Skip to main content

Nextcloud MCP Server for Agentic AI!

Project description

Nextcloud - A2A | AG-UI | MCP

PyPI - Version MCP Server PyPI - Downloads GitHub Repo stars GitHub forks GitHub contributors PyPI - License GitHub

GitHub last commit (by committer) GitHub pull requests GitHub closed pull requests GitHub issues

GitHub top language GitHub language count GitHub repo size GitHub repo file count (file type) PyPI - Wheel PyPI - Implementation

Version: 0.12.1

Overview

Nextcloud MCP Server + A2A Server

It includes a Model Context Protocol (MCP) server and an out of the box Agent2Agent (A2A) agent

Interacts with your self-hosted Nextcloud instance to manage files, calendars, contacts, and sharing through an MCP server!

This repository is actively maintained - Contributions are welcome!

Supports:

  • File Operations: List, Read, Write, Move, Copy, Delete, Create Folder, Get Properties
  • Sharing: List Shares, Create Share, Delete Share
  • Calendars: List Calendars, List Events, Create Event
  • Contacts: List Address Books, List Contacts, Create Contact
  • User Info: Get current user details

MCP

Available MCP Tools

This server utilizes dynamic Action-Routed tools to optimize token overhead and maximize IDE compatibility.

Tool Name Description
nextcloud_calendar Consolidated Action-Routed tool for calendar. Methods: list_calendars, list_calendar_events, create_calendar_event
nextcloud_contacts Consolidated Action-Routed tool for contacts. Methods: list_address_books, list_contacts, create_contact
nextcloud_files Consolidated Action-Routed tool for files. Methods: list_files, list_files, read_file, write_file, create_folder, delete_item, move_item, copy_item, get_properties
nextcloud_sharing Consolidated Action-Routed tool for sharing. Methods: list_shares, create_share, delete_share
nextcloud_user Consolidated Action-Routed tool for user. Methods: get_user_info

A2A Agent

This package also includes an A2A agent server that can be used to interact with the Nextcloud MCP server.

Architecture:

---
config:
  layout: dagre
---
flowchart TB
 subgraph subGraph0["Agent Capabilities"]
        C["Agent"]
        B["A2A Server - Uvicorn/FastAPI"]
        D["MCP Tools"]
        F["Agent Skills"]
  end
    C --> D & F
    A["User Query"] --> B
    B --> C
    D --> E["Nextcloud API"]

     C:::agent
     B:::server
     A:::server
    classDef server fill:#f9f,stroke:#333
    classDef agent fill:#bbf,stroke:#333,stroke-width:2px
    style B stroke:#000000,fill:#FFD600
    style D stroke:#000000,fill:#BBDEFB
    style F fill:#BBDEFB
    style A fill:#C8E6C9
    style subGraph0 fill:#FFF9C4

Component Interaction Diagram

sequenceDiagram
    participant User
    participant Server as A2A Server
    participant Agent as Agent
    participant Skill as Agent Skills
    participant MCP as MCP Tools

    User->>Server: Send Query
    Server->>Agent: Invoke Agent
    Agent->>Skill: Analyze Skills Available
    Skill->>Agent: Provide Guidance on Next Steps
    Agent->>MCP: Invoke Tool
    MCP-->>Agent: Tool Response Returned
    Agent-->>Agent: Return Results Summarized
    Agent-->>Server: Final Response
    Server-->>User: Output

Graph Architecture

This agent uses pydantic-graph orchestration for intelligent routing and optimal context management.

---
title: Nextcloud Agent Graph Agent
---
stateDiagram-v2
  [*] --> RouterNode: User Query
  RouterNode --> DomainNode: Classified Domain
  RouterNode --> [*]: Low confidence / Error
  DomainNode --> [*]: Domain Result
  • RouterNode: A fast, lightweight LLM (e.g., nvidia/nemotron-3-super) that classifies the user's query into one of the specialized domains.
  • DomainNode: The executor node. For the selected domain, it dynamically sets environment variables to temporarily enable ONLY the tools relevant to that domain, creating a highly focused sub-agent (e.g., gpt-4o) to complete the request. This preserves LLM context and prevents tool hallucination.

Usage

MCP CLI

Short Flag Long Flag Description
-h --help Display help information
-t --transport Transport method: 'stdio', 'http', or 'sse' [legacy] (default: stdio)
-s --host Host address for HTTP transport (default: 0.0.0.0)
-p --port Port number for HTTP transport (default: 8016)
--auth-type Authentication type: 'none', 'static', 'jwt', 'oauth-proxy', 'oidc-proxy', 'remote-oauth' (default: none)
--token-jwks-uri JWKS URI for JWT verification
--token-issuer Issuer for JWT verification
--token-audience Audience for JWT verification
--oauth-upstream-auth-endpoint Upstream authorization endpoint for OAuth Proxy
--oauth-upstream-token-endpoint Upstream token endpoint for OAuth Proxy
--oauth-upstream-client-id Upstream client ID for OAuth Proxy
--oauth-upstream-client-secret Upstream client secret for OAuth Proxy
--oauth-base-url Base URL for OAuth Proxy
--oidc-config-url OIDC configuration URL
--oidc-client-id OIDC client ID
--oidc-client-secret OIDC client secret
--oidc-base-url Base URL for OIDC Proxy
--remote-auth-servers Comma-separated list of authorization servers for Remote OAuth
--remote-base-url Base URL for Remote OAuth
--allowed-client-redirect-uris Comma-separated list of allowed client redirect URIs
--eunomia-type Eunomia authorization type: 'none', 'embedded', 'remote' (default: none)
--eunomia-policy-file Policy file for embedded Eunomia (default: mcp_policies.json)
--eunomia-remote-url URL for remote Eunomia server

A2A CLI

Endpoints

  • Web UI: http://localhost:9016/ (if enabled)
  • A2A: http://localhost:9016/a2a (Discovery: /a2a/.well-known/agent.json)
  • AG-UI: http://localhost:9016/ag-ui (POST)
Short Flag Long Flag Description
-h --help Display help information
--host Host to bind the server to (default: 0.0.0.0)
--port Port to bind the server to (default: 9016)
--reload Enable auto-reload
--provider LLM Provider: 'openai', 'anthropic', 'google', 'huggingface'
--model-id LLM Model ID (default: nvidia/nemotron-3-super)
--base-url LLM Base URL (for OpenAI compatible providers)
--api-key LLM API Key
--mcp-url MCP Server URL (default: http://localhost:8016/mcp)
--web Enable Pydantic AI Web UI

Using as an MCP Server

The MCP Server can be run in two modes: stdio (for local testing) or http (for networked access). To start the server, use the following commands:

Run in stdio mode (default):

nextcloud-agent --transport "stdio"

Run in HTTP mode:

nextcloud-agent --transport "http"  --host "0.0.0.0"  --port "8016"

AI Prompt:

List all files in my 'Documents' folder.

AI Response:

Contents of 'Documents':
[FILE] Project_Proposal.docx (Size: 15403, Modified: Sun, 01 Feb 2026 10:00:00 GMT)
[FILE] Notes.txt (Size: 450, Modified: Sun, 01 Feb 2026 09:30:00 GMT)
[DIR] Financials (Size: -, Modified: Fri, 30 Jan 2026 14:20:00 GMT)

Agentic AI

nextcloud-agent is designed to be used by Agentic AI systems. It provides a set of tools that allow agents to manage Nextcloud resources.

Agent-to-Agent (A2A)

This package also includes an A2A agent server that can be used to interact with the Nextcloud MCP server.

CLI

Argument Description Default
--host Host to bind the server to 0.0.0.0
--port Port to bind the server to 9016
--reload Enable auto-reload False
--provider LLM Provider (openai, anthropic, google, huggingface) openai
--model-id LLM Model ID nvidia/nemotron-3-super
--base-url LLM Base URL (for OpenAI compatible providers) http://ollama.arpa/v1
--api-key LLM API Key ollama
--mcp-url MCP Server URL http://nextcloud-mcp:8016/mcp
--allowed-tools List of allowed MCP tools list_files, ...

Examples

Run A2A Server

nextcloud-agent --provider openai --model-id gpt-4 --api-key sk-... --mcp-url http://localhost:8016/mcp

Run with Docker

docker run -e CMD=nextcloud-agent -p 9016:9016 nextcloud-agent

Security & Governance

This project is built on agent-utilities, inheriting enterprise-grade security and governance features.

Authentication & Authorization

Feature Description
OIDC Token Delegation RFC 8693 token exchange for user-context propagation from A2A → MCP
Eunomia Policies Fine-grained, policy-driven tool authorization (none, embedded, remote)
Scoped Credentials Tools execute with the caller's scoped identity where possible
3LO / OAuth / API Token Multiple auth strategies with graceful fallback

Eunomia Policy Enforcement

Eunomia provides a policy enforcement point for all tool calls:

  • Embedded mode: Load local mcp_policies.json for role-based access, sensitivity gating, and audit logging
  • Remote mode: Forward authorization decisions to a central Eunomia policy server for multi-agent governance
  • Enable via CLI: --eunomia-type embedded --eunomia-policy-file mcp_policies.json

Runtime Protections

Protection Description
Tool Guard Sensitivity detection with human-in-the-loop approval gating
Prompt Injection Defense Input scanning and repetition/loop guards
Content Filtering Output schema enforcement and cost budget controls
Stuck Loop Detection Automatic detection and recovery from agent loops
Context Limit Warnings Proactive alerts before context window exhaustion

Graph Agent Architecture

The A2A agent uses pydantic-graph orchestration with:

  • RouterNode: Lightweight classifier that routes queries to specialized domains
  • DomainNode: Focused executor with only relevant tools loaded, preventing tool hallucination
  • Approval Gates: Policy-driven approval workflows before sensitive operations
  • Usage Guards: Budget and rate limiting enforcement

Production Recommendation: Enable --eunomia-type embedded (or remote) + OIDC delegation + containerized deployment. See agent-utilities documentation for full policy configuration.

Docker

Build

docker build -t nextcloud-agent .

Run MCP Server

docker run -p 8016:8016 nextcloud-agent

Run A2A Server

docker run -e CMD=nextcloud-agent -p 9016:9016 nextcloud-agent

Deploy MCP Server as a Service

The Nextcloud MCP server can be deployed using Docker, with configurable authentication, middleware, and Eunomia authorization.

Using Docker Run

docker pull knucklessg1/nextcloud-agent:latest

docker run -d \
  --name nextcloud-agent \
  -p 8016:8016 \
  -e HOST=0.0.0.0 \
  -e PORT=8016 \
  -e TRANSPORT=http \
  -e AUTH_TYPE=none \
  -e EUNOMIA_TYPE=none \
  -e NEXTCLOUD_BASE_URL=https://cloud.example.com \
  -e NEXTCLOUD_USERNAME=user \
  -e NEXTCLOUD_PASSWORD=pass \
  knucklessg1/nextcloud-agent:latest

For advanced authentication (e.g., JWT, OAuth Proxy, OIDC Proxy, Remote OAuth) or Eunomia, add the relevant environment variables:

docker run -d \
  --name nextcloud-agent \
  -p 8016:8016 \
  -e HOST=0.0.0.0 \
  -e PORT=8016 \
  -e TRANSPORT=http \
  -e AUTH_TYPE=oidc-proxy \
  -e OIDC_CONFIG_URL=https://provider.com/.well-known/openid-configuration \
  -e OIDC_CLIENT_ID=your-client-id \
  -e OIDC_CLIENT_SECRET=your-client-secret \
  -e OIDC_BASE_URL=https://your-server.com \
  -e ALLOWED_CLIENT_REDIRECT_URIS=http://localhost:*,https://*.example.com/* \
  -e EUNOMIA_TYPE=embedded \
  -e EUNOMIA_POLICY_FILE=/app/mcp_policies.json \
  -e NEXTCLOUD_BASE_URL=https://cloud.example.com \
  -e NEXTCLOUD_USERNAME=user \
  -e NEXTCLOUD_PASSWORD=pass \
  knucklessg1/nextcloud-agent:latest

Using Docker Compose

Create a docker-compose.yml file:

services:
  nextcloud-mcp:
    image: knucklessg1/nextcloud-agent:latest
    environment:
      - HOST=0.0.0.0
      - PORT=8016
      - TRANSPORT=http
      - AUTH_TYPE=none
      - EUNOMIA_TYPE=none
      - NEXTCLOUD_BASE_URL=https://cloud.example.com
      - NEXTCLOUD_USERNAME=user
      - NEXTCLOUD_PASSWORD=pass
    ports:
      - 8016:8016

For advanced setups with authentication and Eunomia:

services:
  nextcloud-mcp:
    image: knucklessg1/nextcloud-agent:latest
    environment:
      - HOST=0.0.0.0
      - PORT=8016
      - TRANSPORT=http
      - AUTH_TYPE=oidc-proxy
      - OIDC_CONFIG_URL=https://provider.com/.well-known/openid-configuration
      - OIDC_CLIENT_ID=your-client-id
      - OIDC_CLIENT_SECRET=your-client-secret
      - OIDC_BASE_URL=https://your-server.com
      - ALLOWED_CLIENT_REDIRECT_URIS=http://localhost:*,https://*.example.com/*
      - EUNOMIA_TYPE=embedded
      - EUNOMIA_POLICY_FILE=/app/mcp_policies.json
      - NEXTCLOUD_BASE_URL=https://cloud.example.com
      - NEXTCLOUD_USERNAME=user
      - NEXTCLOUD_PASSWORD=pass
    ports:
      - 8016:8016
    volumes:
      - ./mcp_policies.json:/app/mcp_policies.json

Run the service:

docker-compose up -d

Configure mcp.json for AI Integration

{
  "mcpServers": {
    "nextcloud": {
      "command": "uv",
      "args": [
        "run",
        "--with",
        "nextcloud-agent"
      ],
      "env": {
        "NEXTCLOUD_BASE_URL": "https://cloud.example.com",
        "NEXTCLOUD_USERNAME": "user",
        "NEXTCLOUD_PASSWORD": "pass"
      },
      "timeout": 300000
    }
  }
}

Install Python Package

python -m pip install nextcloud-agent
uv pip install nextcloud-agent

Repository Owners

GitHub followers GitHub User's stars

MCP Configuration Examples

stdio (recommended for local development)

{
  "mcpServers": {
    "nextcloud": {
      "command": ".venv/bin/nextcloud-mcp",
      "args": [],
      "env": {
        "NEXTCLOUD_URL": "",
        "NEXTCLOUD_USERNAME": "",
        "NEXTCLOUD_PASSWORD": ""
}
    }
  }
}

Streamable HTTP (recommended for production)

{
  "mcpServers": {
    "nextcloud": {
      "url": "http://localhost:8080/nextcloud-mcp/mcp"
    }
  }
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nextcloud_agent-0.12.1.tar.gz (26.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

nextcloud_agent-0.12.1-py3-none-any.whl (23.5 kB view details)

Uploaded Python 3

File details

Details for the file nextcloud_agent-0.12.1.tar.gz.

File metadata

  • Download URL: nextcloud_agent-0.12.1.tar.gz
  • Upload date:
  • Size: 26.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for nextcloud_agent-0.12.1.tar.gz
Algorithm Hash digest
SHA256 6106a80967027e8b47fcef2ea7f12c5f6289da5324aae8c379431a41e8a7cb3e
MD5 c827e49e88ceff4f7c8d6a279c84330b
BLAKE2b-256 68c45845b24a117e2738fc9910721917db1624febaa2bc13c4c3e031d328d688

See more details on using hashes here.

File details

Details for the file nextcloud_agent-0.12.1-py3-none-any.whl.

File metadata

File hashes

Hashes for nextcloud_agent-0.12.1-py3-none-any.whl
Algorithm Hash digest
SHA256 3b16c3e5323f29f8cef1820200cb3b9b340d408dfcf43e5f7e7eb1244f86d0b7
MD5 0674339d13434192b7b39d3bb4833909
BLAKE2b-256 c1700a7c9f3b6f11319438fa87593bf97ed7021595a875fe4a9e97f303cff51e

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page