Labsco
paulomac1000 logo

OpenWRT-MCP

from paulomac1000

Secure MCP (Model Context Protocol) server for OpenWRT router management and diagnostics

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedAccount requiredAdvanced setup

OpenWRT-MCP

CI Docker Python 3.14+ License: MIT

Read-only MCP (Model Context Protocol) server for OpenWRT router management and diagnostics. Enables AI assistants (Claude Desktop, LibreChat, Cline) to observe and analyze an OpenWRT router without any write access.

Ports

PortProtocolPurposeEndpoint
9094HTTPHealth checkGET /health
9095SSEMCP transport (SSE)/sse, /messages
9096HTTPREST API/api/*

Verify

# Health check
curl http://localhost:9094/health

# List all MCP tools
curl http://localhost:9096/api/tools

# Call a tool
curl -X POST http://localhost:9096/api/tools/get_router_info \
  -H "Content-Type: application/json" \
  -d '{}'

# Get tool manifest
curl http://localhost:9096/api/tools/get_router_info/manifest

Available Tools (24)

Tools are categorized by risk level: [READ] tools are safe β€” they query the router with no side effects. [WRITE] tools can modify router state and require ENABLE_WRITE_OPERATIONS=1 in .env. [DESTRUCTIVE] tools are irreversible (reboot) and require explicit confirmation.

CategoryToolRiskDescription
Connectiontest_router_connectionREADVerify SSH connectivity
Systemget_router_infoREADBoard info, memory, uptime, release
get_router_contextREADUnified context snapshot (system, wifi, DHCP, health)
describe_router_capabilitiesREADServer introspection β€” tools, manifests, collectors
Networkget_router_wifi_statusREADWiFi radios, SSIDs, connected clients
get_router_dhcp_leasesREADActive DHCP leases
diagnose_router_connectivityREADPing, DNS, and gateway tests
ping_hostREADPing a specific host
traceroute_hostREADTraceroute to a host
nslookup_hostREADDNS lookup from the router
wifi_scanREADScan neighboring WiFi networks
Securityget_router_firewall_rulesREADiptables / nftables / fw4 rules
read_router_uci_configREADRead UCI configuration sections
Diagnosticsget_router_logsREADRecent system logs
search_router_logsREADFiltered log search
Packageslist_router_packagesREADInstalled OPKG packages
DHCPget_dhcp_static_leasesREADStatic DHCP reservations
search_dhcp_logsREADSearch DHCP events in logs
get_device_dhcp_detailsREADFull device info (lease, reservation, logs)
Writeuci_setWRITESet a UCI configuration value
uci_commitWRITECommit UCI changes permanently
restart_interfaceWRITERestart a network interface
reload_networkWRITEReload network services
reboot_deviceDESTRUCTIVEReboot the router (irreversible)

Security Model

  • Read-only by default β€” All SSH commands are whitelisted; write operations (uci set, ifdown, ubus reboot) require ENABLE_WRITE_OPERATIONS=1
  • Command whitelist β€” Explicit read-only patterns (ubus call, uci show, cat /proc/*, logread, ping, and others)
  • Write command whitelist β€” Separate execute_write() path for write operations (ifdown, ifup, uci set/commit, /etc/init.d/network, ubus reboot)
  • Blocked patterns β€” rm, reboot, wget, curl, uci set (in read path), shell metacharacters (;, |, &&, $, and others)
  • Key-based authentication β€” Password login discouraged
  • SSH host key verification β€” Optional via OPENWRT_KNOWN_HOSTS (set to path of known_hosts file)
  • Audit logging β€” All commands logged with timestamps for accountability
  • Localhost binding β€” All ports bind to 127.0.0.1 by default; set MCP_UNSAFE_PUBLIC_ACCESS_CONFIRMED=1 for Docker

Standards Compliance

This server follows two AI-First standards:

StandardDocumentVersionDescription
AFDSdocs_standards.mdv1.0Documentation structure, frontmatter schema, controlled language
MCP Coremcp-server-standards.mdv1.1.0Tool design, response contracts, testing hierarchy, security

Compliance level: L3-ready (all L1-L3 rules met; Risk Consistency Matrix enforced by automated tests).

Testing

pip install -e ".[dev]"
pytest tests/unit/ tests/integration/ -q       # 268 tests (requires .env for integration)
pytest tests/unit/ --cov=openwrt_mcp -q         # 80%+ coverage
ruff check . && ruff format --check .           # lint
mypy src/openwrt_mcp/ --strict                  # type check
bandit -r src/openwrt_mcp/ -ll                  # security

Quick Reference

MetricValue
Python3.14+ (Docker: 3.14)
Tools24 (19 READ + 4 WRITE + 1 DESTRUCTIVE)
Tests296 (215 unit + 53 integration + 10 smoke + 18 e2e)
Coverage86%
Lint0 errors (ruff + mypy --strict + bandit)
Dockerghcr.io/paulomac1000/openwrt-mcp:latest
StandardsAFDS v1.0 + MCP Core v1.1.0 β€” L2+
LicenseMIT

License

MIT