Unifi Network MCP Server

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sirkirby from gravatar.com sirkirby

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.13
Report project as malware

Project description

📡 UniFi Network MCP Server

License Project Maintenance GitHub Activity

GitHub Release issues validate-badge validate-docker-badge

"Buy Me A Coffee"

A self-hosted Model Context Protocol (MCP) server that turns your UniFi Network Controller into a rich set of programmable tools. Every capability is exposed via standard MCP tools prefixed with unifi_, so any LLM or agent that speaks MCP (e.g. Claude Desktop, mcp-cli, LangChain, etc.) can query, analyse and – when explicitly confirmed – modify your network.

Table of Contents

Features

  • Full catalog of UniFi controller operations – firewall, traffic-routes, port-forwards, QoS, VPN, WLANs, stats, devices, clients and more.
  • All mutating tools require confirm=true so nothing can change your network by accident.
  • Works over stdio (FastMCP). Optional SSE HTTP endpoint can be enabled via config.
  • One-liner launch via the console-script unifi-network-mcp.
  • Idiomatic Python ≥ 3.10, packaged with pyproject.toml and ready for PyPI.

Quick Start

Docker

# 1. Retrieve the latest image (published from CI)
docker pull ghcr.io/sirkirby/unifi-network-mcp:latest

# 2. Run – supply UniFi credentials via env-vars or a mounted .env file
# Ensure all UNIFI_* variables are set as needed (see Runtime Configuration table)
docker run -i --rm \
  -e UNIFI_HOST=192.168.1.1 \
  -e UNIFI_USERNAME=admin \
  -e UNIFI_PASSWORD=secret \
  -e UNIFI_PORT=443 \
  -e UNIFI_SITE=default \
  -e UNIFI_VERIFY_SSL=false \
  ghcr.io/sirkirby/unifi-network-mcp:latest

Python / UV

# Install UV (modern pip/venv manager) if you don't already have it
curl -fsSL https://astral.sh/uv/install.sh | bash

# 1. Clone & create a virtual-env
git clone https://github.com/sirkirby/unifi-network-mcp.git
cd unifi-network-mcp
uv venv
source .venv/bin/activate

# 2. Install in editable mode (develop-install)
uv pip install --no-deps -e .

# 3. Provide credentials (either export vars or create .env)
# Ensure your .env file (or exported variables) include all required UNIFI_*
# settings as detailed in the Runtime Configuration table below (e.g., UNIFI_HOST,
# UNIFI_USERNAME, UNIFI_PASSWORD, UNIFI_PORT, UNIFI_SITE, UNIFI_VERIFY_SSL).
cp .env.example .env  # then edit values

# 4. Launch
unifi-network-mcp

Install from PyPI

(when published)

uv pip install unifi-network-mcp  # or: pip install unifi-network-mcp

The unifi-network-mcp entry-point will be added to your $PATH.

Using with Claude Desktop

Add (or update) the unifi-network-mcp block under mcpServers in your claude_desktop_config.json.

Option 1 – Claude invokes the local package

"unifi-network-mcp": {
  "command": "/path/to/your/.local/bin/uvx",
  "args": ["--quiet", "unifi-network-mcp"], // Or "unifi-network-mcp==<version>"
  "env": {
    "UNIFI_HOST": "192.168.1.1",
    "UNIFI_USERNAME": "admin",
    "UNIFI_PASSWORD": "secret",
    "UNIFI_PORT": "443",
    "UNIFI_SITE": "default",
    "UNIFI_VERIFY_SSL": "false"
  }
}
  • uvx handles installing/running the package in its own environment.
  • The --quiet flag is recommended if uvx outputs non-JSON messages.
  • If you want to pin to a specific version, use "unifi-network-mcp==<version_number>" as the package name.
  • If your script name in pyproject.toml differs from the package name, use ["--quiet", "<package-name>", "<script-name>"].

Option 2 – Claude starts a Docker container

"unifi-network-mcp": {
  "command": "docker",
  "args": [
    "run", "--rm", "-i",
    "-e", "UNIFI_HOST=192.168.1.1",
    "-e", "UNIFI_USERNAME=admin",
    "-e", "UNIFI_PASSWORD=secret",
    "-e", "UNIFI_PORT=443",
    "-e", "UNIFI_SITE=default",
    "-e", "UNIFI_VERIFY_SSL=false",
    "ghcr.io/sirkirby/unifi-network-mcp:latest"
  ]
}

Option 3 – Claude attaches to an existing Docker container (recommended for compose)

  1. Using the container name as specified in docker-compose.yml from the repository root:
docker-compose up --build
  1. Then configure Claude Desktop:
"unifi-network-mcp": {
  "command": "docker",
  "args": ["exec", "-i", "unifi-network-mcp", "unifi-network-mcp"]
}

Notes:

  • Use -T only with docker compose exec (it disables TTY for clean JSON). Do not use -T with docker exec.
  • Ensure the compose service is running (docker compose up -d) before attaching.

After editing the config restart Claude Desktop, then test with:

@unifi-network-mcp list tools

Optional HTTP SSE endpoint (off by default)

For environments where HTTP is acceptable (e.g., local development), you can enable the HTTP SSE server and expose it explicitly:

docker run -i --rm \
  -p 3000:3000 \
  -e UNIFI_MCP_HTTP_ENABLED=true \
  ...
  ghcr.io/sirkirby/unifi-network-mcp:latest

Security note: Leave this disabled in production or sensitive environments. The stdio transport remains the default and recommended mode.

Runtime Configuration

The server merges settings from environment variables, an optional .env file, and src/config/config.yaml (listed in order of precedence).

Essential variables

Variable Description
CONFIG_PATH Full path to a custom config YAML file. If not set, checks CWD for config/config.yaml, then falls back to the bundled default (src/config/config.yaml).
UNIFI_HOST IP / hostname of the controller
UNIFI_USERNAME Local UniFi admin
UNIFI_PASSWORD Admin password
UNIFI_PORT HTTPS port (default 443)
UNIFI_SITE Site name (default default)
UNIFI_VERIFY_SSL Set to false if using self-signed certs
UNIFI_MCP_HTTP_ENABLED Set true to enable optional HTTP SSE server (default false)

src/config/config.yaml

Defines HTTP bind host/port (0.0.0.0:3000 by default) plus granular permission flags. Examples below assume the default port.

📚 Tool Catalog

All state-changing tools require the extra argument confirm=true.

Firewall

  • unifi_list_firewall_policies
  • unifi_get_firewall_policy_details
  • unifi_toggle_firewall_policy
  • unifi_create_firewall_policy
  • unifi_update_firewall_policy
  • unifi_create_simple_firewall_policy
  • unifi_list_firewall_zones
  • unifi_list_ip_groups

Traffic Routes

  • unifi_list_traffic_routes
  • unifi_get_traffic_route_details
  • unifi_toggle_traffic_route
  • unifi_update_traffic_route
  • unifi_create_traffic_route
  • unifi_create_simple_traffic_route

Port Forwarding

  • unifi_list_port_forwards
  • unifi_get_port_forward
  • unifi_toggle_port_forward
  • unifi_create_port_forward
  • unifi_update_port_forward
  • unifi_create_simple_port_forward

QoS / Traffic Shaping

  • unifi_list_qos_rules
  • unifi_get_qos_rule_details
  • unifi_toggle_qos_rule_enabled
  • unifi_update_qos_rule
  • unifi_create_qos_rule
  • unifi_create_simple_qos_rule

Networks & WLANs

  • unifi_list_networks
  • unifi_get_network_details
  • unifi_update_network
  • unifi_create_network
  • unifi_list_wlans
  • unifi_get_wlan_details
  • unifi_update_wlan
  • unifi_create_wlan

VPN

  • unifi_list_vpn_clients
  • unifi_get_vpn_client_details
  • unifi_update_vpn_client_state
  • unifi_list_vpn_servers
  • unifi_get_vpn_server_details
  • unifi_update_vpn_server_state

Devices

  • unifi_list_devices
  • unifi_get_device_details
  • unifi_reboot_device
  • unifi_rename_device
  • unifi_adopt_device
  • unifi_upgrade_device

Clients

  • unifi_list_clients
  • unifi_get_client_details
  • unifi_list_blocked_clients
  • unifi_block_client
  • unifi_unblock_client
  • unifi_rename_client
  • unifi_force_reconnect_client
  • unifi_authorize_guest
  • unifi_unauthorize_guest

Statistics & Alerts

  • unifi_get_network_stats
  • unifi_get_client_stats
  • unifi_get_device_stats
  • unifi_get_top_clients
  • unifi_get_dpi_stats
  • unifi_get_alerts

System

  • unifi_get_system_info
  • unifi_get_network_health
  • unifi_get_site_settings

Contributing: Releasing / Publishing

This project uses PyPI Trusted Publishing via a GitHub Actions workflow.

To publish a new version:

  1. Bump the version in pyproject.toml.
  2. Create a new GitHub Release: Draft a new release on GitHub, tagging it with the exact same version number (e.g., v0.2.0 if the version in pyproject.toml is 0.2.0).

Once published, users can install it via:

uv pip install unifi-network-mcp

Local Development

Docker:

docker compose up --build

Python:

python3 -m venv .venv
source .venv/bin/activate
pip install .

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sirkirby from gravatar.com sirkirby

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.13

Release history Release notifications | RSS feed

0.14.6

0.14.5

0.14.4

0.14.3

0.14.2

0.14.1

0.14.0

0.13.0

0.12.1

0.12.0

0.11.2

0.11.1

0.11.0

0.10.0

0.9.1

0.9.0

0.8.0

0.7.9

0.7.8

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.4

0.6.3

0.6.2

0.6.1

0.6.0

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.4.2

0.4.1

0.4.0

0.3.3

0.3.2

0.3.1

0.3.0

0.2.0

0.1.4

0.1.3

This version

0.1.2

0.1.1

0.1.0

0.1.0b7 pre-release

0.1.0b6 pre-release

0.1.0b5 pre-release

0.1.0b4 pre-release

0.1.0b3 pre-release

0.1.0b2 pre-release

0.1.0b1 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

unifi_network_mcp-0.1.2.tar.gz (101.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

unifi_network_mcp-0.1.2-py3-none-any.whl (87.5 kB view details)

Uploaded Python 3

File details

Details for the file unifi_network_mcp-0.1.2.tar.gz.

File metadata

  • Download URL: unifi_network_mcp-0.1.2.tar.gz
  • Upload date:
  • Size: 101.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for unifi_network_mcp-0.1.2.tar.gz
Algorithm Hash digest
SHA256 008e6693c1f28322587c25e44e7964307706000d184fa36f7c8c23a100a88c75
MD5 c19c293c90b80efc45392da11f81f927
BLAKE2b-256 6a5d3e88886399d557bee9f4e1cea8745cac315904c2940af2d21259f3c6f192

See more details on using hashes here.

Provenance

The following attestation bundles were made for unifi_network_mcp-0.1.2.tar.gz:

Publisher: publish-to-pypi.yml on sirkirby/unifi-network-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file unifi_network_mcp-0.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for unifi_network_mcp-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 00253b9b3042c771c17c370ff70d3ce7fc59b846ed25bfcfc422f3a4ec3b1e1b
MD5 cc61792f05309562b27ed24dfe73642e
BLAKE2b-256 6efde26fece78314e7eb86dc2c7a94e3f36d0f31ce9c5ce8cecfc7e93449963c

See more details on using hashes here.

Provenance

The following attestation bundles were made for unifi_network_mcp-0.1.2-py3-none-any.whl:

Publisher: publish-to-pypi.yml on sirkirby/unifi-network-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page