npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

the-real-unifi-mcp

v0.1.2

Published

MCP server for the UniFi Site Manager + Network APIs — 100% coverage, hybrid hand-wrappers + codegen

Readme

the-real-unifi-mcp

License: MIT Node MCP SDK CI

An MCP server that gives Claude (or any MCP client) full read/write access to the UniFi Site Manager and Network APIs over the official cloud endpoint. Cloud-only, stdio transport.

Point it at a UniFi Site Manager API key and your MCP client can list consoles, inspect devices and clients, and manage networks, WiFi, firewall policies, and more — through 167 tools covering the documented API surface.

Features

  • 167 tools across both UniFi APIs, read and write.
  • Three-layer tool design: 86 ergonomic hand-wrappers + 80 auto-generated tools for complete coverage + 1 raw-request escape hatch (86 + 80 + 1 = 167).
  • 3 MCP resources and 3 MCP prompts for ready-made workflows.
  • Lazy ID discovery (consoleId / Network siteId / Site Manager siteId), cached for the process lifetime.
  • Optional write guardUNIFI_CONFIRM_WRITES turns destructive tools into preview-then-confirm.
  • Secret redaction in all stderr log output.

Requirements

  • Node.js ≥ 20.
  • UniFi Site Manager API key with Network scope. Create one at unifi.ui.com under Settings → API.
  • UniFi Console with firmware ≥ 5.0.3 (required by the Network API).

Installation

From source

git clone https://github.com/mguttmann/the-real-unifi-mcp.git
cd the-real-unifi-mcp
npm install
cp .env.example .env
# Edit .env: set UNIFI_API_KEY (Site Manager key with Network scope)
npm run build
npm start

As MCPB bundle

npm run build:mcpb
# Resulting `the-real-unifi-mcp-<version>.mcpb` can be installed directly in Claude Desktop.

Configuration

| Variable | Default | Description | |---|---|---| | UNIFI_API_KEY | (required) | Site Manager API key with Network scope | | UNIFI_API_BASE | https://api.ui.com | API base URL | | UNIFI_CONFIRM_WRITES | false | If true, destructive tools require confirm: "YES" | | UNIFI_TIMEOUT_MS | 30000 | Per-request timeout (ms) | | UNIFI_LOG_LEVEL | info | debug | info | warn | error | | UNIFI_CONSOLE_ID | — | Override discovery (pin to a specific console) | | UNIFI_NETWORK_SITE_ID | — | Override discovery (pin to a specific Network site) | | UNIFI_SITE_MANAGER_SITE_ID | — | Override discovery (pin to a specific Site Manager site) |

Claude Desktop config

Add to claude_desktop_config.json (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "unifi": {
      "command": "node",
      "args": [
        "--env-file=/absolute/path/to/the-real-unifi-mcp/.env",
        "/absolute/path/to/the-real-unifi-mcp/dist/index.js"
      ]
    }
  }
}

Restart Claude Desktop after editing the file. The server exposes its tools under the unifi prefix.

Claude Code config

Add to ~/.claude/settings.json:

{
  "mcpServers": {
    "unifi": {
      "command": "node",
      "args": [
        "--env-file=/absolute/path/to/the-real-unifi-mcp/.env",
        "/absolute/path/to/the-real-unifi-mcp/dist/index.js"
      ]
    }
  }
}

Tool reference

Site Manager hand-wrappers (10)

Account-level tools against api.ui.com directly:

  • unifi_sm_list_hosts — list all UniFi consoles on the account
  • unifi_sm_get_host — detail for a single console
  • unifi_sm_list_sites — account-level sites
  • unifi_sm_list_devices — account-level device list
  • unifi_sm_get_isp_metrics — ISP metrics by bucket (5m/1h)
  • unifi_sm_query_isp_metrics — query ISP metrics with a time window
  • unifi_sm_list_sdwan_configs — SD-WAN configurations
  • unifi_sm_get_sdwan_config — single SD-WAN configuration
  • unifi_sm_get_sdwan_config_status — status of an SD-WAN configuration
  • unifi_sm_identity — resolved consoleId, networkSiteId, siteManagerSiteId

Network hand-wrappers (76)

Per-console tools via the Cloud Connector proxy, grouped by resource:

  • Info / Sites (2): unifi_net_get_info, unifi_net_list_sites
  • Devices (9): unifi_net_list_devices, unifi_net_get_device, unifi_net_get_device_stats, unifi_net_list_pending_devices, unifi_net_adopt_devices, unifi_net_device_action, unifi_net_reboot_device, unifi_net_port_action, unifi_net_remove_device
  • Clients (5): unifi_net_list_clients, unifi_net_get_client, unifi_net_client_action, unifi_net_block_client, unifi_net_unblock_client
  • Networks (6): unifi_net_list_networks, unifi_net_get_network, unifi_net_get_network_references, unifi_net_create_network, unifi_net_update_network, unifi_net_delete_network
  • WiFi broadcasts (5): unifi_net_list_wifi, unifi_net_get_wifi, unifi_net_create_wifi, unifi_net_update_wifi, unifi_net_delete_wifi
  • Firewall (13): unifi_net_list_firewall_zones, unifi_net_get_firewall_zone, unifi_net_create_firewall_zone, unifi_net_update_firewall_zone, unifi_net_delete_firewall_zone, unifi_net_list_firewall_policies, unifi_net_get_firewall_policy, unifi_net_create_firewall_policy, unifi_net_update_firewall_policy, unifi_net_patch_firewall_policy, unifi_net_delete_firewall_policy, unifi_net_get_firewall_policy_ordering, unifi_net_reorder_firewall_policies
  • ACL rules (7): unifi_net_list_acl_rules, unifi_net_get_acl_rule, unifi_net_create_acl_rule, unifi_net_update_acl_rule, unifi_net_delete_acl_rule, unifi_net_get_acl_rule_ordering, unifi_net_reorder_acl_rules
  • DNS policies (5): unifi_net_list_dns_policies, unifi_net_get_dns_policy, unifi_net_create_dns_policy, unifi_net_update_dns_policy, unifi_net_delete_dns_policy
  • Traffic matching lists (5): unifi_net_list_traffic_lists, unifi_net_get_traffic_list, unifi_net_create_traffic_list, unifi_net_update_traffic_list, unifi_net_delete_traffic_list
  • Hotspot vouchers (5): unifi_net_list_vouchers, unifi_net_get_voucher, unifi_net_create_vouchers, unifi_net_delete_voucher, unifi_net_delete_vouchers
  • Switching (6): unifi_net_list_switch_stacks, unifi_net_get_switch_stack, unifi_net_list_mclag_domains, unifi_net_get_mclag_domain, unifi_net_list_lags, unifi_net_get_lag
  • Supporting (8): unifi_net_list_wans, unifi_net_list_site_to_site_vpn, unifi_net_list_vpn_servers, unifi_net_list_radius_profiles, unifi_net_list_device_tags, unifi_net_list_dpi_application_categories, unifi_net_list_dpi_applications, unifi_net_list_countries

Auto-generated tools (80)

Named unifi_gen_<docpage> (e.g. unifi_gen_createfirewallpolicy, unifi_gen_getinfo). One tool per documented UniFi API endpoint. siteId is auto-resolved from discovery — callers do not need to pass it. See src/tools/generated/ for the full inventory.

Escape hatch (1)

unifi_raw_request(method, path, body?, query?) — execute any HTTP method against api.ui.com{path}. Auth, retry, error parsing, and pagination hints are handled automatically. Useful when no dedicated tool exists.

Resources

  • unifi://identity — resolved consoleId + both siteIds + console metadata
  • unifi://hosts — account hosts list
  • unifi://hosts/{id} — single host detail

Prompts

  • unifi-audit-firewall — walks firewall zones and policies, flags weak rules, suggests hardening
  • unifi-network-health — WAN status, online/offline device counts, top clients by activity
  • unifi-adoption-status — pending adoptions report with adopt/reject recommendation

Write safety

By default, destructive tools execute directly. Set UNIFI_CONFIRM_WRITES=true to require an explicit confirm: "YES" argument; otherwise destructive calls return a redacted preview:

{
  "data": {
    "preview": {
      "tool": "unifi_net_create_vouchers",
      "method": "POST",
      "url": "/v1/connector/consoles/.../proxy/network/integration/v1/sites/.../hotspot/vouchers",
      "body": { "count": 1, "name": "demo" }
    },
    "hint": "UNIFI_CONFIRM_WRITES=true is set. Re-run with confirm: \"YES\" to apply this change."
  }
}

Examples

Prompts you can paste into Claude after installing the server:

  • "Show me all my UniFi networks and their VLAN IDs."
  • "Which of my UniFi devices are offline right now?"
  • "Audit my firewall posture — group rules by zone and flag any allow-any-any."
  • "Reboot the access point named AP-Office-1."
  • "Block the client with MAC aa:bb:cc:dd:ee:ff until I unblock it."

Destructive examples respect UNIFI_CONFIRM_WRITES — when set, the model will first ask for confirmation before applying.

Limitations

  • Cloud-only. All requests go through the UniFi cloud endpoint (api.ui.com) via the Site Manager API and the Network Cloud Connector proxy. There is no direct-to-controller / local-network mode.
  • Single account, owned consoles. Discovery resolves consoles your API key owns. Multi-console and multi-site accounts must pin IDs via the UNIFI_*_ID variables (see Troubleshooting).
  • Auto-generated tools track the published docs. The 80 unifi_gen_* tools are generated from UniFi's documented endpoints; their input schemas are only as accurate as the upstream documentation. Use unifi_raw_request if an endpoint behaves differently than its schema suggests.
  • Network API requires recent firmware. The Network API is only available on consoles running firmware ≥ 5.0.3.
  • No event streaming / websockets. Tools are request/response only; there is no live event subscription.

Troubleshooting

"Discovery: multiple consoles match …" Your Site Manager account has more than one UniFi console. Set UNIFI_CONSOLE_ID=<id> from one of the listed IDs. The same pattern applies to multi-Network-site (UNIFI_NETWORK_SITE_ID) and multi-Site-Manager-site (UNIFI_SITE_MANAGER_SITE_ID) cases.

401 Unauthorized The API key is missing the Network scope or has been revoked. Re-generate the key at unifi.ui.com with both Site Manager and UniFi Applications → Network scopes enabled. Rotate any key that has ever been exposed in a chat or commit.

Tools not showing in Claude Desktop Restart Claude Desktop after editing claude_desktop_config.json — config changes are only picked up on startup. The MCP log is at ~/Library/Logs/Claude/mcp-server-unifi.log (macOS) — check it for startup errors or discovery failures.

Development

npm run dev                  # tsx watch
npm test                     # unit tests
npm run test:integration     # live read-only smoke (needs UNIFI_API_KEY)
npm run codegen              # regenerate src/tools/generated/ from UniFi docs
npm run inspector            # MCP Inspector
npm run build:mcpb           # build MCPB bundle artifact
npm run lint                 # ESLint
npm run typecheck            # tsc --noEmit

See CONTRIBUTING.md for the full workflow.

Architecture

Three-layer tool design. Hand-wrappers (unifi_sm_*, unifi_net_*) provide ergonomic, well-documented entry points for common operations with auto-resolved IDs and named arguments. The 80 auto-generated tools (unifi_gen_*) guarantee complete coverage of every documented endpoint, with input schemas derived from the upstream UniFi docs. unifi_raw_request is the escape hatch for anything not covered by the first two layers.

Lazy ID discovery. On first use, the server calls GET /v1/hosts to find the owned console, then GET /v1/sites (Network and Site Manager) to discover both siteIds. Results are cached for the process lifetime. Concurrent callers share a single in-flight request via stored promises. All three IDs can be pinned via environment variables for multi-console / multi-site accounts.

Codegen pipeline. A separate build step (npm run codegen) fetches each documented endpoint page from developer.ui.com using the RSC: 1 header, runs a balanced-brace parser to extract the "endpoint":{...} block, converts the OpenAPI-style schema into a Zod expression, and emits one .ts file per endpoint. The output lives in src/tools/generated/ and is committed to git so production builds work offline.

Security

  • API key is read from UNIFI_API_KEY environment variable only. Never hardcoded.
  • .env is gitignored.
  • The stderr logger redacts five known secret patterns (UNIFI_API_KEY=…, X-API-Key, Authorization, apiKey, api_key).
  • Set UNIFI_CONFIRM_WRITES=true for an extra confirmation step on destructive operations.

To report a vulnerability, please use GitHub Security Advisories — do not open a public issue. See SECURITY.md.

Contributing

See CONTRIBUTING.md.

License

MIT — see LICENSE.