eBPF MCP

A secure MCP server for eBPF, designed for AI integration, kernel introspection, and automation.

View on GitHub โ†’

๐Ÿ ebpf-mcp: AI-Compatible eBPF Control via Model Context Protocol

A secure, minimal, and schema-enforced MCP server for eBPF โ€” purpose-built for AI integration, kernel introspection, and automation.

Version MCP Compatible eBPF Support License: GPL v2 (eBPF) License: Apache 2.0 (Core)

๐Ÿง  What Is This?

ebpf-mcp is a secure Model Context Protocol (MCP) server that exposes a minimal set of structured tools to interact with eBPF โ€” optimized for safe AI control, automation agents, and human operators.

It enables loading, attaching, introspecting, and streaming eBPF programs โ€” all through strict JSON Schema contracts validated at runtime. No REST APIs, no shell escapes, and no bpftool wrappers.

๐Ÿš€ Quick Start

๐Ÿ“ฆ One-liner Installation

# Install ebpf-mcp server
curl -fsSL https://raw.githubusercontent.com/sameehj/ebpf-mcp/main/install.sh | sudo bash

# Start the service (runs on port 8080 by default)
sudo systemctl start ebpf-mcp
sudo systemctl enable ebpf-mcp

# Get your auth token
cat /etc/ebpf-mcp-token

# Check service status
sudo systemctl status ebpf-mcp

# View logs if needed
sudo journalctl -u ebpf-mcp -f

For air-gapped or development environments:

git clone https://github.com/sameehj/ebpf-mcp.git
cd ebpf-mcp
sudo ./install.sh v1.0.2

๐Ÿงช Test the Installation

# Run the complete test suite
cd scripts/
chmod +x test-ebpf-mcp-server.sh
./test-ebpf-mcp-server.sh <your-token>

If no token is provided, the script will prompt for it interactively.

๐Ÿค– Claude CLI Integration

Once installed, connect Claude to your eBPF server (runs on port 8080):

# Add MCP server to Claude CLI
claude mcp add ebpf http://localhost:8080/mcp \
  -t http \
  -H "Authorization: Bearer $(cat /etc/ebpf-mcp-token)"

# Start Claude with eBPF tools
claude --debug

# Optional: Test with MCP Inspector (requires Node.js)
npx @modelcontextprotocol/inspector http://localhost:8080/mcp

Example prompts:

  • > Get system info and kernel version
  • > Load and attach a kprobe program to monitor sys_execve
  • > Show me all active eBPF programs and their types
  • > Stream events from ringbuffer maps for 10 seconds
  • > Trace kernel errors for the next 5 seconds

๐Ÿ“ฅ Install Options

MethodCommandUse Case
One-linercurl ... | sudo bashProduction systems
Manualgit clone && sudo ./install.shDevelopment/air-gapped
Build from sourcemake buildCustom modifications
DockerComing soonContainerized environments

๐Ÿ”ง Minimal Toolset

Each tool is designed to be schema-validatable, AI-orchestrable, and safe-by-default. They cover 80%+ of real-world observability and control workflows.

Tool NameStatusDescriptionCapabilities Required
infoโœ…System introspection: kernel, arch, BTFCAP_BPF or none (read-only)
load_programโœ…Load and validate .o files (CO-RE supported)CAP_BPF or CAP_SYS_ADMIN
attach_programโœ…Attach program to XDP, kprobe, tracepoint hooksDepends on type (e.g. CAP_NET_ADMIN for XDP)
inspect_stateโœ…List programs, maps, links, and tool metadataCAP_BPF (read-only)
stream_eventsโœ…Stream events from ringbuf/perfbuf mapsCAP_BPF (read-only)
trace_errorsโœ…Monitor kernel tracepoints for error conditionsCAP_BPF (read-only)

All tools return structured JSON output โ€” AI-ready, streaming-compatible, and schema-validated.

๐Ÿ” See docs/TOOL_SPECS.md for full schema definitions.

๐Ÿš€ What You Can Do

  • โœ… Query kernel version, architecture, and BTF availability
  • โœ… Load programs from disk or inline base64 with optional BTF
  • โœ… Attach to live systems with type-safe constraints
  • โœ… Inspect pinned objects, kernel version, verifier state
  • โœ… Stream real-time events with filtering by pid/comm/cpu
  • โœ… Trace kernel errors and system anomalies
  • โœ… Discover available tools and their schemas
  • โœ… Integrate with Claude, Ollama, or MCP-compatible clients

๐Ÿ›ก๏ธ Security Model

LayerControls
eBPF executionKernel verifier + resource caps
FilesystemNo shell, no exec, path-validated
Runtime isolationSession-scoped cleanup, strict inputs
AI safetyCapability-aware schemas + output limits
AuthenticationBearer token + HTTPS ready

๐Ÿงผ All resources are automatically cleaned up when a client disconnects (no manual unload/detach required unless pinned).

๐Ÿ“ฆ Project Structure

.
โ”œโ”€โ”€ cmd/              # MCP server + CLI client
โ”œโ”€โ”€ internal/         # Core logic: eBPF, tools, kernel adapters
โ”œโ”€โ”€ pkg/types/        # JSON schema bindings + shared types
โ”œโ”€โ”€ docs/             # Tool specs, design notes, schemas
โ”œโ”€โ”€ scripts/          # Install script + test suite
โ””โ”€โ”€ schemas/          # JSON Schema files for each tool

๐Ÿง  Advanced Design Notes

โœ… Lifecycle Management

  • ๐Ÿ”’ No manual detach: Links are closed automatically unless pinned
  • ๐Ÿงน Auto cleanup: FDs and memory are released on disconnect
  • ๐Ÿ“Ž Pinning: Optional pin paths (/sys/fs/bpf/...) for maps/programs/links

๐Ÿค– AI Tooling Compatibility

  • All tools are strictly typed with published schemas and return structured JSON output
  • AI-ready: No parsing required โ€” direct integration with language models
  • Streaming-compatible: Real-time data flows for observability workflows
  • Responses include:
    • tool_version
    • verifier_log (for debugging)
    • Structured error with context

๐Ÿ”— Extensibility

Future optional tools:

  • pin_object / unpin_object
  • detach_link
  • map_batch_op

These are omitted from the default for security and simplicity.

๐Ÿ“š References

๐Ÿงช See scripts/test-ebpf-mcp-server.sh for full validation suite.

Basic Architecture:

Claude / Ollama / AI Client
          โ†“
     MCP JSON-RPC
          โ†“
   ebpf-mcp server
          โ†“
     Kernel APIs

๐Ÿ“œ Licensing

ComponentLicense
internal/ebpf/GPL-2.0
Everything elseApache-2.0

โœ‰๏ธ Contact

๐Ÿ“ฌ GitHub โ€“ sameehj/ebpf-mcp ๐Ÿ›  Contributions, issues, and PRs welcome!

Structured. Safe. Schema-native. ebpf-mcp brings eBPF to the age of AI.

Related Servers