npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@cdmx/authentik-diag-mcp

v0.1.1

Published

MCP server for Authentik API with diagnostic and read-only capabilities

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cdmxcdmx

Keywords

authentikmcpmodel-context-protocolauthenticationidentityapiserverdiagnosticmonitoring

Readme

Authentik Diagnostic MCP Server (Node.js)

A Model Context Protocol (MCP) server that provides read-only diagnostic and monitoring capabilities for Authentik instances. This server is designed specifically for monitoring, troubleshooting, and gaining insights into your Authentik deployment without making any modifications.

Features

Event Monitoring & Audit Logs

  • Comprehensive event tracking and audit trail analysis
  • Real-time monitoring of authentication events
  • Event filtering and search capabilities
  • Historical event analysis for troubleshooting

User Information (Read-Only)

  • User account status monitoring
  • User activity tracking
  • Group membership analysis
  • Authentication history review

System Health Monitoring

  • System configuration review
  • Version and build information
  • Health status checks
  • Configuration drift detection

Application Status Monitoring

  • Application availability monitoring
  • Provider status tracking
  • Flow execution monitoring
  • Integration health checks

Diagnostic Capabilities

  • Issue identification and analysis
  • Performance monitoring
  • Security event analysis
  • Compliance reporting

MCP Integration

This server is designed to be used with MCP-compatible tools and platforms. It provides a standardized interface for monitoring and diagnosing Authentik instances through the Model Context Protocol.

Configuration

The server requires the following configuration parameters:

  • base-url: Base URL of your Authentik instance (required)
  • token: Authentik API token (required)
  • verify-ssl: Enable/disable SSL certificate verification (optional, default: true)

Environment Variables

You can also configure the server using environment variables:

  • AUTHENTIK_BASE_URL: Base URL of your Authentik instance
  • AUTHENTIK_TOKEN: Authentik API token
  • AUTHENTIK_VERIFY_SSL: SSL certificate verification (true/false)

API Token Setup

For diagnostic purposes, create a token with minimal read-only permissions:

  1. Log in to your Authentik instance as an administrator
  2. Navigate to Directory > Tokens
  3. Click Create to create a new token
  4. Set Intent to "API"
  5. Choose minimal read permissions (no write/delete permissions needed)
  6. Copy the generated token for use with this diagnostic server

Available Diagnostic Tools

Event Monitoring

  • authentik_list_events - List system events with advanced filtering
  • authentik_get_event - Get detailed event information
  • authentik_search_events - Search events by context and criteria
  • authentik_get_user_events - Get events for specific users

User Information (Read-Only)

  • authentik_get_user_info - Get user information for diagnostics
  • authentik_list_users_info - List users with basic information
  • authentik_get_user_events - Analyze user-specific events

Group Information (Read-Only)

  • authentik_get_group_info - Get group information for diagnostics
  • authentik_list_groups_info - List groups with membership details
  • authentik_get_group_members - Analyze group membership

Application Status (Read-Only)

  • authentik_get_application_status - Check application health
  • authentik_list_applications_status - Monitor all applications

Flow Status (Read-Only)

  • authentik_get_flow_status - Check flow execution status
  • authentik_list_flows_status - Monitor all authentication flows

System Health

  • authentik_get_system_config - Review system configuration
  • authentik_get_version_info - Get version and build information

Provider Status (Read-Only)

  • authentik_list_providers_status - Monitor provider health
  • authentik_get_provider_status - Check specific provider status

Resources

Access to read-only diagnostic resources:

  • authentik://events - Event monitoring and audit logs
  • authentik://users/info - User information for diagnostics
  • authentik://groups/info - Group information for diagnostics
  • authentik://applications/status - Application status monitoring
  • authentik://flows/status - Flow status monitoring
  • authentik://system/health - System health information

MCP Integration & Usage

This server is designed to be managed by MCP-compatible tools and platforms. It provides a standardized interface for monitoring and diagnosing Authentik instances through the Model Context Protocol.

Example Configurations

VS Code / GitHub Copilot Workspace (settings.json):

"mcp": {
  "servers": {
    "authentik-diag": {
      "command": "npx",
      "args": [
        "@cdmx/authentik-diag-mcp",
        "--base-url", "https://your-authentik-instance",
        "--token", "your-api-token"
      ]
    }
  }
}

Claude Desktop (claude_desktop_config.json):

{
  "mcpServers": {
    "authentik-diag": {
      "command": "npx",
      "args": [
        "@cdmx/authentik-diag-mcp",
        "--base-url",
        "https://your-authentik-instance",
        "--token",
        "your-api-token"
      ]
    }
  }
}

Integration Notes

  • Use npx @cdmx/authentik-diag-mcp for Node.js versions as shown above
  • For Python versions, use uvx authentik-diag-mcp if you are using the Python implementation
  • Replace authentik-diag-mcp with authentik-mcp for full API access if needed
  • Let your MCP tool manage the environment and server lifecycle
  • Direct CLI usage is not recommended for most users

Monitoring Use Cases

Security Monitoring

  • Track failed authentication attempts
  • Monitor suspicious login patterns
  • Analyze access violations
  • Review privilege escalations

Performance Analysis

  • Identify slow authentication flows
  • Monitor API response times
  • Analyze user experience metrics
  • Track system performance trends

Compliance Reporting

  • Generate audit reports
  • Track user access patterns
  • Monitor data access events
  • Compliance verification

Troubleshooting

  • Diagnose authentication issues
  • Identify configuration problems
  • Analyze user experience issues
  • Debug integration problems

Security Features

Read-Only Design

  • No write operations supported
  • Safe for production monitoring
  • Minimal permissions required
  • No data modification risk

Audit Trail

  • All diagnostic queries are logged
  • Tracking of monitoring activities
  • Compliance with audit requirements
  • Transparent operation logging

Best Practices

Token Management

  • Use dedicated read-only tokens
  • Rotate tokens regularly
  • Monitor token usage
  • Restrict token scope

Monitoring Strategy

  • Regular health checks
  • Automated alerting
  • Trend analysis
  • Proactive monitoring

Security

  • Always use HTTPS
  • Verify SSL certificates
  • Monitor access logs
  • Implement rate limiting

Requirements

  • Node.js 18.0.0 or higher
  • Valid Authentik API token with read permissions

License

MIT License - see LICENSE file for details.

Support

Contributing

We welcome contributions! Please see our Contributing Guide for details.

See CHANGELOG.md for version history and changes.