PyPI - unifi-network-mcp - Versions diffs - 0.5.1__tar.gz → 0.5.3__tar.gz - Mend

unifi-network-mcp 0.5.1tar.gz → 0.5.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

unifi_network_mcp-0.5.1/README.md → unifi_network_mcp-0.5.3/PKG-INFO RENAMED Viewed

@@ -1,3 +1,19 @@
+Metadata-Version: 2.4
+Name: unifi-network-mcp
+Version: 0.5.3
+Summary: Unifi Network MCP Server
+License-File: LICENSE
+Requires-Python: >=3.13
+Requires-Dist: aiohttp>=3.8.5
+Requires-Dist: aiounifi>=88
+Requires-Dist: jsonschema>=4.17.0
+Requires-Dist: mcp[cli]>=1.23.0
+Requires-Dist: omegaconf>=2.3.0
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: pyyaml>=6.0
+Requires-Dist: typing-extensions>=4.4.0
+Description-Content-Type: text/markdown
 # 📡 UniFi Network MCP Server
 [![License][license-shield]](LICENSE)
@@ -525,6 +541,7 @@ The server merges settings from **environment variables**, an optional `.env` fi
 | `UNIFI_ENABLED_CATEGORIES` | Comma-separated list of tool categories to load (eager mode). See table below |
 | `UNIFI_ENABLED_TOOLS` | Comma-separated list of specific tool names to register (eager mode) |
 | `UNIFI_MCP_ALLOWED_HOSTS` | Comma-separated list of allowed hostnames for reverse proxy support. Required when running behind Nginx/Cloudflare/etc. Default `localhost,127.0.0.1` |
+| `UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION` | Enable/disable DNS rebinding protection. Set to `false` for Kubernetes/proxy deployments where `UNIFI_MCP_ALLOWED_HOSTS` is insufficient. Default `true` |
 ### Tool Categories (for UNIFI_ENABLED_CATEGORIES)
@@ -746,6 +763,8 @@ These tools will give any LLM or agent configured to use them full access to you
 The server includes a comprehensive permission system with **safe defaults**:
+> **Permissions control tool visibility.** Tools with disabled permissions are **not registered** with the MCP server and will not appear in your client's tool list. If you're missing expected tools, check that the relevant permissions are enabled. All tools remain discoverable via `unifi_tool_index` regardless of permission settings — but disabled tools cannot be called. See [docs/permissions.md](docs/permissions.md) for full details.
 **Disabled by Default (High-Risk):**
 - Network creation/modification (`unifi_create_network`, `unifi_update_network`)
 - Wireless configuration (`unifi_create_wlan`, `unifi_update_wlan`)
@@ -796,7 +815,9 @@ See [docs/permissions.md](docs/permissions.md) for complete documentation includ
 * **Review permissions carefully** before enabling high-risk operations. Use environment variables for runtime control.
 * Create, update, and delete tools should be used with caution and only enabled when necessary.
 * Do not host outside of your network unless using a secure reverse proxy like Cloudflare Tunnel or Ngrok. Even then, an additional layer of authentication is recommended.
-* **Reverse Proxy Configuration:** When running behind a reverse proxy, set `UNIFI_MCP_ALLOWED_HOSTS` to include your external domain (e.g., `localhost,127.0.0.1,unifi-mcp.example.com`) to bypass FastMCP's DNS rebinding protection.
+* **Reverse Proxy Configuration:** When running behind a reverse proxy (Kubernetes ingress, Nginx, Cloudflare, etc.):
+  * First try: Set `UNIFI_MCP_ALLOWED_HOSTS` to include your external domain (e.g., `localhost,127.0.0.1,unifi-mcp.example.com`)
+  * If that's insufficient: Set `UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION=false` to disable host validation entirely. Only use this in trusted network environments.
 ---

unifi_network_mcp-0.5.1/PKG-INFO → unifi_network_mcp-0.5.3/README.md RENAMED Viewed

@@ -1,19 +1,3 @@
-Metadata-Version: 2.4
-Name: unifi-network-mcp
-Version: 0.5.1
-Summary: Unifi Network MCP Server
-License-File: LICENSE
-Requires-Python: >=3.13
-Requires-Dist: aiohttp>=3.8.5
-Requires-Dist: aiounifi>=88
-Requires-Dist: jsonschema>=4.17.0
-Requires-Dist: mcp[cli]>=1.23.0
-Requires-Dist: omegaconf>=2.3.0
-Requires-Dist: python-dotenv>=1.0.0
-Requires-Dist: pyyaml>=6.0
-Requires-Dist: typing-extensions>=4.4.0
-Description-Content-Type: text/markdown
 # 📡 UniFi Network MCP Server
 [![License][license-shield]](LICENSE)
@@ -541,6 +525,7 @@ The server merges settings from **environment variables**, an optional `.env` fi
 | `UNIFI_ENABLED_CATEGORIES` | Comma-separated list of tool categories to load (eager mode). See table below |
 | `UNIFI_ENABLED_TOOLS` | Comma-separated list of specific tool names to register (eager mode) |
 | `UNIFI_MCP_ALLOWED_HOSTS` | Comma-separated list of allowed hostnames for reverse proxy support. Required when running behind Nginx/Cloudflare/etc. Default `localhost,127.0.0.1` |
+| `UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION` | Enable/disable DNS rebinding protection. Set to `false` for Kubernetes/proxy deployments where `UNIFI_MCP_ALLOWED_HOSTS` is insufficient. Default `true` |
 ### Tool Categories (for UNIFI_ENABLED_CATEGORIES)
@@ -762,6 +747,8 @@ These tools will give any LLM or agent configured to use them full access to you
 The server includes a comprehensive permission system with **safe defaults**:
+> **Permissions control tool visibility.** Tools with disabled permissions are **not registered** with the MCP server and will not appear in your client's tool list. If you're missing expected tools, check that the relevant permissions are enabled. All tools remain discoverable via `unifi_tool_index` regardless of permission settings — but disabled tools cannot be called. See [docs/permissions.md](docs/permissions.md) for full details.
 **Disabled by Default (High-Risk):**
 - Network creation/modification (`unifi_create_network`, `unifi_update_network`)
 - Wireless configuration (`unifi_create_wlan`, `unifi_update_wlan`)
@@ -812,7 +799,9 @@ See [docs/permissions.md](docs/permissions.md) for complete documentation includ
 * **Review permissions carefully** before enabling high-risk operations. Use environment variables for runtime control.
 * Create, update, and delete tools should be used with caution and only enabled when necessary.
 * Do not host outside of your network unless using a secure reverse proxy like Cloudflare Tunnel or Ngrok. Even then, an additional layer of authentication is recommended.
-* **Reverse Proxy Configuration:** When running behind a reverse proxy, set `UNIFI_MCP_ALLOWED_HOSTS` to include your external domain (e.g., `localhost,127.0.0.1,unifi-mcp.example.com`) to bypass FastMCP's DNS rebinding protection.
+* **Reverse Proxy Configuration:** When running behind a reverse proxy (Kubernetes ingress, Nginx, Cloudflare, etc.):
+  * First try: Set `UNIFI_MCP_ALLOWED_HOSTS` to include your external domain (e.g., `localhost,127.0.0.1,unifi-mcp.example.com`)
+  * If that's insufficient: Set `UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION=false` to disable host validation entirely. Only use this in trusted network environments.
 ---

{unifi_network_mcp-0.5.1 → unifi_network_mcp-0.5.3}/src/_version.py RENAMED Viewed

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
-__version__ = version = '0.5.1'
-__version_tuple__ = version_tuple = (0, 5, 1)
+__version__ = version = '0.5.3'
+__version_tuple__ = version_tuple = (0, 5, 3)
 __commit_id__ = commit_id = None

{unifi_network_mcp-0.5.1 → unifi_network_mcp-0.5.3}/src/main.py RENAMED Viewed

@@ -253,6 +253,13 @@ async def main_async():
         logger.info("   Meta-tools: unifi_tool_index, unifi_execute, unifi_batch, unifi_batch_status")
         logger.info("   Use unifi_execute to run any tool discovered via unifi_tool_index")
         logger.info("   To load all tools directly: set UNIFI_TOOL_REGISTRATION_MODE=eager")
+        # Setup lazy loading interceptor so unifi_execute/unifi_batch can load tools on demand
+        setup_lazy_loading(server, _original_tool_decorator)
+        from src.utils.lazy_tool_loader import TOOL_MODULE_MAP
+        logger.info(f"   On-demand loader ready - {len(TOOL_MODULE_MAP)} tools available via unifi_execute")
     elif UNIFI_TOOL_REGISTRATION_MODE == "lazy":
         logger.info("⚡ Tool registration mode: lazy")
         logger.info("   Meta-tools: unifi_tool_index, unifi_execute, unifi_batch, unifi_batch_status, unifi_load_tools")

{unifi_network_mcp-0.5.1 → unifi_network_mcp-0.5.3}/src/runtime.py RENAMED Viewed

@@ -80,10 +80,22 @@ def get_server() -> FastMCP:
     allowed_hosts_str = os.getenv("UNIFI_MCP_ALLOWED_HOSTS", "localhost,127.0.0.1")
     allowed_hosts = [h.strip() for h in allowed_hosts_str.split(",") if h.strip()]
+    # Allow disabling DNS rebinding protection entirely (default: enabled)
+    # Set to "false" for Kubernetes/proxy deployments where allowed_hosts is insufficient
+    enable_dns_rebinding = (
+        os.getenv("UNIFI_MCP_ENABLE_DNS_REBINDING_PROTECTION", "true").lower() == "true"
+    )
     # Configure transport security settings
-    transport_security = TransportSecuritySettings(allowed_hosts=allowed_hosts)
+    transport_security = TransportSecuritySettings(
+        allowed_hosts=allowed_hosts,
+        enable_dns_rebinding_protection=enable_dns_rebinding,
+    )
-    logger.debug(f"Configuring FastMCP with allowed_hosts: {allowed_hosts}")
+    logger.debug(
+        f"Configuring FastMCP with allowed_hosts: {allowed_hosts}, "
+        f"dns_rebinding_protection: {enable_dns_rebinding}"
+    )
     server = FastMCP(
         name="unifi-network-mcp",