unifi-network-mcp 0.3.2__py3-none-any.whl → 0.4.0__py3-none-any.whl

src/_version.py

@@ -0,0 +1,34 @@
+# file generated by setuptools-scm
+# don't change, don't track in version control
+
+__all__ = [
+    "__version__",
+    "__version_tuple__",
+    "version",
+    "version_tuple",
+    "__commit_id__",
+    "commit_id",
+]
+
+TYPE_CHECKING = False
+if TYPE_CHECKING:
+    from typing import Tuple
+    from typing import Union
+
+    VERSION_TUPLE = Tuple[Union[int, str], ...]
+    COMMIT_ID = Union[str, None]
+else:
+    VERSION_TUPLE = object
+    COMMIT_ID = object
+
+version: str
+__version__: str
+__version_tuple__: VERSION_TUPLE
+version_tuple: VERSION_TUPLE
+commit_id: COMMIT_ID
+__commit_id__: COMMIT_ID
+
+__version__ = version = '0.4.0'
+__version_tuple__ = version_tuple = (0, 4, 0)
+
+__commit_id__ = commit_id = None

src/runtime.py

@@ -14,10 +14,12 @@ Lazy factories (`get_*`) are provided so unit tests can substitute fakes by
 monkey‑patching before the first call.
 """
 
+import os
 from functools import lru_cache
 from typing import Any
 
 from mcp.server.fastmcp import FastMCP
+from mcp.server.transport_security import TransportSecuritySettings
 
 from src.bootstrap import load_config, logger
 from src.managers.client_manager import ClientManager
@@ -50,7 +52,21 @@ def get_config():
 @lru_cache
 def get_server() -> FastMCP:
     """Create the FastMCP server instance exactly once."""
-    return FastMCP(name="unifi-network-mcp", debug=True)
+    # Parse allowed hosts from environment variable for reverse proxy support
+    # Default to localhost only for backwards compatibility
+    allowed_hosts_str = os.getenv("UNIFI_MCP_ALLOWED_HOSTS", "localhost,127.0.0.1")
+    allowed_hosts = [h.strip() for h in allowed_hosts_str.split(",") if h.strip()]
+
+    # Configure transport security settings
+    transport_security = TransportSecuritySettings(allowed_hosts=allowed_hosts)
+
+    logger.debug(f"Configuring FastMCP with allowed_hosts: {allowed_hosts}")
+
+    return FastMCP(
+        name="unifi-network-mcp",
+        debug=True,
+        transport_security=transport_security,
+    )
 
 
 # ---------------------------------------------------------------------------

src/tools/network.py

@@ -170,7 +170,7 @@ async def get_network_details(network_id: str) -> Dict[str, Any]:
 
 @server.tool(
     name="unifi_update_network",
-    description="Update specific fields of an existing network (LAN/VLAN). Requires confirmation.",
+    description="Update specific fields of an existing network (LAN/VLAN). Requires confirmation. Note: Network isolation is only supported on 'corporate' networks, not 'guest' networks.",
     permission_category="networks",
     permission_action="update",
 )
@@ -193,9 +193,15 @@ async def update_network(network_id: str, update_data: Dict[str, Any], confirm:
             - dhcp_start (string): New DHCP start IP.
             - dhcp_stop (string): New DHCP stop IP.
             - enabled (boolean): Enable/disable the entire network.
+            - network_isolation_enabled (boolean): Enable network isolation (IMPORTANT: Only works on networks with purpose="corporate").
             # Add other relevant fields from NetworkSchema here if needed
         confirm (bool): Must be set to `True` to execute. Defaults to `False`.
 
+    Important Constraints:
+        - Network isolation (network_isolation_enabled) is ONLY supported on networks with purpose="corporate".
+        - Attempting to enable isolation on "guest" or other network types will fail with an API error.
+        - To isolate a guest network: (1) Change its purpose from "guest" to "corporate", then (2) enable network_isolation_enabled.
+
     Returns:
         Dict: Success status, ID, updated fields, details, or error message.
         Example (success):
@@ -317,6 +323,11 @@ async def create_network(network_data: Dict[str, Any], confirm: bool = False) ->
     - vlan (integer): VLAN ID (required if vlan_enabled is true)
     - dhcp_enabled (boolean): Whether DHCP is enabled (default: true)
     - enabled (boolean): Whether the network is enabled (default: true)
+    - network_isolation_enabled (boolean): Enable network isolation (IMPORTANT: Only works on networks with purpose="corporate")
+
+    Important Constraints:
+    - Network isolation (network_isolation_enabled) is ONLY supported on networks with purpose="corporate".
+    - It cannot be enabled on "guest" networks.
 
     Example:
     {

src/tools_manifest.json

@@ -1239,7 +1239,7 @@
       }
     },
     {
-      "description": "Update specific fields of an existing network (LAN/VLAN). Requires confirmation.",
+      "description": "Update specific fields of an existing network (LAN/VLAN). Requires confirmation. Note: Network isolation is only supported on 'corporate' networks, not 'guest' networks.",
       "name": "unifi_update_network",
       "schema": {
         "input": {

{unifi_network_mcp-0.3.2.dist-info → unifi_network_mcp-0.4.0.dist-info}/METADATA

@@ -1,13 +1,13 @@
 Metadata-Version: 2.4
 Name: unifi-network-mcp
-Version: 0.3.2
+Version: 0.4.0
 Summary: Unifi Network MCP Server
 License-File: LICENSE
 Requires-Python: >=3.13
 Requires-Dist: aiohttp>=3.8.5
-Requires-Dist: aiounifi>=87.0.0
+Requires-Dist: aiounifi>=88
 Requires-Dist: jsonschema>=4.17.0
-Requires-Dist: mcp[cli]>=1.21.2
+Requires-Dist: mcp[cli]>=1.23.0
 Requires-Dist: omegaconf>=2.3.0
 Requires-Dist: python-dotenv>=1.0.0
 Requires-Dist: pyyaml>=6.0
@@ -538,6 +538,7 @@ The server merges settings from **environment variables**, an optional `.env` fi
 | `UNIFI_TOOL_REGISTRATION_MODE` | Tool loading mode: `lazy` (default), `eager`, or `meta_only`. See [Context Optimization](#context-optimization) |
 | `UNIFI_ENABLED_CATEGORIES` | Comma-separated list of tool categories to load (eager mode). See table below |
 | `UNIFI_ENABLED_TOOLS` | Comma-separated list of specific tool names to register (eager mode) |
+| `UNIFI_MCP_ALLOWED_HOSTS` | Comma-separated list of allowed hostnames for reverse proxy support. Required when running behind Nginx/Cloudflare/etc. Default `localhost,127.0.0.1` |
 
 ### Tool Categories (for UNIFI_ENABLED_CATEGORIES)
 
@@ -809,6 +810,7 @@ See [docs/permissions.md](docs/permissions.md) for complete documentation includ
 * **Review permissions carefully** before enabling high-risk operations. Use environment variables for runtime control.
 * Create, update, and delete tools should be used with caution and only enabled when necessary.
 * Do not host outside of your network unless using a secure reverse proxy like Cloudflare Tunnel or Ngrok. Even then, an additional layer of authentication is recommended.
+* **Reverse Proxy Configuration:** When running behind a reverse proxy, set `UNIFI_MCP_ALLOWED_HOSTS` to include your external domain (e.g., `localhost,127.0.0.1,unifi-mcp.example.com`) to bypass FastMCP's DNS rebinding protection.
 
 ---
 

{unifi_network_mcp-0.3.2.dist-info → unifi_network_mcp-0.4.0.dist-info}/RECORD

@@ -1,7 +1,8 @@
+src/_version.py,sha256=2_0GUP7yBCXRus-qiJKxQD62z172WSs1sQ6DVpPsbmM,704
 src/bootstrap.py,sha256=mqkDDfn5xKRzun07TS8xPLZm_WnfLt3xTguxxFnfRV0,7572
 src/jobs.py,sha256=3IUO8ChpeRUjyJTWeFlyIwtkQLv-_KvfzuA5Ra4PmDI,5984
 src/main.py,sha256=7ZCXXzSoHFsXuA_FdNwJhcLtjMtTzK4sxah7ahzmEHs,15456
-src/runtime.py,sha256=bGad0_hJJU9Q1Ari29vQ9oaGt-v-uffTLNO5tPOuzeg,5159
+src/runtime.py,sha256=7WqGkzXe92fn0JczCv8YVr5LTIc40pIt7nqSX4ji2To,5816
 src/schemas.py,sha256=Y9fglAAgRGh8zxwO0J5zpj5BsRMLDDwevwXY_6kj5VU,33725
 src/tool_index.py,sha256=aUPFqES4i_cq9ZsfAoiWuhKwoEEJ8NEAOafQ2h1g1NE,5492
 src/validator_registry.py,sha256=dboNY36ZQphCr7tDQuVQtNvXu4X1FBkgqoLb-sGNwJQ,3005
@@ -26,7 +27,7 @@ src/tools/devices.py,sha256=t29mGFr-_KSLUomgeNDHZcKGbtSIp9gLlckKsLDHAww,17454
 src/tools/events.py,sha256=rnPu8XIGhjkP-KcXk2-J6JRJnMgAsJNkIFWxHww43zs,6070
 src/tools/firewall.py,sha256=ClQ4P6scYivpuoq2b0TR9UEVQ07s2ykmYXdxcuzvxeM,30118
 src/tools/hotspot.py,sha256=RmTgtOMnwsv7IWJYCdldJNim1akjy8CLP8ROplY4uDA,8418
-src/tools/network.py,sha256=Y0kS6YrQZUunbnqsj5Sd7K05vEelBS8LpYIldtIvUWc,34070
+src/tools/network.py,sha256=usGK5DmHlqVpiVTzwPgBGC-GMW1pPM7ztenoEdKtPlg,34987
 src/tools/port_forwards.py,sha256=H8K0DMtwqUBCO9kixUzb9PuoYhnE_CJE7nwfhOk1v44,25612
 src/tools/qos.py,sha256=Ym3W5Y7zrRLfH9xqy5Tz2-amYn9QnoIvFG3F5X3FQzI,21554
 src/tools/routing.py,sha256=vaf4UX2MiDmCC9RvzLgLWXTVSEdzUwM6qMpUHaxz67I,11263
@@ -41,11 +42,11 @@ src/utils/lazy_tool_loader.py,sha256=0GdfF7z06U_pvx7hmUE1jWEOFMFFo3WS9PWEEwkpXG4
 src/utils/meta_tools.py,sha256=XlLkzFEvrZsDEiXxMq_Lz22ZGZ8mMzbjx6krYJS-JD4,13172
 src/utils/permissions.py,sha256=GGg81gCPBo18Ra9NWGgHO3pPzX1EFUAt_Xd9gbUfKQo,4060
 src/utils/tool_loader.py,sha256=QpfHOxyZ_bzPJM0SItB7UM8uW_p7vl2Sm25rfgfwsAY,4147
-src/tools_manifest.json,sha256=vOlP1YzEQn9wXNeBMd4zKlCpPvC4uyoE8Nw64aTb2Wc,37813
+src/tools_manifest.json,sha256=G7j9-pKly9fGvjc7vDwoMqQROvpbhwafWu4UY9dPMjU,37902
 src/config/config.yaml,sha256=FPoDva21XrUqgiwXTahVa5tDy_aNTeOL3cT8DTxyICU,3953
-unifi_network_mcp-0.3.2.data/data/share/unifi-network-mcp/.well-known/mcp-server.json,sha256=Ru2oF_SdOzkathJVTQ6R0bRB-NTmiXLlNVvsp7GqmPs,1427
-unifi_network_mcp-0.3.2.dist-info/METADATA,sha256=WeJg9PFrum4Ba5BQAYEuaJI20mqFpc2BE19YMxeq3Fo,38286
-unifi_network_mcp-0.3.2.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-unifi_network_mcp-0.3.2.dist-info/entry_points.txt,sha256=iDs5JXOBoUROpkuTXoxr-1WSrz1FLEgI0TO4pFsZ8u0,52
-unifi_network_mcp-0.3.2.dist-info/licenses/LICENSE,sha256=1tMHOACX4Nse1DzgSKufrvTGztT8kS71LE8l29IAvto,1068
-unifi_network_mcp-0.3.2.dist-info/RECORD,,
+unifi_network_mcp-0.4.0.data/data/share/unifi-network-mcp/.well-known/mcp-server.json,sha256=Ru2oF_SdOzkathJVTQ6R0bRB-NTmiXLlNVvsp7GqmPs,1427
+unifi_network_mcp-0.4.0.dist-info/METADATA,sha256=3Cro-ITlcHDdw0vug5Q6yJ6Ev2tM2J9E4cWaUmEN_Dk,38696
+unifi_network_mcp-0.4.0.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+unifi_network_mcp-0.4.0.dist-info/entry_points.txt,sha256=iDs5JXOBoUROpkuTXoxr-1WSrz1FLEgI0TO4pFsZ8u0,52
+unifi_network_mcp-0.4.0.dist-info/licenses/LICENSE,sha256=1tMHOACX4Nse1DzgSKufrvTGztT8kS71LE8l29IAvto,1068
+unifi_network_mcp-0.4.0.dist-info/RECORD,,