Skip to content

jmagar/unifi-mcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

17 Commits
.claude/agents
.claude/agents
Β 
Β 
docs
docs
Β 
Β 
tests
tests
Β 
Β 
unifi_mcp
unifi_mcp
Β 
Β 
.coveragerc
.coveragerc
Β 
Β 
.dockerignore
.dockerignore
Β 
Β 
.env.example
.env.example
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CLAUDE.md
CLAUDE.md
Β 
Β 
Dockerfile
Dockerfile
Β 
Β 
README.md
README.md
Β 
Β 
docker-compose.yml
docker-compose.yml
Β 
Β 
pyproject.toml
pyproject.toml
Β 
Β 
pytest.ini
pytest.ini
Β 
Β 
run.sh
run.sh
Β 
Β 
uv.lock
uv.lock
Β 
Β 

Repository files navigation

🌐 UniFi Local Controller MCP Server

Python FastMCP License UniFi

A powerful Model Context Protocol (MCP) server for seamless UniFi controller integration

πŸš€ Direct Local Access β€’ πŸ“Š Real-time Monitoring β€’ πŸ”§ Device Management β€’ 🎯 Clean Data Output

✨ Overview

This MCP server provides direct, real-time integration with your local UniFi controller through a comprehensive suite of tools and resources. Built with modern FastMCP framework as a modular Python package, it eliminates the need for cloud dependencies while delivering clean, formatted data output with advanced logging and process management.

🎯 Key Features

Feature Description
🏠 Local Integration Direct controller access - no cloud dependencies
πŸ“‘ Real-time Data Live device status, statistics, and monitoring
🎨 Clean Output Human-readable formatting - no JSON walls
πŸ”§ Device Control Restart, locate, and manage network devices
πŸ“Š Smart Analytics Bandwidth, DPI stats, and network insights
🌐 Universal Support Works with UDM Pro, Cloud Gateway Max, legacy controllers
⚑ FastMCP Powered Modern MCP framework with streamable HTTP transport
πŸ“‹ Advanced Logging Prettified logs with colors and background execution
πŸ”§ Process Management PID files, log streaming, and independent execution

πŸš€ Quick Start

πŸ“‹ Prerequisites

Before you begin, ensure you have:

  • 🏠 Local UniFi Controller (Cloud Gateway Max, UDM Pro, or traditional controller)
  • 🌐 Direct Network Access to the controller
  • πŸ‘€ Local Admin Account (not UniFi Cloud/SSO)
  • 🐍 Python 3.11+
  • πŸ“¦ uv Package Manager

πŸ”Œ Controller Compatibility

Controller Type Port Examples
πŸ†• UniFi OS Devices 443 UDM Pro, UDM SE, Cloud Gateway Max, Cloud Key Gen2+
πŸ”„ Legacy Controllers 8443 Software controllers, Cloud Key Gen1

⚠️ Authentication Note: Requires local admin account, not UniFi Cloud credentials

⚑ Installation

πŸ“₯ Step-by-Step Setup

1️⃣ Clone and Setup

cd unifi-mcp
uv sync

2️⃣ Configure Environment

cp .env.example .env
# Edit .env with your controller details

3️⃣ Launch Server

./run.sh              # Start server in background + stream logs
./run.sh logs         # Stream logs from running server
# Or directly: uv run python -m unifi_mcp.main

🎯 Server Endpoint: http://localhost:8001/mcp

βš™οΈ Configuration

πŸ”‘ Required Environment Variables

πŸ“ Configuration Template 
# 🏠 Controller Connection (scheme and port required)
UNIFI_CONTROLLER_URL=https://10.1.0.1:443  # UniFi OS (UDM Pro, Cloud Gateway Max)
# UNIFI_CONTROLLER_URL=https://10.1.0.1:8443  # Legacy controllers
UNIFI_USERNAME=admin                        # Local controller admin username
UNIFI_PASSWORD=your_password               # Local controller admin password

# πŸ”§ Controller Type Configuration
UNIFI_IS_UDM_PRO=true                 # true for UniFi OS devices, false for legacy
UNIFI_VERIFY_SSL=false                # false for self-signed certs, true for valid SSL

# 🌐 Server Settings
UNIFI_LOCAL_MCP_HOST=0.0.0.0          # Server bind address
UNIFI_LOCAL_MCP_PORT=8001             # Server port
UNIFI_LOCAL_MCP_LOG_LEVEL=INFO        # Logging level

# πŸ“‹ Advanced Logging & Process Management
MCP_LOG_FILE=logs/unifi-mcp.log       # Override default log file location
MCP_PID_FILE=logs/unifi-mcp.pid       # Override default PID file location

🌐 Controller URL Examples

Type URL Format Use Case
πŸ†• UniFi OS https://192.168.1.1:443 UDM Pro, Cloud Gateway Max, Cloud Key Gen2+
πŸ”„ Legacy https://unifi.example.com:8443 Software controllers, Cloud Key Gen1
πŸ”§ Custom https://controller:PORT Non-standard port configurations

πŸ”’ SSL Certificate Handling

Certificate Type Setting Description
πŸ”“ Self-signed UNIFI_VERIFY_SSL=false Most common setup
βœ… Valid SSL UNIFI_VERIFY_SSL=true Trusted certificate authority
πŸ“ Custom CA Provide CA bundle path Enterprise environments

πŸ› οΈ Available Tools

🎯 Tool Categories

πŸ“± Device Management
Tool Description Output
get_devices List all devices 🎨 Clean, formatted summaries
get_device_by_mac Specific device details πŸ“Š Formatted device info
restart_device Restart UniFi device ⚑ Device reboot
locate_device Trigger locate LED πŸ’‘ Visual device identification
πŸ‘₯ Client Management
Tool Description Output
get_clients Connected clients πŸ”— Connection details
reconnect_client Force reconnection πŸ”„ Client refresh
block_client Block client network access 🚫 Security enforcement
unblock_client Restore client network access βœ… Access restoration
forget_client Remove client historical data πŸ—‘οΈ GDPR compliance
set_client_name Set/update client name πŸ“ Device identification
set_client_note Add notes to client record πŸ“‹ Documentation
🌐 Network Configuration
Tool Description Output
get_sites Controller sites 🏒 Site information
get_wlan_configs Wireless networks πŸ“‘ WiFi configurations
get_network_configs Network/VLAN setup πŸ”§ Network topology
get_port_configs Switch port profiles πŸ”Œ Port configurations
get_port_forwarding_rules Port forwarding ➑️ Traffic routing rules
get_firewall_rules Firewall security rules πŸ”’ Security audit
get_firewall_groups Firewall address groups πŸ‘₯ Security management
get_static_routes Advanced routing configuration πŸ—ΊοΈ Network routing
πŸ“Š Monitoring & Statistics
Tool Description Output
get_controller_status System information πŸ’» Controller health
get_events Recent controller events πŸ“… Event timeline
get_alarms Active system alarms 🚨 Alert notifications
get_dpi_stats Deep Packet Inspection πŸ” Traffic analysis
get_rogue_aps Rogue access points ⚠️ Security threats
start_spectrum_scan RF spectrum analysis πŸ“‘ Wireless diagnostics
get_spectrum_scan_state Scan results πŸ“Š RF environment data
authorize_guest Guest network access 🎫 Visitor authorization
get_speedtest_results Historical speed test data πŸ“ˆ Performance analysis
get_ips_events Security threat detection πŸ›‘οΈ Threat monitoring

πŸ“‹ MCP Resources

Access structured data using the unifi:// URI scheme with clean, filtered JSON output:

🎯 Resource Categories

🏒 Site & Overview Resources
Resource Description Output Format
unifi://sites All controller sites 🎨 Site summaries with health status
unifi://overview Network overview (default site) πŸ“Š Infrastructure & client summary
unifi://overview/{site_name} Network overview for specific site πŸ“Š Site-specific summary
πŸ“± Device Resources
Resource Description Output Format
unifi://devices All devices (default site) 🎨 Clean device summaries
unifi://devices/{site_name} All devices for specific site 🎨 Site-specific devices
unifi://device/{site_name}/{mac} Individual device details πŸ“Š Detailed device info
unifi://stats/device/{site_name}/{mac} Device performance stats πŸ“ˆ Traffic & system metrics
unifi://device-tags Device tags (default site) 🏷️ Tag assignments
unifi://device-tags/{site_name} Device tags for specific site 🏷️ Site-specific tags
πŸ‘₯ Client Resources
Resource Description Output Format
unifi://clients Connected clients (default site) πŸ”— Essential connection details
unifi://clients/{site_name} Connected clients for specific site πŸ”— Site-specific clients
🌐 Network Configuration Resources
Resource Description Output Format
unifi://config/networks Network/VLAN configs (default site) πŸ”§ Network topology
unifi://config/networks/{site_name} Networks for specific site πŸ”§ Site-specific networks
unifi://config/wlans Wireless network configs (default site) πŸ“‘ WiFi configurations
unifi://config/wlans/{site_name} WLANs for specific site πŸ“‘ Site-specific WiFi
unifi://config/portforward Port forwarding rules (default site) ➑️ Traffic routing rules
unifi://config/portforward/{site_name} Port forwarding for specific site ➑️ Site-specific rules
unifi://channels Wireless channel info (default site) πŸ“Ά RF channel utilization
unifi://channels/{site_name} Channels for specific site πŸ“Ά Site-specific channels
πŸ“Š Monitoring & Statistics Resources
Resource Description Output Format
unifi://dashboard Dashboard metrics (default site) πŸ“ˆ Real-time traffic data
unifi://dashboard/{site_name} Dashboard for specific site πŸ“ˆ Site-specific metrics
unifi://events Recent events (default site) πŸ“… Event timeline
unifi://events/{site_name} Events for specific site πŸ“… Site-specific events
unifi://alarms Active alarms (default site) 🚨 Alert notifications
unifi://alarms/{site_name} Alarms for specific site 🚨 Site-specific alarms
unifi://health Site health status (default site) βœ… Subsystem health
unifi://health/{site_name} Health for specific site βœ… Site-specific health
unifi://stats/dpi DPI statistics (default site) πŸ” Top application traffic
unifi://stats/dpi/{site_name} DPI stats for specific site πŸ” Site-specific DPI
unifi://rogue-aps Rogue access points (default site) ⚠️ Security threats
unifi://rogue-aps/{site_name} Rogue APs for specific site ⚠️ Site-specific rogues
πŸ”§ System Information Resources
Resource Description Output Format
unifi://sysinfo Controller system information πŸ’» Hardware & software details
unifi://admins Administrator accounts πŸ‘₯ Admin user details
🎨 Data Formatting Engine
Feature Description
🧠 Smart Summarization Essential info only - no JSON walls
πŸ“± Device-Type Aware Custom formatting per device type
πŸ”Œ Connection-Type Aware Tailored wired vs wireless details
πŸ“Š Auto Conversion Bytes, uptimes, timestamps
πŸ”„ Recursive Formatting Clean nested data structures

πŸ” Authentication Flow

sequenceDiagram
    participant Client
    participant MCP Server
    participant UniFi Controller
    
    Client->>MCP Server: Request
    MCP Server->>UniFi Controller: Login (username/password)
    UniFi Controller->>MCP Server: TOKEN/unifises cookie
    MCP Server->>UniFi Controller: Parse CSRF token (UDM Pro)
    MCP Server->>UniFi Controller: API Request + Auth Headers
    UniFi Controller->>MCP Server: Response Data
    MCP Server->>Client: Formatted Response
Loading

🎯 Key Design Decisions

Decision Rationale Benefit
πŸ“¦ Modular package structure Organized tools, resources, config Easy maintenance & extensibility
🎯 Default site assumption Most operations use "default" Simplified API calls
🎨 Clean data presentation Smart formatting helpers No overwhelming JSON
πŸ“Š Comprehensive resources Dashboard + detailed monitoring Complete network visibility
πŸ”§ Resource vs Tool pattern Resources for data, tools for ops Clear separation of concerns
πŸ“‹ Advanced logging Prettified output with process mgmt Better debugging & monitoring

πŸ‘¨β€πŸ’» Development

πŸ”₯ Hot Reload Development

πŸš€ Development Setup 
# Install development dependencies
uv sync --extra dev

# Run directly for development
uv run python -m unifi_mcp.main

# Background server management
./run.sh              # Start in background + stream logs
./run.sh logs         # Stream logs from running server
kill $(cat logs/unifi-mcp.pid)  # Stop background server

πŸ§ͺ Testing Tools

πŸ”§ API Testing Commands 
# List available tools
curl -X POST http://localhost:8001/mcp/call \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/list"}'

# Test a specific tool
curl -X POST http://localhost:8001/mcp/call \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "get_devices"}}'

🌐 API Endpoints

Endpoint Purpose Description
πŸ’š Health http://localhost:8001/health Server health check
πŸ”— MCP http://localhost:8001/mcp Main MCP endpoint
⚑ Tools http://localhost:8001/mcp/call Tool execution

πŸ”§ Troubleshooting

🚨 Common Issues & Solutions

πŸ” Authentication Issues
Issue Solution Notes
🚫 401 Errors Check username/password and controller URL Verify credentials
πŸ”’ MFA Required Disable MFA or implement MFA support Contact admin
πŸ›‘οΈ SSL Errors Set UNIFI_VERIFY_SSL=false For self-signed certs
πŸŽ›οΈ Controller Type Issues
Controller Type Setting Description
πŸ†• UDM Pro/Cloud Gateway Max UNIFI_IS_UDM_PRO=true Modern UniFi OS devices
πŸ”„ Legacy Controllers UNIFI_IS_UDM_PRO=false Traditional controllers
⚠️ Common Problems
Problem Cause Solution
πŸ“Š Empty DPI Stats DPI disabled Enable DPI in controller settings
πŸ“± No Devices Found Insufficient permissions Verify admin access
⏱️ Connection Timeouts Network issues Check connectivity & availability

πŸ”¬ Technical Details

πŸ› οΈ Built With

Component Description Link
🐍 unifi-controller-api Python UniFi library GitHub
⚑ FastMCP Modern MCP framework GitHub
πŸ“¦ PyPI Package Controller API package PyPI

πŸ’‘ Implementation Highlights

🎯 Smart Features
Feature Description Benefit
🏷️ Device Model Mapping Translates codes ("U7PG2" β†’ "UniFi AC Pro AP") Human-readable names
πŸ”„ Authentication Retry Auto-retry on auth failure Network resilience
πŸͺ Session Management Handles TOKEN/unifises cookies Seamless authentication
πŸ›‘οΈ CSRF Protection JWT token extraction & application Security compliance

🌐 Network Requirements

πŸ“‹ Prerequisites Checklist
  • βœ… Direct Access: Server β†’ UniFi controller connectivity
  • βœ… Port Access: HTTPS port (443/8443) accessibility
  • βœ… Account Type: Local controller account (not Cloud/SSO)
  • βœ… Admin Privileges: Administrative controller access

πŸ“„ License

This project is open source. See repository for license details.

Made with ❀️ for the UniFi community

⭐ Star this repo β€’ πŸ› Report Issues β€’ πŸ’‘ Request Features

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages