unifi-network-mcp 0.3.1__tar.gz → 0.3.3__tar.gz

{unifi_network_mcp-0.3.1 → unifi_network_mcp-0.3.3}/.gitignore

@@ -3,6 +3,7 @@
 
 # Python
 __pycache__/
+src/_version.py
 *.py[cod]
 *$py.class
 *.so

{unifi_network_mcp-0.3.1 → unifi_network_mcp-0.3.3}/PKG-INFO

@@ -1,11 +1,11 @@
 Metadata-Version: 2.4
 Name: unifi-network-mcp
-Version: 0.3.1
+Version: 0.3.3
 Summary: Unifi Network MCP Server
 License-File: LICENSE
 Requires-Python: >=3.13
 Requires-Dist: aiohttp>=3.8.5
-Requires-Dist: aiounifi>=87.0.0
+Requires-Dist: aiounifi>=88
 Requires-Dist: jsonschema>=4.17.0
 Requires-Dist: mcp[cli]>=1.21.2
 Requires-Dist: omegaconf>=2.3.0

{unifi_network_mcp-0.3.1 → unifi_network_mcp-0.3.3}/pyproject.toml

@@ -1,13 +1,13 @@
 [project]
 name = "unifi-network-mcp"
-version = "0.3.1"
+dynamic = ["version"]
 description = "Unifi Network MCP Server"
 readme = "README.md"
 requires-python = ">=3.13"
 dependencies = [
     "mcp[cli]>=1.21.2",
     "aiohttp>=3.8.5",
-    "aiounifi>=87.0.0",
+    "aiounifi>=88",
     "pyyaml>=6.0",
     "python-dotenv>=1.0.0",
     "omegaconf>=2.3.0",
@@ -16,9 +16,15 @@ dependencies = [
 ]
 
 [build-system]
-requires = ["hatchling"]
+requires = ["hatchling", "hatch-vcs"]
 build-backend = "hatchling.build"
 
+[tool.hatch.version]
+source = "vcs"
+
+[tool.hatch.build.hooks.vcs]
+version-file = "src/_version.py"
+
 [tool.hatch.build.targets.wheel]
 packages = ["src"]
 
@@ -44,6 +50,7 @@ dev = [
     "pytest-asyncio>=0.21.0",
     "aioresponses>=0.7.0",
     "pytest-cov>=4.0.0",
+    "ruff>=0.8.0",
 ]
 
 [tool.rye]
@@ -53,6 +60,7 @@ dev-dependencies = [
     "pytest-asyncio>=0.21.0",
     "aioresponses>=0.7.0",
     "pytest-cov>=4.0.0",
+    "ruff>=0.8.0",
 ]
 
 [project.scripts]
@@ -61,6 +69,7 @@ unifi-network-mcp = "src.main:main"
 
 [tool.ruff]
 line-length = 120
+exclude = ["src/_version.py"]  # Auto-generated by hatch-vcs
 
 [tool.ruff.lint]
 select = ["E", "F", "I"]

unifi_network_mcp-0.3.3/src/_version.py

@@ -0,0 +1,34 @@
+# file generated by setuptools-scm
+# don't change, don't track in version control
+
+__all__ = [
+    "__version__",
+    "__version_tuple__",
+    "version",
+    "version_tuple",
+    "__commit_id__",
+    "commit_id",
+]
+
+TYPE_CHECKING = False
+if TYPE_CHECKING:
+    from typing import Tuple
+    from typing import Union
+
+    VERSION_TUPLE = Tuple[Union[int, str], ...]
+    COMMIT_ID = Union[str, None]
+else:
+    VERSION_TUPLE = object
+    COMMIT_ID = object
+
+version: str
+__version__: str
+__version_tuple__: VERSION_TUPLE
+version_tuple: VERSION_TUPLE
+commit_id: COMMIT_ID
+__commit_id__: COMMIT_ID
+
+__version__ = version = '0.3.3'
+__version_tuple__ = version_tuple = (0, 3, 3)
+
+__commit_id__ = commit_id = None

{unifi_network_mcp-0.3.1 → unifi_network_mcp-0.3.3}/src/managers/connection_manager.py

@@ -13,11 +13,68 @@ from aiounifi.models.configuration import Configuration
 logger = logging.getLogger("unifi-network-mcp")
 
 
+async def detect_unifi_os_pre_login(
+    session: aiohttp.ClientSession,
+    base_url: str,
+    timeout: int = 5,
+) -> Optional[bool]:
+    """
+    Detect UniFi OS BEFORE authentication using unauthenticated probes.
+
+    This detection determines which auth endpoint to use:
+    - UniFi OS: /api/auth/login
+    - Standalone: /api/login
+
+    Strategy:
+    1. GET base URL - UniFi OS returns 200 with HTML, standalone redirects or errors
+    2. Check for UniFi OS specific headers/behavior
+
+    Args:
+        session: Active aiohttp.ClientSession
+        base_url: Base URL of controller (e.g., 'https://192.168.1.1:443')
+        timeout: Detection timeout in seconds (default: 5)
+
+    Returns:
+        True: UniFi OS detected (use /api/auth/login)
+        False: Standalone controller (use /api/login)
+        None: Detection inconclusive
+    """
+    client_timeout = aiohttp.ClientTimeout(total=timeout)
+
+    try:
+        # Probe 1: GET base URL without following redirects
+        # UniFi OS typically returns 200 OK with the web UI
+        # Standalone controllers often redirect to /manage or return different status
+        async with session.get(base_url, timeout=client_timeout, ssl=False, allow_redirects=False) as response:
+            logger.debug(f"Pre-login probe {base_url}: status={response.status}")
+
+            if response.status == 200:
+                # UniFi OS returns 200 at base URL
+                logger.debug("Pre-login detection: UniFi OS (200 at base URL)")
+                return True
+            elif response.status in (301, 302, 303, 307, 308):
+                # Redirect typically indicates standalone controller
+                location = response.headers.get("Location", "")
+                logger.debug(f"Pre-login detection: redirect to {location}")
+                # Could be standalone redirecting to /manage
+                return False
+
+    except asyncio.TimeoutError:
+        logger.debug("Pre-login detection: timeout")
+    except aiohttp.ClientError as e:
+        logger.debug(f"Pre-login detection failed: {e}")
+    except Exception as e:
+        logger.debug(f"Pre-login detection unexpected error: {e}")
+
+    return None
+
+
 async def detect_with_retry(
     session: aiohttp.ClientSession,
     base_url: str,
     max_retries: int = 3,
     timeout: int = 5,
+    pre_login: bool = False,
 ) -> Optional[bool]:
     """
     Detect UniFi OS with exponential backoff retry.
@@ -27,6 +84,8 @@ async def detect_with_retry(
         base_url: Base URL of controller
         max_retries: Maximum retry attempts (default: 3)
         timeout: Detection timeout per attempt in seconds (default: 5)
+        pre_login: If True, use unauthenticated detection for auth endpoint selection.
+                   If False, use authenticated detection for API path verification.
 
     Returns:
         True: UniFi OS detected
@@ -39,9 +98,11 @@ async def detect_with_retry(
         - Logs retry attempts at debug level
         - Returns None if all attempts fail
     """
+    detect_func = detect_unifi_os_pre_login if pre_login else detect_unifi_os_proactively
+
     for attempt in range(max_retries):
         try:
-            result = await detect_unifi_os_proactively(session, base_url, timeout)
+            result = await detect_func(session, base_url, timeout)
             if result is not None:
                 return result
         except Exception as e:
@@ -55,22 +116,6 @@ async def detect_with_retry(
     return None
 
 
-def _generate_detection_failure_message(base_url: str, port: int) -> str:
-    """Generate user-friendly troubleshooting message for detection failures."""
-    return f"""
-UniFi controller path detection failed.
-
-Troubleshooting Steps:
-1. Verify network connectivity to {base_url}
-2. Check controller is accessible on port {port}
-3. Manually set controller type using environment variable:
-   - For UniFi OS (Cloud Gateway, UDM-Pro): export UNIFI_CONTROLLER_TYPE=proxy
-   - For standalone controllers: export UNIFI_CONTROLLER_TYPE=direct
-
-For more help, see: https://github.com/sirkirby/unifi-network-mcp/issues/19
-"""
-
-
 async def _probe_endpoint(
     session: aiohttp.ClientSession,
     url: str,
@@ -233,7 +278,11 @@ class ConnectionManager:
                     )
                     session_created = True
 
-                    # Manual override configuration (FR-004: runs before login, no auth needed)
+                    # Controller type detection/override configuration
+                    # Two-phase detection:
+                    # 1. Pre-login: Determines auth endpoint (/api/auth/login vs /api/login)
+                    # 2. Post-login: Verifies API path prefix (/proxy/network/api vs /api)
+                    # See: https://github.com/sirkirby/unifi-network-mcp/issues/33
                     from src.bootstrap import UNIFI_CONTROLLER_TYPE
 
                     if UNIFI_CONTROLLER_TYPE == "proxy":
@@ -242,6 +291,30 @@ class ConnectionManager:
                     elif UNIFI_CONTROLLER_TYPE == "direct":
                         self._unifi_os_override = False
                         logger.info("Controller type forced to standard (direct) via config")
+                    elif UNIFI_CONTROLLER_TYPE == "auto":
+                        # Phase 1: Pre-login detection (unauthenticated)
+                        # Determines which auth endpoint to use
+                        if self._unifi_os_override is None:
+                            detected = await detect_with_retry(
+                                self._aiohttp_session,
+                                self.url_base,
+                                max_retries=3,
+                                timeout=5,
+                                pre_login=True,  # Use unauthenticated detection
+                            )
+                            if detected is not None:
+                                self._unifi_os_override = detected
+                                mode = "UniFi OS (proxy)" if detected else "standard (direct)"
+                                logger.info(f"Pre-login auto-detected controller type: {mode}")
+                            else:
+                                # Pre-login detection inconclusive - aiounifi will try its own detection
+                                # Show helpful message for troubleshooting
+                                logger.warning(
+                                    "Pre-login detection inconclusive, deferring to aiounifi. "
+                                    "If login fails, try setting UNIFI_CONTROLLER_TYPE=proxy for UniFi OS devices."
+                                )
+                        else:
+                            logger.debug(f"Using cached detection result: {self._unifi_os_override}")
 
                     config = Configuration(
                         session=self._aiohttp_session,
@@ -254,30 +327,34 @@ class ConnectionManager:
 
                     self.controller = Controller(config=config)
 
+                    # Apply pre-login detection result BEFORE login to ensure correct auth endpoint
+                    # aiounifi uses /api/auth/login for UniFi OS, /api/login for standalone
+                    if self._unifi_os_override is not None:
+                        self.controller.connectivity.is_unifi_os = self._unifi_os_override
+                        logger.debug(f"Pre-login is_unifi_os set to: {self._unifi_os_override}")
+
                     await self.controller.login()
 
-                    # Auto-detection (FR-002: runs after login for authenticated probes)
-                    if UNIFI_CONTROLLER_TYPE == "auto":
-                        # Check if already detected (session cache - FR-011)
-                        if self._unifi_os_override is None:
-                            # Proactive detection with retry (FR-001, FR-005, FR-008)
-                            detected = await detect_with_retry(
-                                self._aiohttp_session,
-                                self.url_base,
-                                max_retries=3,
-                                timeout=5,
+                    # Phase 2: Post-login verification (authenticated)
+                    # Verify API path prefix works correctly after successful login
+                    if UNIFI_CONTROLLER_TYPE == "auto" and self._unifi_os_override is not None:
+                        post_login_detected = await detect_with_retry(
+                            self._aiohttp_session,
+                            self.url_base,
+                            max_retries=2,
+                            timeout=5,
+                            pre_login=False,  # Use authenticated detection
+                        )
+                        if post_login_detected is not None and post_login_detected != self._unifi_os_override:
+                            # Post-login detection differs - update override
+                            logger.warning(
+                                f"Post-login detection differs from pre-login: "
+                                f"pre={self._unifi_os_override}, post={post_login_detected}. "
+                                f"Using post-login result."
                             )
-                            if detected is not None:
-                                self._unifi_os_override = detected
-                                mode = "UniFi OS (proxy)" if detected else "standard (direct)"
-                                logger.info(f"Auto-detected controller type: {mode}")
-                            else:
-                                # Show clear error message (FR-009)
-                                error_msg = _generate_detection_failure_message(self.url_base, self.port)
-                                logger.warning(error_msg)
-                                logger.warning("Falling back to aiounifi's check_unifi_os()")
-                        else:
-                            logger.debug(f"Using cached detection result: {self._unifi_os_override}")
+                            self._unifi_os_override = post_login_detected
+                        elif post_login_detected is not None:
+                            logger.debug("Post-login detection confirmed pre-login result")
 
                     self._initialized = True
                     logger.info(f"Successfully connected to Unifi controller at {self.host} for site '{self.site}'")

{unifi_network_mcp-0.3.1 → unifi_network_mcp-0.3.3}/src/tools/network.py

@@ -170,7 +170,7 @@ async def get_network_details(network_id: str) -> Dict[str, Any]:
 
 @server.tool(
     name="unifi_update_network",
-    description="Update specific fields of an existing network (LAN/VLAN). Requires confirmation.",
+    description="Update specific fields of an existing network (LAN/VLAN). Requires confirmation. Note: Network isolation is only supported on 'corporate' networks, not 'guest' networks.",
     permission_category="networks",
     permission_action="update",
 )
@@ -193,9 +193,15 @@ async def update_network(network_id: str, update_data: Dict[str, Any], confirm:
             - dhcp_start (string): New DHCP start IP.
             - dhcp_stop (string): New DHCP stop IP.
             - enabled (boolean): Enable/disable the entire network.
+            - network_isolation_enabled (boolean): Enable network isolation (IMPORTANT: Only works on networks with purpose="corporate").
             # Add other relevant fields from NetworkSchema here if needed
         confirm (bool): Must be set to `True` to execute. Defaults to `False`.
 
+    Important Constraints:
+        - Network isolation (network_isolation_enabled) is ONLY supported on networks with purpose="corporate".
+        - Attempting to enable isolation on "guest" or other network types will fail with an API error.
+        - To isolate a guest network: (1) Change its purpose from "guest" to "corporate", then (2) enable network_isolation_enabled.
+
     Returns:
         Dict: Success status, ID, updated fields, details, or error message.
         Example (success):
@@ -317,6 +323,11 @@ async def create_network(network_data: Dict[str, Any], confirm: bool = False) ->
     - vlan (integer): VLAN ID (required if vlan_enabled is true)
     - dhcp_enabled (boolean): Whether DHCP is enabled (default: true)
     - enabled (boolean): Whether the network is enabled (default: true)
+    - network_isolation_enabled (boolean): Enable network isolation (IMPORTANT: Only works on networks with purpose="corporate")
+
+    Important Constraints:
+    - Network isolation (network_isolation_enabled) is ONLY supported on networks with purpose="corporate".
+    - It cannot be enabled on "guest" networks.
 
     Example:
     {

{unifi_network_mcp-0.3.1 → unifi_network_mcp-0.3.3}/src/tools_manifest.json

@@ -1239,7 +1239,7 @@
       }
     },
     {
-      "description": "Update specific fields of an existing network (LAN/VLAN). Requires confirmation.",
+      "description": "Update specific fields of an existing network (LAN/VLAN). Requires confirmation. Note: Network isolation is only supported on 'corporate' networks, not 'guest' networks.",
       "name": "unifi_update_network",
       "schema": {
         "input": {

{unifi_network_mcp-0.3.1 → unifi_network_mcp-0.3.3}/src/utils/lazy_tool_loader.py

@@ -7,12 +7,63 @@ when first called by an LLM. This dramatically reduces initial context usage.
 import importlib
 import logging
 from functools import wraps
+from pathlib import Path
 from typing import Any, Callable, Dict, Set
 
 logger = logging.getLogger("unifi-network-mcp")
 
-# Tool module mapping: tool_name -> module_path
-TOOL_MODULE_MAP: Dict[str, str] = {
+
+def _build_tool_module_map() -> Dict[str, str]:
+    """Build tool-to-module mapping by scanning tool files.
+
+    This dynamically discovers all tools and their modules, eliminating the need
+    for a manually-maintained static mapping that can get out of sync.
+    """
+    tool_map: Dict[str, str] = {}
+
+    # Find the tools directory
+    # Try relative to this file first, then fall back to cwd
+    this_dir = Path(__file__).parent
+    tools_dir = this_dir.parent / "tools"
+
+    if not tools_dir.exists():
+        tools_dir = Path("src/tools")
+
+    if not tools_dir.exists():
+        logger.warning("Tools directory not found, falling back to static map")
+        return _STATIC_TOOL_MODULE_MAP
+
+    # Scan each .py file in tools directory
+    for tool_file in tools_dir.glob("*.py"):
+        if tool_file.name.startswith("_"):
+            continue
+
+        module_name = f"src.tools.{tool_file.stem}"
+
+        try:
+            # Read file and look for @server.tool or @permissioned_tool decorators
+            content = tool_file.read_text()
+
+            # Find tool names using simple pattern matching
+            # Looking for: name="unifi_xxx" or name='unifi_xxx'
+            import re
+
+            pattern = r'name\s*=\s*["\']([unifi_][a-z_]+)["\']'
+            matches = re.findall(pattern, content)
+
+            for tool_name in matches:
+                if tool_name.startswith("unifi_"):
+                    tool_map[tool_name] = module_name
+
+        except Exception as e:
+            logger.debug(f"Error scanning {tool_file}: {e}")
+
+    logger.debug(f"Built dynamic tool map with {len(tool_map)} tools")
+    return tool_map
+
+
+# Static fallback map (used if dynamic discovery fails)
+_STATIC_TOOL_MODULE_MAP: Dict[str, str] = {
     # Client tools
     "unifi_list_clients": "src.tools.clients",
     "unifi_get_client_details": "src.tools.clients",
@@ -61,15 +112,21 @@ TOOL_MODULE_MAP: Dict[str, str] = {
     "unifi_update_vpn_client_state": "src.tools.vpn",
     # QoS tools
     "unifi_list_qos_rules": "src.tools.qos",
+    "unifi_get_qos_rule_details": "src.tools.qos",
     "unifi_create_qos_rule": "src.tools.qos",
+    "unifi_create_simple_qos_rule": "src.tools.qos",
     "unifi_update_qos_rule": "src.tools.qos",
     "unifi_delete_qos_rule": "src.tools.qos",
+    "unifi_toggle_qos_rule_enabled": "src.tools.qos",
     # Statistics tools
     "unifi_get_client_stats": "src.tools.stats",
     "unifi_get_device_stats": "src.tools.stats",
     "unifi_get_network_stats": "src.tools.stats",
     "unifi_get_wireless_stats": "src.tools.stats",
     "unifi_get_system_stats": "src.tools.stats",
+    "unifi_get_top_clients": "src.tools.stats",
+    "unifi_get_dpi_stats": "src.tools.stats",
+    "unifi_get_alerts": "src.tools.stats",
     # System tools
     "unifi_get_system_info": "src.tools.system",
     "unifi_get_network_health": "src.tools.system",
@@ -101,8 +158,35 @@ TOOL_MODULE_MAP: Dict[str, str] = {
     "unifi_get_traffic_route_details": "src.tools.traffic_routes",
     "unifi_update_traffic_route": "src.tools.traffic_routes",
     "unifi_toggle_traffic_route": "src.tools.traffic_routes",
+    # Port Forward tools
+    "unifi_list_port_forwards": "src.tools.port_forwards",
+    "unifi_get_port_forward": "src.tools.port_forwards",
+    "unifi_create_port_forward": "src.tools.port_forwards",
+    "unifi_create_simple_port_forward": "src.tools.port_forwards",
+    "unifi_update_port_forward": "src.tools.port_forwards",
+    "unifi_toggle_port_forward": "src.tools.port_forwards",
+    # Firewall Policy tools (zone-based)
+    "unifi_list_firewall_policies": "src.tools.firewall",
+    "unifi_list_firewall_zones": "src.tools.firewall",
+    "unifi_list_ip_groups": "src.tools.firewall",
+    "unifi_get_firewall_policy_details": "src.tools.firewall",
+    "unifi_create_firewall_policy": "src.tools.firewall",
+    "unifi_create_simple_firewall_policy": "src.tools.firewall",
+    "unifi_update_firewall_policy": "src.tools.firewall",
+    "unifi_toggle_firewall_policy": "src.tools.firewall",
+    # WLAN tools
+    "unifi_list_wlans": "src.tools.network",
+    "unifi_get_wlan_details": "src.tools.network",
+    "unifi_create_wlan": "src.tools.network",
+    "unifi_update_wlan": "src.tools.network",
+    # Device tools (additional)
+    "unifi_rename_device": "src.tools.devices",
 }
 
+# Build the tool map dynamically at module load time
+# Falls back to static map if dynamic discovery fails
+TOOL_MODULE_MAP: Dict[str, str] = _build_tool_module_map()
+
 
 class LazyToolLoader:
     """Manages lazy/on-demand tool loading."""