Starling · MCP server for Kubernetes — now live

github.com/warble-tech·v0.1.0·Apache 2.0

MCP-Native · Apache 2.0 · v0.1.0

Starling

by Warble Cloud

The MCP server that gives AI agents
real eyes and hands on your Kubernetes cluster.

Starling exposes your live cluster state as MCP tools — security findings, health signals, and remediation capabilities — so Claude, Gemini, and your own agents can reason and act without manual context copying.

Install Starling Try Free Scan GitHub

<10s

Full cluster scan

A–F

Security grade

3/day

Free scans

v0.1

Current release

See it in action

Claude asks. Starling answers.

claude — MCP · starling@warblecloud.com

user: What's the security posture of my production cluster?

claude: Calling starling::scan_cluster (namespace=production)

→ Scanning 47 deployments, 23 services, 8 PVCs…

✓ Grade: C+ (72/100)

✗ 3 critical: privileged containers on inference-worker, redis-cache, pg-primary

⚠ 8 high: missing resource limits, readOnlyRootFilesystem=false

claude: Your cluster scored C+. I've found 3 critical privileged-container violations.

Shall I apply the starling::apply_remediation for inference-worker? I'll dry-run first.

MCP Tool Surface

Everything your AI agent needs.

Starling registers these tools with any MCP host. Claude Desktop, Gemini agents, and custom runtimes can call them natively.

scan_cluster

Full security & reliability scan of your live cluster

scan_manifest

Analyse a YAML manifest before apply

get_findings

Retrieve findings for a scan ID with remediation steps

list_resources

Graph-walk deployments, services, PVCs, and policies

get_health

Pod health, restart loops, OOMKill events, pending nodes

apply_remediation

Execute a remediation command with dry-run first

Built Different

Why teams choose Starling.

MCP-Native Intelligence

First-class Model Context Protocol support. Claude, Gemini, and any MCP-compatible AI agent can reason over your live Kubernetes state — no API wrappers, no middleware.

Policy-Grade Security Scanning

OPA/Rego-backed scanning against CIS Kubernetes Benchmark, NSA hardening guidelines, and custom organizational policies. Graded A–F with per-finding remediation commands.

Sub-10s Cluster Analysis

Parallel resource graph traversal with targeted context extraction. No bloated 50K-token dumps — Starling sends only what the AI model needs to act.

Zero-Exfiltration by Design

All scanning runs in-cluster or locally via kubeconfig. Your RBAC credentials and workload metadata never leave your VPC. Air-gap compatible.

Live Reflexion Loop

Integrates with Reflexion Engine — findings feed the Critic→Hypothesis→Actor loop for autonomous remediation with SLO-gated blast radius control.

Multi-Cluster & Multi-Cloud

GKE, EKS, AKS, on-prem Rancher. Single binary, kubeconfig-native. Works with OIDC, workload identity, and service account token auth.

Setup

Three ways to run Starling.

Pick the deployment that matches your control surface — switch later without re-keying tokens.

Point Claude / Cursor / your IDE at our hosted endpoint.

Zero infra. We run the MCP server; you bring an API token. Best for teams that want to try Starling against a non-prod cluster.

01 · Get a hosted API token
```
# Sign in and mint a token
warble auth login
warble starling tokens create --name "claude-desktop"
```
Tokens scope to a single cluster + namespace and expire after 30 days by default.

02 · Add Starling to your MCP client

// ~/.config/claude/claude_desktop_config.json
{
  "mcpServers": {
    "starling": {
      "transport": "https",
      "url": "https://mcp.warblecloud.com/v1",
      "headers": { "Authorization": "Bearer $WARBLE_STARLING_TOKEN" }
    }
  }
}

03 · Ask your cluster something

> "Why is the checkout-api pod restarting in production?"
> "Show me every Service that's missing a NetworkPolicy."

Every tool call is logged to the audit ledger you provisioned with the token.

Quick Start

Up in 60 seconds.

terminal

curl -L https://github.com/warble-tech/starling/releases/download/v0.1.0/starling_0.1.0_macOS_arm64.tar.gz \
  | tar xz -C /usr/local/bin starling
starling --version

Run your first scan

# Point at your cluster
starling scan-cluster --kubeconfig ~/.kube/config

# Or scan a manifest before apply
starling scan-manifest -f deployment.yaml

# Start the MCP server (for Claude Desktop / agent use)
starling mcp serve

Full docs at warblecloud.com/install · github.com/warble-tech/starling

Apache 2.0 · Free to self-host

Give your AI agent
real cluster context.

3 free scans per day, no account needed. Enterprise plans with unlimited scans, SSO, and Reflexion Engine integration available.

Install Free Enterprise Plan

No credit card 3 free scans/day Zero data exfiltration MCP-native Apache 2.0