POST to https://<HARBOR_URL>/api/v2.0/projects with a JSON body containing project_name, metadata.public set to false, and optionally storage_limit to create the private project
Authenticate all API calls with HTTP Basic Auth using an admin account or a bearer token obtained from POST /service/token
Create a robot account scoped to the project by POSTing to https://<HARBOR_URL>/api/v2.0/robots with a body specifying name, level: project, permissions array granting repository:push and repository:pull access, and the project namespace
Capture the secret from the robot account creation response (it is only returned once) and store it securely; use it as the password when logging in with docker login <HARBOR_URL> and the robot account name as the username
Verify access by running docker pull or docker push against the project and inspecting audit logs at /api/v2.0/audit-logs
Known gotchas
Robot account names are automatically prefixed by Harbor (e.g., robot$project+name); use the full prefixed name when authenticating with Docker CLI
The storage_limit field is in bytes; passing -1 sets unlimited storage; omitting it inherits the system default quota which may be zero in some installations
The robot secret is returned only in the creation response body; there is no API to retrieve it afterward — if lost, the robot account must be refreshed or recreated
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp