A Model Context Protocol (MCP) server for comprehensive UniFi infrastructure monitoring and management. This server enables natural language interactions with your UniFi network using AI agents like Claude by integrating with both local UniFi controllers and the cloud-based Site Manager API.
✨ Features Agent-to-Agent (A2A) Protocol for intelligent, multi-step network operations with built-in safety checks and guided workflows.
- Local Controller Integration - Direct access to your UniFi controller via Integration API
- Cloud Site Manager - Monitor infrastructure via UniFi Site Manager API
- Smart Fallback - Automatically discovers correct site IDs and switches between APIs
- Real-time device health and status monitoring
- Client activity tracking and bandwidth analysis
- Network performance insights and uptime statistics
- Comprehensive system health overview with issue detection
- Network Controller - Complete network management
- UniFi Protect - Camera and security system integration
- UniFi Access - Door and access control management
- UniFi Talk - VoIP system monitoring
- Additional Apps - Connect, Innerspace, and more
- Natural language queries for complex network operations
- Intelligent device discovery and management
- Automated troubleshooting and diagnostics
- Smart status reporting and alerting
Built-in A2A protocol enables AI agents to understand and execute complex UniFi operations through structured prompt playbooks and a comprehensive Agent Card:
Agent Card: agent-card.json - Full A2A protocol specification including:
- 9 specialized skills (system health, device management, client monitoring, etc.)
- 30+ MCP tools mapped to agent capabilities
- 15+ resource URIs for data access
- Safety requirements and confirmation workflows
- Multi-API authentication support (local + cloud)
- Integration examples and usage patterns
Available A2A Skills:
- System Health Monitoring - Controller health checks, comprehensive status, diagnostics
- Device Management - Monitor network devices, locate with LED flash, track uptime
- Client Monitoring - Track bandwidth, connection status, device activity
- Client Blocking - Safely block/unblock/disconnect clients with confirmation
- WLAN Management - Enable/disable wireless networks with automatic API fallback
- Protect Camera Management - Control cameras, LEDs, privacy mode, reboots
- Access Door Control - Unlock doors with timed duration
- Multi-Site Host Discovery - List hosts across local and cloud with auto-discovery
- API Troubleshooting - Debug connectivity, discover sites, validate config
A2A Prompt Playbooks:
how_to_check_unifi_health- Check controller health and connectivityhow_to_check_system_status- Get comprehensive system health overviewhow_to_monitor_devices- Monitor device health and identify issueshow_to_check_network_activity- Check client activity and bandwidth usagehow_to_find_device- Search devices and flash LEDs for identificationhow_to_block_client- Safely block/unblock network clientshow_to_toggle_wlan- Enable/disable wireless networkshow_to_list_hosts- List all hosts across local and cloud APIshow_to_debug_api_issues- Debug API connectivity problems
These prompts guide AI agents through multi-step workflows, ensuring safe and correct execution of network operations. Each prompt includes:
- Clear step-by-step instructions
- Required tool calls and resource queries
- Safety checks and user confirmations
- Fallback strategies for error handling
For agent-to-agent communication, agents can:
- Read the
agent-card.jsonto discover capabilities - Use prompt playbooks to understand workflows
- Execute tools with proper safety confirmations
- Access resources via standardized URIs
- Handle multi-API fallback automatically
- Python 3.10 or higher
uvpackage manager- UniFi controller (Dream Machine, Cloud Key, etc.) OR UniFi Site Manager account
- API access configured (local API key and/or Site Manager API key)
- Access your UniFi controller web interface
- Go to Settings > Admins > Add Admin (or create API key in newer versions)
- Note your controller IP address and port (typically 443)
- Go to UniFi Site Manager
- Navigate to API section from the left navigation bar
- Click "Create API Key"
- Copy the generated key (it will only be displayed once)
git clone https://github.com/ry-ops/unifi-mcp-server.git
cd unifi-mcp-server
uv venv
source .venv/bin/activate # On Unix/macOS
# or
.venv\Scripts\activate # On Windows
uv syncCreate a secrets.env file in the project root:
# Local Controller Configuration
UNIFI_API_KEY=your_local_controller_api_key_here
UNIFI_GATEWAY_HOST=10.88.140.144
UNIFI_GATEWAY_PORT=443
UNIFI_VERIFY_TLS=false
# Legacy API (optional, for WLANs and advanced config)
UNIFI_USERNAME=your_unifi_username
UNIFI_PASSWORD=your_unifi_password
# Cloud Site Manager Configuration
UNIFI_SITEMGR_BASE=https://api.ui.com
UNIFI_SITEMGR_TOKEN=your_site_manager_api_key_here
# Optional Settings
UNIFI_TIMEOUT_S=15uv run mcp dev main.pyThe MCP Inspector will be available at http://localhost:5173 for testing and debugging.
uv run main.pyVerify your configuration with these commands:
# Test all API connectivity
uv run python -c "
from main import debug_api_connectivity, working_list_hosts_example, get_system_status
print('=== API Connectivity Test ===')
print(debug_api_connectivity())
print('\n=== Working Host List Example ===')
print(working_list_hosts_example())
print('\n=== System Status ===')
print(get_system_status())
"Add to your claude_desktop_config.json:
{
"mcpServers": {
"unifi": {
"command": "uv",
"args": [
"--directory",
"/path/to/unifi-mcp-server",
"run",
"main.py"
]
}
}
}{
"mcpServers": {
"unifi": {
"command": "uv",
"args": [
"--directory",
"/path/to/unifi-mcp-server",
"run",
"main.py"
],
"env": {
"UNIFI_API_KEY": "your_local_api_key",
"UNIFI_SITEMGR_TOKEN": "your_cloud_api_key"
}
}
}
}status://system- Comprehensive system health overviewstatus://devices- Device health and uptime monitoringstatus://clients- Client activity and bandwidth analysishealth://unifi- Quick controller health check
sites://{site_id}/devices- List all network devicessites://{site_id}/clients- List all network clientssites://{site_id}/clients/active- Currently connected clients onlysites://{site_id}/wlans- Wireless network configuration
sites://{site_id}/search/clients/{query}- Search clients by name/MAC/IPsites://{site_id}/search/devices/{query}- Search devices by name/model/MAC
sitemanager://hosts- List all UniFi OS consolessitemanager://sites- List all network sitessitemanager://devices- List all devices across infrastructure
unifi://capabilities- System capability assessment
get_system_status()- Complete system health overviewget_device_health()- Device uptime and status analysisget_client_activity()- Network usage and bandwidth monitoringget_quick_status()- Fast health check
working_list_hosts_example()- Comprehensive host listing (cloud + local)list_hosts_api_format()- Cloud API host listinglist_hosts_fixed()- Local API with auto-discovered site IDsfind_device_by_mac(mac)- Locate device by MAC addressfind_host_everywhere(identifier)- Search across all sources
block_client(site_id, mac)- Block a network clientunblock_client(site_id, mac)- Unblock a network clientkick_client(site_id, mac)- Disconnect a clientlocate_device(site_id, device_id)- Flash device LEDs for identification
protect_camera_reboot(camera_id)- Reboot security cameraprotect_camera_led(camera_id, enabled)- Control camera LEDprotect_toggle_privacy(camera_id, enabled)- Toggle privacy mode
access_unlock_door(door_id, seconds)- Unlock access-controlled door
debug_api_connectivity()- Comprehensive API testingdiscover_sites()- Find valid site IDsdebug_registry()- Show all registered resources and toolsunifi_health()- Basic controller connectivity test
Once integrated with Claude Desktop, you can ask natural language questions like:
- "Tell me about my UniFi network"
- "Give me a comprehensive overview of my infrastructure"
- "What's the current health status of my network?"
- "Show me all offline devices"
- "Find devices with 'bedroom' in the name"
- "What's the uptime of my access points?"
- "Flash the LEDs on the living room access point"
- "Who's using the most bandwidth right now?"
- "Show me all wireless clients"
- "Block the device with MAC address XX:XX:XX:XX:XX:XX"
- "Unlock the front door for 10 seconds"
- "Reboot the camera in the hallway"
- "Turn on privacy mode for all cameras"
- "Why can't I see my devices?"
- "Test all my API connections"
- "What sites are available on my controller?"
The server intelligently manages multiple UniFi APIs:
- Integration API (Local) - Primary for real-time network operations
- Legacy API (Local) - Fallback for WLAN management and older features
- Site Manager API (Cloud) - Infrastructure overview and remote monitoring
- Protect API - Camera and security system integration
- Access API - Door and access control management
- Automatically discovers correct site IDs (no more "default" errors)
- Falls back between cloud and local APIs based on availability
- Handles authentication failures gracefully
- Provides detailed error messages for troubleshooting
- 5-minute caching for status data to reduce API load
- Pagination support for large device lists
- Efficient bulk operations for comprehensive reporting
Error: 'default' is not a valid 'siteId' value
Solution: Run discover_sites() tool to find correct site IDs. The server now handles this automatically.
Error: 401 Unauthorized or 2FA Required
Solutions:
- Verify API keys are correct and not expired
- For local controller: Check if 2FA is enabled (may require app-specific passwords)
- For cloud: Regenerate Site Manager API key
Error: Connection timeout or unreachable
Solutions:
- Verify controller IP address and port in
secrets.env - Check firewall rules and network connectivity
- Test with
debug_api_connectivity()tool
# Comprehensive API testing
python -c "from main import debug_api_connectivity; print(debug_api_connectivity())"
# Discover site IDs
python -c "from main import discover_sites; print(discover_sites())"
# Test working host listing
python -c "from main import working_list_hosts_example; print(working_list_hosts_example())"
# System health check
python -c "from main import get_system_status; print(get_system_status())"- Store credentials securely - Use
secrets.env(excluded from version control) - Use HTTPS - All API communications are encrypted
- Rotate API keys regularly - Especially for production environments
- Principle of least privilege - Create dedicated API users with minimal required permissions
- Monitor access logs - Review API usage in UniFi controller logs
This server fully implements the A2A protocol through a standardized Agent Card (agent-card.json) that enables AI agents to discover capabilities, understand workflows, and execute complex UniFi operations safely.
The Agent Card is located at the repository root: agent-card.json
AI agents can read the Agent Card to discover:
{
"name": "UniFi MCP Server",
"version": "0.1.1",
"capabilities": {
"streaming": false,
"tasks": true,
"resources": true,
"tools": true,
"prompts": true
},
"skills": [
{
"name": "system_health_monitoring",
"category": "monitoring",
"prompts": ["how_to_check_unifi_health", "how_to_check_system_status"],
"tools": ["unifi_health", "get_system_status", "get_quick_status"],
"resources": ["health://unifi", "status://system"]
}
// ... 8 more skills
]
}The server provides 9 specialized skills organized by category:
Monitoring Skills:
system_health_monitoring- Controller and infrastructure healthdevice_management- Network device monitoring and controlclient_monitoring- Client activity and bandwidth tracking
Control Skills:
client_blocking- Network access control (block/unblock/kick)wlan_management- Wireless network on/off controlprotect_camera_management- Camera control and privacyaccess_door_control- Physical access control
Diagnostic Skills:
multi_site_host_discovery- Cross-site device discoveryapi_troubleshooting- Configuration and connectivity debugging
Each A2A prompt playbook maps to specific skills and workflows:
| Prompt | Skills | Tools Used | Safety Level |
|---|---|---|---|
how_to_check_unifi_health |
system_health_monitoring | unifi_health, debug_api_connectivity | Read-only |
how_to_check_system_status |
system_health_monitoring | get_system_status, get_quick_status | Read-only |
how_to_monitor_devices |
device_management | get_device_health, locate_device | Safe (LED flash) |
how_to_check_network_activity |
client_monitoring | get_client_activity, list_active_clients | Read-only |
how_to_find_device |
device_management | locate_device, find_device_by_mac | Safe (LED flash) |
how_to_block_client |
client_blocking | block_client, unblock_client | Requires confirmation |
how_to_toggle_wlan |
wlan_management | wlan_set_enabled_legacy | Requires confirmation |
how_to_list_hosts |
multi_site_host_discovery | working_list_hosts_example, discover_sites | Read-only |
how_to_debug_api_issues |
api_troubleshooting | debug_api_connectivity, discover_sites | Read-only |
Example 1: Agent discovers and uses health monitoring
# Agent reads agent-card.json
agent_card = read_json("agent-card.json")
# Discovers system_health_monitoring skill
skill = agent_card["skills"][0] # system_health_monitoring
prompt_name = skill["prompts"][0] # how_to_check_unifi_health
# Executes prompt to get workflow
workflow = execute_prompt(prompt_name)
# Returns: "Call 'health://unifi' resource or 'unifi_health' tool"
# Executes recommended tool
result = execute_tool("unifi_health")Example 2: Agent safely blocks a client with confirmation
# Agent reads agent-card.json
skill = find_skill("client_blocking")
# Checks safety requirements
assert skill["safety"]["requires_confirmation"] == true
assert skill["safety"]["reversible"] == true
# Follows prompt playbook
workflow = execute_prompt("how_to_block_client")
# Returns: "List clients, match MAC, confirm with user, call block_client"
# Agent executes workflow:
# 1. List active clients
clients = read_resource("sites/{site_id}/clients/active")
# 2. Match client by MAC/hostname
target = match_client(clients, user_query)
# 3. Confirm with user (required by safety policy)
confirmed = confirm_with_user(f"Block {target['hostname']}?")
# 4. Execute if confirmed
if confirmed:
result = execute_tool("block_client", site_id, target["mac"])
# 5. Offer reversal
inform_user("Use 'unblock_client' to reverse this action")The Agent Card specifies safety requirements for each skill:
{
"skill": "client_blocking",
"safety": {
"requires_confirmation": true,
"reversible": true,
"description": "Always confirm client identity before blocking. Offer unblock_client as reversal option."
}
}Safety Levels:
- Read-only - No confirmation required (monitoring, discovery, health checks)
- Safe actions - Minor impact, no confirmation (LED flash, device locate)
- Reversible actions - Requires confirmation, can be undone (block client, toggle WLAN)
- Irreversible actions - Requires confirmation, auto-reverts (unlock door with timeout)
The Agent Card documents all authentication methods:
{
"authentication": {
"required": true,
"methods": [
{
"type": "api_key",
"name": "local_controller",
"env_vars": ["UNIFI_API_KEY", "UNIFI_GATEWAY_HOST", "UNIFI_GATEWAY_PORT"]
},
{
"type": "api_key",
"name": "site_manager",
"env_vars": ["UNIFI_SITEMGR_TOKEN", "UNIFI_SITEMGR_BASE"]
},
{
"type": "credentials",
"name": "legacy_api",
"env_vars": ["UNIFI_USERNAME", "UNIFI_PASSWORD"]
}
],
"fallback": "Server intelligently falls back between APIs based on availability"
}
}Agents can discover which authentication methods are available and required for different operations.
The Agent Card documents standardized resource URI patterns for discovery:
System Status:
status://system- Comprehensive system healthstatus://devices- Device health summarystatus://clients- Client activity summaryhealth://unifi- Quick controller health check
Site-based Resources:
sites://{site_id}/devices- List all devicessites://{site_id}/clients- List all clients (historical)sites://{site_id}/clients/active- Currently connected clients onlysites://{site_id}/wlans- Wireless network configuration
Search Resources:
sites://{site_id}/search/clients/{query}- Search clientssites://{site_id}/search/devices/{query}- Search devices
Cloud Resources:
sitemanager://hosts- List all UniFi OS consolessitemanager://sites- List all network sitessitemanager://devices- List devices across infrastructure
Workflow 1: Health Check and Report
1. Agent reads agent-card.json
2. Identifies "system_health_monitoring" skill
3. Executes prompt "how_to_check_system_status"
4. Calls tool "get_system_status"
5. Reads resources: status://system, status://devices, status://clients
6. Generates comprehensive report
Workflow 2: Find and Locate Device
1. Agent receives request: "Find the bedroom access point"
2. Reads agent-card.json, identifies "device_management" skill
3. Executes prompt "how_to_find_device"
4. Searches: sites/{site_id}/search/devices/bedroom
5. Confirms device with user
6. Calls tool "locate_device" to flash LEDs for 30s
Workflow 3: Multi-Site Discovery
1. Agent needs to list all infrastructure
2. Reads agent-card.json, identifies "multi_site_host_discovery" skill
3. Executes prompt "how_to_list_hosts"
4. Calls tool "working_list_hosts_example" (combines local + cloud)
5. Falls back to "discover_sites" if site IDs unknown
6. Returns unified host list across all sites
- Discoverability - Agents can introspect capabilities without documentation
- Safety - Structured confirmation workflows prevent accidents
- Consistency - Standardized skill definitions across all agents
- Composability - Skills can be combined for complex workflows
- Fallback handling - Multi-API support with automatic fallback
- Documentation - Agent Card serves as both spec and documentation
To integrate with this A2A-enabled UniFi server:
- Read the Agent Card: Parse
agent-card.jsonto discover all capabilities - Map user intents to skills: Match user requests to skill categories
- Follow prompt playbooks: Use prompts to understand multi-step workflows
- Respect safety requirements: Always confirm before executing operations marked
requires_confirmation: true - Handle authentication: Support multiple auth methods (local + cloud)
- Use resource URIs: Access data through standardized resource patterns
- Provide reversibility: Offer reversal options for reversible operations
- UniFi Dream Machine (UDM)
- UniFi Dream Machine Pro (UDM-Pro)
- UniFi Dream Machine SE (UDM-SE)
- UniFi Cloud Key Gen2/Gen2 Plus
- UniFi Network Application (self-hosted)
- Network - All UniFi networking equipment
- Protect - Security cameras and NVRs
- Access - Door controllers and readers
- Talk - VoIP phones and controllers
- Connect - SD-WAN and remote connectivity
- 2FA Handling - Legacy API requires manual 2FA bypass or app passwords
- Bulk Operations - Some operations limited by UniFi API rate limits
- Real-time Events - No WebSocket support (polling-based monitoring)
- WebSocket support for real-time events
- Enhanced Protect integration (video streams, motion detection)
- Advanced analytics and reporting
- Automated network optimization suggestions
- Fork the repository
- Create a feature branch
- Test with multiple UniFi configurations
- Update documentation for new features
- Submit pull request
- Test with both local and cloud APIs
- Verify functionality across different UniFi hardware
- Include error handling and edge cases
- Update example usage for new features
MIT License - see LICENSE file for details.
- Issues: GitHub Issues for bug reports and feature requests
- Documentation: Check the troubleshooting section first
- Community: UniFi community forums for general UniFi questions
Note: This server provides comprehensive UniFi infrastructure management through AI-powered natural language interactions. It's designed for both home labs and enterprise environments with robust error handling and multi-API support.