Bob Ross
Manages a Canonical Landscape estate, providing inventory, alerts, activities, patching, and script execution with a safety layer including blast-radius preview, dry-run confirmation handshake, and full audit logging.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Bob Rossshow computers with pending security updates"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Bob Ross 🎨
"We don't make mistakes, just happy little servers."
An MCP server for managing a Canonical Landscape estate from an AI agent (Claude Desktop / Claude Code). Bob Ross wraps the Landscape API as MCP tools — inventory, alerts, activities, patching, script execution — with a safety layer built in so an LLM can't accidentally reboot your whole fleet.
Jira: BR
Why it's not just a dumb API wrapper
Blast-radius preview —
resolve_queryshows how many machines a query matches (and a sample) before you act.Dry-run → confirm handshake — every destructive tool returns a short-lived
confirm_tokenon the first call; you must call again with the token to execute. If the matched machine set drifts in between, the token is rejected.Secure by default — read-only mode is on out of the box. Writes need two explicit switches flipped. TLS is verified. Secrets never hit logs.
Full audit log — every action (dry runs, executes, denials) is appended to a redacted JSONL audit trail.
Dual auth — REST bearer token or legacy HMAC query API, auto-detected.
Related MCP server: MCP Process Server
Status
MVP scaffold. Read tools + gated write tools are implemented against both API
backends. Exact REST endpoint paths are set as constants in client.py and get
finalized once pointed at a live instance — run the ping tool to validate.
Setup
python3.14 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
cp .env.example .env # then fill in URL + credentials
pytest # run the safety/signing/config testsConfiguration
All via BOBROSS_* env vars (or .env). See .env.example. Key ones:
Var | Default | Meaning |
| — | Landscape base URL |
| — | REST bearer token (mode A) |
| — | Legacy HMAC keys (mode B) |
|
| Blocks all writes |
|
| Second switch required for writes |
|
| Verify TLS certs |
Run
bob-ross # stdio transport (Claude Desktop / Code)
# or
python -m bob_rossClaude Code (CLI)
Install once (user scope → available in every project). The cd wrapper makes it
location-independent and keeps credentials in .env (never in Claude's config):
claude mcp add bob-ross --scope user -- \
bash -lc 'cd /path/to/bob-ross && exec ./.venv/bin/bob-ross'Starts in read-only mode. To enable actions, flip BOBROSS_READ_ONLY=false and
BOBROSS_ALLOW_WRITES=true in .env, then restart Claude Code.
Claude Desktop / Code (stdio)
{
"mcpServers": {
"bob-ross": {
"command": "/path/to/bob-ross/.venv/bin/bob-ross",
"env": { "BOBROSS_LANDSCAPE_URL": "https://landscape.example.com",
"BOBROSS_API_TOKEN": "..." }
}
}
}Tools
Read: ping, estate_health, list_computers, get_computer, resolve_query,
pending_updates, list_alerts, list_activities, get_activity, wait_for_activity,
list_scripts
Write (gated): execute_script, reboot_computers, apply_security_upgrades,
upgrade_packages, install_packages, remove_packages, add_tags, remove_tags
Activity-creating write tools accept wait=true to poll the resulting Landscape
activity to a terminal status and return a completion summary
(succeeded / failed / still-incomplete), so the agent knows the real outcome
instead of just "queued".
Resources: landscape://computers, landscape://alerts, landscape://health,
landscape://computer/{computer_id} (template)
Prompts: patch_security_updates, triage_estate, reboot_reboot_required,
patch_machine
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/just-an-oldsalt/bob-ross'
If you have feedback or need assistance with the MCP directory API, please join our Discord server