Open source · MIT · Python 3.13+

Give your agents full access to your UniFi stack — safely.

UniFi MCP is a suite of Model Context Protocol servers that expose your Network, Protect, and Access controllers to AI agents — 220+ tools, preview-then-confirm mutations, and a Cloudflare relay for cloud-hosted agents.

Quick install See agent examples
stdio · HTTP · SSE Read-only by default ~200 tokens lazy load
INPUT · UniFi controllers OUTPUT · MCP tools 220+ tools wired model-agnostic Diagram showing UniFi systems flowing through an MCP gateway into an AI agent
Works with any MCP-compatible client
Claude Desktop Claude Code Cursor VS Code (MCP) OpenAI Agents Gemini CLI opencode Codex CLI OpenClaw n8n / Zapier Custom agents
224+
Tools across 3 servers
network · protect · access
~200tk
Lazy-load context cost
vs ~5,000 eager
3×
Transports supported
stdio · HTTP · SSE
100%
Open source · MIT
runs on your hardware
The servers

One monorepo. Three controllers. One agent that understands all of them.

Each server is an independent Python package with a tightly-scoped tool surface. Mix and match — point at one controller, or fan out across an entire fleet.

Stable

Network

161 tools unifi-network-mcp PyPI · Docker · Plugin

Full UniFi Network controller coverage. Devices, clients, firewall, port-forwards, VLANs, WLANs, DPI stats, traffic identification, alarms, and policy templates — all readable, with mutations gated by preview-then-confirm.

unifi.list_clients unifi.get_firewall_policies unifi.create_port_forward unifi.dpi_stats unifi.run_diagnostic +156 more
agent · network
Block IoT devices from the internet between midnight and 6 AM
I'll add a scheduled firewall rule on the IoT VLAN. Preview: unifi.create_firewall_policy · WAN · IoT VLAN · 00:00-06:00
Explore Network
Beta

Protect

34 tools unifi-protect-mcp

Cameras, snapshots, motion events, smart detections, recordings, and live event streams. Hand your agent a question — get back a timeline, not 800 frames.

protect.list_cameras protect.smart_detections protect.snapshot protect.timeline
Explore Protect
Beta

Access

29 tools unifi-access-mcp

Doors, hubs, readers, credentials, visitors, and policies. Issue a guest pass, audit a badge timeline, or revoke a credential — in plain English.

access.list_doors access.create_visitor access.event_stream access.policies
Explore Access
Talk to your network

Plain-English asks. Real controller actions.

Every prompt routes to one or more tools, with a preview of what will change before it touches your controller.

Network

Show me every client on the Guest VLAN with signal strength under -70 dBm.

list_clients get_vlan filter_by_rssi
Network

Audit my firewall policies — flag redundant or conflicting rules.

get_firewall_policies benchmark_audit topology_analysis
Protect

Summarize smart-detection events from the front-door camera today — people and vehicles only.

smart_detections filter_by_class summarize
Access

Create a visitor pass for John Smith — main entrance, tomorrow 9 AM to 5 PM.

create_visitor assign_door_policy preview_change
Cross-product

Everything that happened at the front entrance in the last hour — clients, cameras, doors.

access.events protect.timeline network.clients_at
Diagnostics

A switch went offline at 2 AM — was there physical activity nearby?

device_alarms protect.events_near correlate
Cloud Relay · Beta

Cloud agents, local controllers — without exposing a single port.

The relay sidecar opens an outbound tunnel to a Cloudflare Worker. Cloud-hosted agents call your local UniFi servers as if they were next door.

Multi-location, fan-out by annotation.

Tag each location at the relay. Read-only tools fan out across all of them. Mutations stay scoped to the location you targeted explicitly.

  • Outbound-only — no firewall holes, no DDNS, no public IP.
  • Per-location annotations let agents target @office vs @home.
  • Worker installs in one command: unifi-mcp-worker install.
  • Same tool surface as local — agents don't know they're remote.
Relay sidecar Worker gateway
Agent Skills

More than tools. Plays your agent already knows how to run.

Each plugin ships with skills — reference docs plus deterministic Python scripts — so common operations are reliable, audit-able, and don't burn context.

unifi-network · 12 references

Network Health Check

Batch diagnostics across devices, health subsystems, and alarms — with reference docs for interpreting alarm types and device states.

unifi-network · templates

Firewall Manager

Natural-language firewall management with policy templates, config snapshots, change tracking, and rollback.

unifi-network · 16 benchmarks

Firewall Auditor

Security audit with 100-point scoring, topology analysis, redundancy detection, and trend tracking over time.

unifi-protect · cross-product

Security Digest

Summarizes camera, door, and network events with severity classification and correlation rules across products.

unifi-access · streaming

Access Control

Doors, credentials, visitors, and policies — with real-time event streaming and activity summaries.

cross-product · NEW

Incident Timeline

Correlates Network clients, Protect events, and Access scans into a single timeline for "what happened when" investigations.

Quick install

Up and running in under a minute.

Pick the path that fits your client. The plugin route is the most opinionated — it ships an MCP server, agent skills, and a guided setup command.

# 1. Add the marketplace (one-time)
/plugin marketplace add sirkirby/unifi-mcp

# 2. Install the server plugin you want
/plugin install unifi-network@unifi-plugins

# 3. Run the guided setup
/unifi-network:unifi-network-setup

Multi-controller? Use prefixed env.

Each server reads UNIFI_NETWORK_*, UNIFI_PROTECT_*, UNIFI_ACCESS_* first, then falls back to shared UNIFI_*.

Read-only by default.

Mutations require an explicit opt-in flag and run preview-then-confirm. Nothing changes on your controller until you say go.

Lazy tool loading.

The default mode loads ~200 tokens of meta-tools. Real tools are loaded on demand, by category — keep your context budget for the work.

Why this exists

Built for agents. Designed for your controller's safety.

UniFi MCP is a deliberate design — not a wrapper around an SDK. Every tool is shaped for how LLMs reason about infrastructure.

01 — Safety

Read-only is the default. Always.

Mutations are opt-in per server, gated by a preview-then-confirm flow. Your agent shows its work and waits for approval before any change touches the controller.

02 — Efficiency

Lazy tool loading, by design.

Eager mode dumps ~5,000 tokens of tool definitions into context on connect. Lazy mode starts at ~200 and loads tool groups on demand — the difference between a slow first turn and an instant one.

03 — Composability

Three servers. One coherent surface.

Network, Protect, and Access share the same permission model, the same confirmation flow, and the same naming conventions. An agent that can drive one can drive all of them.

04 — Transports

stdio, HTTP, SSE — your call.

Run locally next to Claude Desktop, expose over Streamable HTTP for self-hosted automation platforms, or stream over SSE for browser agents.

05 — Observability

Every tool call is logged.

Per-server logs with structured request/response, redaction for secrets, and a CLI for replaying calls — so when an agent does something surprising, you can find out exactly what happened.

06 — Open

MIT, on your hardware.

No SaaS, no telemetry, no account. Clone the repo, run the server, point an agent at it. Your controllers stay yours.

FAQ

Common questions, short answers.

What's the Model Context Protocol (MCP), exactly?
MCP is an open protocol that lets AI agents discover and call tools exposed by a server, with structured arguments and structured responses. Anthropic publishes the spec, but it's vendor-neutral — anything that speaks MCP can use these servers.

Is this affiliated with Ubiquiti?
No. UniFi MCP is an independent open-source project. It talks to UniFi controllers' standard APIs the same way the official mobile and web apps do, but it's built and maintained by the community.

Does it need cloud access or a Ubiquiti account?
No. The servers connect directly to your local controller using a local admin account. The optional Cloud Relay is the only piece that talks outbound — and only because you opt in to give a remote agent access.

How safe is this? Can my agent brick my network?
Read-only by default. Mutations require both an explicit opt-in flag and a preview-then-confirm step where you see the exact change before it runs. Nothing happens silently.

Which UniFi controllers are supported?
Anything running modern UniFi OS — UDM, UDM Pro, UDM SE, UCG-Ultra, Cloud Gateways, and standalone CloudKey deployments. The core libraries auto-detect controller type and version.

Can I run my own MCP client / build agents on top?
Absolutely. The servers expose stdio, Streamable HTTP, and SSE. Examples for Python, n8n, and direct OpenAI Agents are in examples/.

How do I contribute?
PRs welcome. Read CONTRIBUTING.md for the monorepo workflow — including how to scaffold a new tool, run the test suite across all three servers, and submit a tool for review.

Stop clicking. Start asking.

One command, one config, one agent that actually understands your network.

Install in 60 seconds Read the source