Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| OPNSENSE_HOST | Yes | The URL of your OPNsense firewall (e.g., https://your-opnsense-host:port) | |
| OPNSENSE_API_KEY | Yes | Your OPNsense API key | |
| OPNSENSE_SSH_HOST | No | Your OPNsense SSH host (optional, for advanced features) | |
| OPNSENSE_API_SECRET | Yes | Your OPNsense API secret | |
| OPNSENSE_VERIFY_SSL | No | Whether to verify SSL certificates | false |
| OPNSENSE_SSH_KEY_PATH | No | Path to SSH private key file (alternative to password) | |
| OPNSENSE_SSH_PASSWORD | No | Your OPNsense SSH password (optional, for advanced features) | |
| OPNSENSE_SSH_USERNAME | No | Your OPNsense SSH username (optional, for advanced features) |
Schema
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
| VLANs | List of all configured VLANs |
| Firewall Rules | List of all firewall rules |
| Network Interfaces | Available network interfaces |
| Connection Status | OPNsense connection status |
| DHCP Leases | Current DHCP leases |
| DNS Blocklist | DNS blocklist entries |
| HAProxy Backends | HAProxy backend configurations |
| HAProxy Frontends | HAProxy frontend configurations |
| HAProxy Statistics | HAProxy statistics and health status |
| Recorded Macros | List of recorded API macros |
| ARP Table | ARP table entries showing IP to MAC mappings |
| IaC Resource Types | Available infrastructure resource types |
| Deployments | Current infrastructure deployments |
| Resource State | Current state of managed resources |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| configure | Configure OPNsense connection |
| list_vlans | List all VLANs |
| get_vlan | Get VLAN details |
| create_vlan | Create a new VLAN |
| delete_vlan | Delete a VLAN |
| update_vlan | Update VLAN description |
| list_firewall_rules | List all firewall rules |
| get_firewall_rule | Get firewall rule details |
| create_firewall_rule | Create a new firewall rule |
| create_firewall_preset | Create a firewall rule from a preset |
| update_firewall_rule | Update a firewall rule |
| delete_firewall_rule | Delete a firewall rule |
| toggle_firewall_rule | Toggle firewall rule enabled/disabled |
| find_firewall_rules | Find firewall rules by description |
| create_backup | Create a configuration backup |
| list_backups | List available backups |
| restore_backup | Restore a configuration backup |
| test_connection | Test API connection and authentication |
| get_interfaces | List available network interfaces |
| list_dhcp_leases | List all DHCP leases |
| find_device_by_name | Find devices by hostname pattern |
| find_device_by_mac | Find device by MAC address |
| get_guest_devices | Get all devices on guest network (VLAN 4) |
| get_devices_by_interface | Group devices by network interface |
| list_arp_entries | List all ARP table entries |
| find_arp_by_ip | Find ARP entries by IP address or subnet |
| find_arp_by_mac | Find ARP entries by MAC address |
| find_arp_by_interface | Find ARP entries on specific interface |
| find_arp_by_hostname | Find ARP entries by hostname pattern |
| get_arp_stats | Get ARP table statistics |
| find_devices_on_vlan | Find devices on specific VLAN |
| list_dns_blocklist | List all DNS blocklist entries |
| block_domain | Add a domain to the DNS blocklist |
| unblock_domain | Remove a domain from the DNS blocklist |
| block_multiple_domains | Block multiple domains at once |
| apply_blocklist_category | Apply a predefined category of domain blocks |
| search_dns_blocklist | Search DNS blocklist entries |
| toggle_blocklist_entry | Enable/disable a DNS blocklist entry |
| haproxy_service_control | Control HAProxy service (start, stop, restart, reload) |
| haproxy_backend_create | Create a new HAProxy backend |
| haproxy_backend_list | List all HAProxy backends |
| haproxy_backend_delete | Delete an HAProxy backend |
| haproxy_frontend_create | Create a new HAProxy frontend |
| haproxy_frontend_list | List all HAProxy frontends |
| haproxy_frontend_delete | Delete an HAProxy frontend |
| haproxy_certificate_list | List available certificates for HAProxy |
| haproxy_certificate_create | Create a certificate for HAProxy |
| haproxy_acl_create | Create an ACL for HAProxy frontend |
| haproxy_action_create | Create an action for HAProxy frontend |
| haproxy_stats | Get HAProxy statistics |
| haproxy_backend_health | Get health status of a specific backend |
| macro_start_recording | Start recording API calls to create a macro |
| macro_stop_recording | Stop recording and save the macro |
| macro_list | List all saved macros |
| macro_play | Play a saved macro |
| macro_delete | Delete a saved macro |
| macro_analyze | Analyze a macro to detect patterns and parameters |
| macro_generate_tool | Generate an MCP tool definition from a macro |
| macro_export | Export all macros to a file |
| macro_import | Import macros from a file |
| iac_plan_deployment | Plan infrastructure deployment changes |
| iac_apply_deployment | Apply a deployment plan |
| iac_destroy_deployment | Destroy deployed resources |
| iac_list_resource_types | List available resource types |