mcpindex.aiv0
← Index

UniFi Gateway

io.github.pete-builds/unifi·v0.10.0·Monitoring & Logs
Quality Score
90
/100

Safe-by-default UniFi MCP: Network + Protect + Access, multi-site, dry-run, audit log.

Repository →Website →
§00  Trust verdict · v1 advisory ·  method
UNVERIFIEDno verdict on file

Verdict not yet evaluated for this tool. The hybrid eval runs adversarial cases first; coverage rolls out as the corpus expands. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: hybrid eval, four-state verdict, honest limits.

§01  Install
Claude Desktop (Docker)
{
  "mcpServers": {
    "unifi": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "ghcr.io/pete-builds/mcp-unifi:0.10.0"
      ],
      "env": {
        "STUB_MODE": "true",
        "UNIFI_HOST": "<unifi_host>",
        "UNIFI_API_KEY": "<your-unifi_api_key>",
        "UNIFI_SITE": "default",
        "UNIFI_VERIFY_SSL": "false",
        "MCP_UNIFI_CONTROLLERS_FILE": "<mcp_unifi_controllers_file>",
        "MCP_UNIFI_MODULES_ENABLED": "network",
        "UNIFI_ACCESS_HOST": "<unifi_access_host>",
        "UNIFI_ACCESS_API_KEY": "<your-unifi_access_api_key>",
        "UNIFI_ACCESS_PORT": "12445",
        "MCP_UNIFI_AUDIT_SINK": "file",
        "MCP_UNIFI_AUDIT_PATH": "audit.jsonl"
      }
    }
  }
}
§02  Environment variables
STUB_MODE

When true, the server returns realistic mock data and requires no UniFi hardware. Defaults to true so the image is functional out of the box.

UNIFI_HOST

IP address or hostname of the UniFi OS gateway (UCG-Fiber, UDM Pro, etc). Required when STUB_MODE=false and MCP_UNIFI_CONTROLLERS_FILE is unset.

UNIFI_API_KEY
secret

Local API key generated under Settings -> Control Plane -> Integrations on the gateway. Required when STUB_MODE=false and MCP_UNIFI_CONTROLLERS_FILE is unset.

UNIFI_SITE

UniFi controller site name. Defaults to 'default'.

UNIFI_VERIFY_SSL

Whether to verify the gateway's TLS certificate. Defaults to false because most home gateways use a self-signed cert.

MCP_UNIFI_CONTROLLERS_FILE

Path to a YAML file describing multiple named controllers for multi-site management. When set, the legacy UNIFI_HOST / UNIFI_API_KEY env vars are ignored. Each entry needs name, host, api_key, and optionally port, site, verify_ssl.

MCP_UNIFI_MODULES_ENABLED

Comma-separated list of modules to load. Known values: 'network', 'protect', 'access'. Defaults to 'network'. Set to 'network,protect,access' to enable Protect and Access tools alongside Network. Access is read-only in v0.10.

UNIFI_ACCESS_HOST

UniFi Access hub IP or hostname. Required when the access module is enabled and STUB_MODE=false. Often the same host as UNIFI_HOST.

UNIFI_ACCESS_API_KEY
secret

UniFi Access API key. Separate from the Network API key; generated on the Access controller's developer settings. Required when the access module is enabled and STUB_MODE=false.

UNIFI_ACCESS_PORT

HTTPS port for the Access hub. Defaults to 12445 (the direct Access app port).

MCP_UNIFI_AUDIT_SINK

Audit log sink. One of 'file' (default), 'stdout', or 'syslog'. Every tool call is recorded to a JSONL stream with secrets scrubbed.

MCP_UNIFI_AUDIT_PATH

Path for the audit log file when MCP_UNIFI_AUDIT_SINK=file. Defaults to audit.jsonl in the process CWD.

§03  MCP Quality Score  ·  methodology
freshness
25
completeness
20
installability
25
documentation
15
stability
5
§04  Alternatives in Monitoring & Logs
app.cooperpetcare.www/cooper
app.cooperpetcare.www/cooper

Cooper: catálogo, cobertura, razas y turnos del marketplace argentino de cuidado canino.

ThornGuard
app.qwady.thorns/thornguard

Remote MCP security gateway for auth, redaction, policy enforcement, and audit logging.

Leaf
app.readwithleaf/leaf

AI assistant integration for Leaf — track books, log reading sessions, and manage your library.