocked for security:
auth-token - Authentication token managementsso - Single sign-on operationsprofile - Profile managementComprehensive defenses against prompt injection attacks:
;, |, &, `, $, etc.)Override the default allowed commands using a file or inline specification:
macOS/Linux:
fastly-mcp --allowed-commands-file /path/to/allowed-commands.txt
Windows:
fastly-mcp.exe --allowed-commands-file C:\path\to\allowed-commands.txt
Format (see example-allowed-commands.txt):
# are commentsmacOS/Linux:
fastly-mcp --allowed-commands service,stats,version
Windows:
fastly-mcp.exe --allowed-commands service,stats,version
macOS/Linux:
# Merges commands from both file and inline list fastly-mcp --allowed-commands-file base.txt --allowed-commands whoami,help
Windows:
# Merges commands from both file and inline list fastly-mcp.exe --allowed-commands-file base.txt --allowed-commands whoami,help
When both options are specified, commands from both sources are merged (union)
Remove sensitive data from outputs:
macOS/Linux:
fastly-mcp --sanitize
Windows:
fastly-mcp.exe --sanitize
What gets sanitized:
[REDACTED]u***@example.com[REDACTED-IP]https://[REDACTED-CREDENTIALS]@...[REDACTED-AWS-ACCESS-KEY]⚠️ Warning: May redact service IDs and break automation workflows.
Protect secrets from LLM exposure while maintaining functionality:
macOS/Linux:
fastly-mcp --encrypt-tokens
Windows:
fastly-mcp.exe --encrypt-tokens
How it works:
[ENCRYPTED-TOKEN:xxxxx] placeholdersmacOS/Linux:
# All features with file-based allowlist fastly-mcp --http --sanitize --encrypt-tokens --allowed-commands-file custom.txt # All features with inline allowlist fastly-mcp --http --sanitize --encrypt-tokens --allowed-commands service,stats,version # HTTP with encryption and merged allowlists fastly-mcp --http :9000 --encrypt-tokens --allowed-commands-file base.txt --allowed-commands whoami # Testing with sanitization and inline commands fastly-mcp --sanitize --allowed-commands service execute '{"command":"service","args":["list"]}'
Windows:
# All features with file-based allowlist fastly-mcp.exe --http --sanitize --encrypt-tokens --allowed-commands-file custom.txt # All features with inline allowlist fastly-mcp.exe --http --sanitize --encrypt-tokens --allowed-commands service,stats,version # HTTP with encryption and merged allowlists fastly-mcp.exe --http :9000 --encrypt-tokens --allowed-commands-file base.txt --allowed-commands whoami # Testing with sanitization and inline commands (note escaped quotes) fastly-mcp.exe --sanitize --allowed-commands service execute '{\"command\":\"service\",\"args\":[\"list\"]}'
This server works best with Language Models optimized for:
For best results, use models specifically optimized for agentic workflows and tool usage.
Recommended Client:
The Fastly MCP server is developed and tested primarily using Roo Code, but it can be used with other MCP-compatible clients as well.
Recommended Models:
The Fastly MCP server has been successfully tested with the following models:
Note: At the time of writing, we do not recommend Gemini models as they are not optimized for tool usage and MCP interactions.
For custom applications:
import subprocess import json # Start the MCP server process = subprocess.Popen( ['fastly-mcp'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, text=True ) # Send a command request = { "method": "tools/call", "params": { "name": "fastly_list_commands" } } process.stdin.write(json.dumps(request) + '\n') process.stdin.flush() # Read response response = json.loads(process.stdout.readline())
make build # Build binary make test # Run all tests make fmt # Format code make lint # Run golangci-lint make vet # Static analysis make clean # Clean artifacts make tidy # Update dependencies make help # Show all commands
We welcome contributions! Please see our contributing guidelines for details.
Found a security issue? Please report it according to our security policy.
MIT License - see LICENSE for details.
When integrating the Fastly MCP server with an AI assistant, we recommend using this concise system prompt for optimal results:
You have access to Fastly's CDN/edge platform via MCP tools that wrap the Fastly CLI.
#### Tools:
- **`fastly_list_commands`** - List available commands
- **`fastly_describe [command]`** - Get command details/parameters
- **`fastly_execute`** - Run commands with parameters
- **`current_time`** - Get timestamps
#### Core Operations:
- **Services**: Create/update/list CDN services, manage versions
- **Edge Config**: VCL, ACLs, dictionaries, Compute
- **Content**: Backends, domains, caching, purging
- **Security**: TLS, secrets, access controls
- **Monitoring**: Stats, logs, alerts
#### Critical Rules:
1. **ALWAYS use `fastly_describe` before executing any unfamiliar command**
2. **Destructive operations require `--user-reviewed: true`** flag after human approval:
- `delete`, `remove`, `purge`, `create`, `update` commands
- Always explain impact and get human confirmation first
3. **Use `--json` format** for parsing
4. **Most commands need `--service-id`**
5. **Clone versions before changes**
6. Use `current_time` before operations that need timestamps
#### Workflow:
~~~
# Discover
fastly_describe command="service list"
# Execute (safe)
fastly_execute command="service list" parameters={"format": "json"}
# Execute (destructive - needs human review)
fastly_execute command="cache purge" parameters={
"service-id": "ABC123",
"key": "/api/*",
"user-reviewed": true
}
~~~
#### Constraints:
- 30s timeout, 50KB output limit
- No shell features (pipes/redirects)
- Auth management blocked
- Never execute commands without first understanding them via describe
**Priority**: Explain command impacts clearly. Production changes need explicit human approval.
The recommended role definition (for example to configure a dedicated mode in Roo Code) is You are an expert in using, interpreting, optimizing and configuring the Fastly CDN services.
Here are example prompts you can use with your AI assistant to interact with Fastly services: