PyPI - unifi-network-mcp - Versions diffs - 0.5.0__tar.gz → 0.5.2__tar.gz - Mend

unifi-network-mcp 0.5.0tar.gz → 0.5.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

unifi_network_mcp-0.5.0/README.md → unifi_network_mcp-0.5.2/PKG-INFO RENAMED Viewed

@@ -1,3 +1,19 @@
+Metadata-Version: 2.4
+Name: unifi-network-mcp
+Version: 0.5.2
+Summary: Unifi Network MCP Server
+License-File: LICENSE
+Requires-Python: >=3.13
+Requires-Dist: aiohttp>=3.8.5
+Requires-Dist: aiounifi>=88
+Requires-Dist: jsonschema>=4.17.0
+Requires-Dist: mcp[cli]>=1.23.0
+Requires-Dist: omegaconf>=2.3.0
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: typing-extensions>=4.4.0
+Description-Content-Type: text/markdown
 # 📡 UniFi Network MCP Server
 [![License][license-shield]](LICENSE)
@@ -518,11 +534,14 @@ The server merges settings from **environment variables**, an optional `.env` fi
 | `UNIFI_VERIFY_SSL` | Set to `false` if using self-signed certs |
 | `UNIFI_CONTROLLER_TYPE` | Controller API path type: `auto` (detect), `proxy` (UniFi OS), `direct` (standalone). Default `auto` |
 | `UNIFI_MCP_HTTP_ENABLED` | Set `true` to enable optional HTTP SSE server (default `false`) |
+| `UNIFI_MCP_HOST` | HTTP SSE bind address (default `0.0.0.0`) |
+| `UNIFI_MCP_PORT` | HTTP SSE bind port (default `3000`) |
 | `UNIFI_AUTO_CONFIRM` | Set `true` to auto-confirm all mutating operations (skips preview step). Ideal for workflow automation (n8n, Make, Zapier). Default `false` |
 | `UNIFI_TOOL_REGISTRATION_MODE` | Tool loading mode: `lazy` (default), `eager`, or `meta_only`. See [Context Optimization](#context-optimization) |
 | `UNIFI_ENABLED_CATEGORIES` | Comma-separated list of tool categories to load (eager mode). See table below |
 | `UNIFI_ENABLED_TOOLS` | Comma-separated list of specific tool names to register (eager mode) |
 | `UNIFI_MCP_ALLOWED_HOSTS` | Comma-separated list of allowed hostnames for reverse proxy support. Required when running behind Nginx/Cloudflare/etc. Default `localhost,127.0.0.1` |
+| `UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION` | Enable/disable DNS rebinding protection. Set to `false` for Kubernetes/proxy deployments where `UNIFI_MCP_ALLOWED_HOSTS` is insufficient. Default `true` |
 ### Tool Categories (for UNIFI_ENABLED_CATEGORIES)
@@ -794,7 +813,9 @@ See [docs/permissions.md](docs/permissions.md) for complete documentation includ
 * **Review permissions carefully** before enabling high-risk operations. Use environment variables for runtime control.
 * Create, update, and delete tools should be used with caution and only enabled when necessary.
 * Do not host outside of your network unless using a secure reverse proxy like Cloudflare Tunnel or Ngrok. Even then, an additional layer of authentication is recommended.
-* **Reverse Proxy Configuration:** When running behind a reverse proxy, set `UNIFI_MCP_ALLOWED_HOSTS` to include your external domain (e.g., `localhost,127.0.0.1,unifi-mcp.example.com`) to bypass FastMCP's DNS rebinding protection.
+* **Reverse Proxy Configuration:** When running behind a reverse proxy (Kubernetes ingress, Nginx, Cloudflare, etc.):
+  * First try: Set `UNIFI_MCP_ALLOWED_HOSTS` to include your external domain (e.g., `localhost,127.0.0.1,unifi-mcp.example.com`)
+  * If that's insufficient: Set `UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION=false` to disable host validation entirely. Only use this in trusted network environments.
 ---

unifi_network_mcp-0.5.0/PKG-INFO → unifi_network_mcp-0.5.2/README.md RENAMED Viewed

@@ -1,19 +1,3 @@
-Metadata-Version: 2.4
-Name: unifi-network-mcp
-Version: 0.5.0
-Summary: Unifi Network MCP Server
-License-File: LICENSE
-Requires-Python: >=3.13
-Requires-Dist: aiohttp>=3.8.5
-Requires-Dist: aiounifi>=88
-Requires-Dist: jsonschema>=4.17.0
-Requires-Dist: mcp[cli]>=1.23.0
-Requires-Dist: omegaconf>=2.3.0
-Requires-Dist: python-dotenv>=1.0.0
-Requires-Dist: pyyaml>=6.0
-Requires-Dist: typing-extensions>=4.4.0
-Description-Content-Type: text/markdown
 # 📡 UniFi Network MCP Server
 [![License][license-shield]](LICENSE)
@@ -534,11 +518,14 @@ The server merges settings from **environment variables**, an optional `.env` fi
 | `UNIFI_VERIFY_SSL` | Set to `false` if using self-signed certs |
 | `UNIFI_CONTROLLER_TYPE` | Controller API path type: `auto` (detect), `proxy` (UniFi OS), `direct` (standalone). Default `auto` |
 | `UNIFI_MCP_HTTP_ENABLED` | Set `true` to enable optional HTTP SSE server (default `false`) |
+| `UNIFI_MCP_HOST` | HTTP SSE bind address (default `0.0.0.0`) |
+| `UNIFI_MCP_PORT` | HTTP SSE bind port (default `3000`) |
 | `UNIFI_AUTO_CONFIRM` | Set `true` to auto-confirm all mutating operations (skips preview step). Ideal for workflow automation (n8n, Make, Zapier). Default `false` |
 | `UNIFI_TOOL_REGISTRATION_MODE` | Tool loading mode: `lazy` (default), `eager`, or `meta_only`. See [Context Optimization](#context-optimization) |
 | `UNIFI_ENABLED_CATEGORIES` | Comma-separated list of tool categories to load (eager mode). See table below |
 | `UNIFI_ENABLED_TOOLS` | Comma-separated list of specific tool names to register (eager mode) |
 | `UNIFI_MCP_ALLOWED_HOSTS` | Comma-separated list of allowed hostnames for reverse proxy support. Required when running behind Nginx/Cloudflare/etc. Default `localhost,127.0.0.1` |
+| `UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION` | Enable/disable DNS rebinding protection. Set to `false` for Kubernetes/proxy deployments where `UNIFI_MCP_ALLOWED_HOSTS` is insufficient. Default `true` |
 ### Tool Categories (for UNIFI_ENABLED_CATEGORIES)
@@ -810,7 +797,9 @@ See [docs/permissions.md](docs/permissions.md) for complete documentation includ
 * **Review permissions carefully** before enabling high-risk operations. Use environment variables for runtime control.
 * Create, update, and delete tools should be used with caution and only enabled when necessary.
 * Do not host outside of your network unless using a secure reverse proxy like Cloudflare Tunnel or Ngrok. Even then, an additional layer of authentication is recommended.
-* **Reverse Proxy Configuration:** When running behind a reverse proxy, set `UNIFI_MCP_ALLOWED_HOSTS` to include your external domain (e.g., `localhost,127.0.0.1,unifi-mcp.example.com`) to bypass FastMCP's DNS rebinding protection.
+* **Reverse Proxy Configuration:** When running behind a reverse proxy (Kubernetes ingress, Nginx, Cloudflare, etc.):
+  * First try: Set `UNIFI_MCP_ALLOWED_HOSTS` to include your external domain (e.g., `localhost,127.0.0.1,unifi-mcp.example.com`)
+  * If that's insufficient: Set `UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION=false` to disable host validation entirely. Only use this in trusted network environments.
 ---

{unifi_network_mcp-0.5.0 → unifi_network_mcp-0.5.2}/src/_version.py RENAMED Viewed

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
-__version__ = version = '0.5.0'
-__version_tuple__ = version_tuple = (0, 5, 0)
+__version__ = version = '0.5.2'
+__version_tuple__ = version_tuple = (0, 5, 2)
 __commit_id__ = commit_id = None

{unifi_network_mcp-0.5.0 → unifi_network_mcp-0.5.2}/src/config/config.yaml RENAMED Viewed

@@ -8,8 +8,8 @@ unifi:
   controller_type: ${oc.env:UNIFI_CONTROLLER_TYPE,auto}
 server:
-  host: 0.0.0.0
-  port: 3000
+  host: ${oc.env:UNIFI_MCP_HOST,0.0.0.0}
+  port: ${oc.env:UNIFI_MCP_PORT,3000}
   log_level: INFO
   # Tool registration mode

{unifi_network_mcp-0.5.0 → unifi_network_mcp-0.5.2}/src/runtime.py RENAMED Viewed

@@ -80,10 +80,22 @@ def get_server() -> FastMCP:
     allowed_hosts_str = os.getenv("UNIFI_MCP_ALLOWED_HOSTS", "localhost,127.0.0.1")
     allowed_hosts = [h.strip() for h in allowed_hosts_str.split(",") if h.strip()]
+    # Allow disabling DNS rebinding protection entirely (default: enabled)
+    # Set to "false" for Kubernetes/proxy deployments where allowed_hosts is insufficient
+    enable_dns_rebinding = (
+        os.getenv("UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION", "true").lower() == "true"
+    )
     # Configure transport security settings
-    transport_security = TransportSecuritySettings(allowed_hosts=allowed_hosts)
+    transport_security = TransportSecuritySettings(
+        allowed_hosts=allowed_hosts,
+        enable_dns_rebinding_protection=enable_dns_rebinding,
+    )
-    logger.debug(f"Configuring FastMCP with allowed_hosts: {allowed_hosts}")
+    logger.debug(
+        f"Configuring FastMCP with allowed_hosts: {allowed_hosts}, "
+        f"dns_rebinding_protection: {enable_dns_rebinding}"
+    )
     server = FastMCP(
         name="unifi-network-mcp",