← Index

UniFi Gateway

io.github.pete-builds/unifi·v0.15.4·Monitoring & Logs

Safe-by-default UniFi MCP: Network + Protect + Access, multi-site, dry-run, audit log.

In-path gate · all MCP tools

Using UniFi Gateway in Claude, Cursor, Gemini CLI, Cline, or Zed?

MCP tool contracts can change remotely with no version bump. The mcpindex gate pins each contract and HOLDs the call when it drifts—before your agent acts. Zero credentials. This is not the package install for this server itself (use Install this server for that).

Install the mcpindex gate (one command)

Rewrites your MCP host config so each server launches behind the gate. Inspect first: curl -fsSL https://mcpindex.ai/install.sh | less

curl -fsSL https://mcpindex.ai/install.sh | sh
Trust verdict · v1 advisory · method
REVIEWstatus: PARTIALfresh until 2026-08-04 15:04 UTC
screened 2026-07-05tier: scannedgranularity: description-levelsource: registry

Semantic screen found no manipulation pattern in the description. Conformance probe not yet run.

mcpindex.integrity.descriptionpassINFO

evidenceNo malicious instructions foundvia static_description

Limits of this verdict
  • - Semantic screen only - the deterministic conformance probe has not run on this server
  • - Confidence is reported but not yet calibrated (v1)
  • - Screen reads the tool description, not the live behavior
  • - advisory
  • - registry description only no input schema
  • - screen model 8b

Semantic screen: an LLM judge reads the tool description for hidden instructions (status PARTIAL). A pass means the description is not lying, not that the tool is safe: a high-capability tool with an honest description still warrants caution. The deterministic conformance probe has not been run on this server yet, so the screen here is semantic-only. Posture: advisory. Confidences are reported but not yet calibrated (calibrated=false at v1). Full verdict history is not shown on this page.

Own this server? Screen its description →

Embed this badge

A live verdict badge for your README or listing. It reflects the current screen, links back here, and updates when the verdict does.

Markdown
[![mcpindex](https://mcpindex.ai/api/v1/badge/io-github-pete-builds-unifi)](https://mcpindex.ai/server/io-github-pete-builds-unifi)
HTML
<a href="https://mcpindex.ai/server/io-github-pete-builds-unifi"><img src="https://mcpindex.ai/api/v1/badge/io-github-pete-builds-unifi" alt="mcpindex verdict" height="20" /></a>
Environment variables
STUB_MODE

When true, the server returns realistic mock data and requires no UniFi hardware. Defaults to true so the image is functional out of the box.

UNIFI_HOST

IP address or hostname of the UniFi OS gateway (UCG-Fiber, UDM Pro, etc). Required when STUB_MODE=false and MCP_UNIFI_CONTROLLERS_FILE is unset.

UNIFI_API_KEY
secret

Local API key generated under Settings -> Control Plane -> Integrations on the gateway. Required when STUB_MODE=false and MCP_UNIFI_CONTROLLERS_FILE is unset.

UNIFI_SITE

UniFi controller site name. Defaults to 'default'.

UNIFI_VERIFY_SSL

Whether to verify the gateway's TLS certificate. Defaults to false because most home gateways use a self-signed cert.

MCP_UNIFI_CONTROLLERS_FILE

Path to a YAML file describing multiple named controllers for multi-site management. When set, the legacy UNIFI_HOST / UNIFI_API_KEY env vars are ignored. Each entry needs name, host, api_key, and optionally port, site, verify_ssl.

MCP_UNIFI_MODULES_ENABLED

Comma-separated list of modules to load. Known values: 'network', 'protect', 'access'. Defaults to 'network'. Set to 'network,protect,access' to enable Protect and Access tools alongside Network. Access is read-only in v0.10.

UNIFI_ACCESS_HOST

UniFi Access hub IP or hostname. Required when the access module is enabled and STUB_MODE=false. Often the same host as UNIFI_HOST.

UNIFI_ACCESS_API_KEY
secret

UniFi Access API key. Separate from the Network API key; generated on the Access controller's developer settings. Required when the access module is enabled and STUB_MODE=false.

UNIFI_ACCESS_PORT

HTTPS port for the Access hub. Defaults to 12445 (the direct Access app port).

MCP_UNIFI_AUDIT_SINK

Audit log sink. One of 'file' (default), 'stdout', or 'syslog'. Every tool call is recorded to a JSONL stream with secrets scrubbed.

MCP_UNIFI_AUDIT_PATH

Path for the audit log file when MCP_UNIFI_AUDIT_SINK=file. Defaults to audit.jsonl in the process CWD.

MCP quality score · maturity, not trust · methodology
freshness
25
completeness
20
installability
25
documentation
15
stability
5
Alternatives in Monitoring & Logs