action1-mcp
Action1 MCP Server
MCP server for Action1 — endpoint inventory, patch visibility, and policy automation via the Model Context Protocol.
Read-only in v1. Deploy / automation surface is intentionally separated to a later release for blast-radius reasons (a bad policy push can brick endpoint fleets).
Tools
Tool | Description |
| Discover available tools by domain (organizations / endpoints / policies / updates) |
| List Action1 tenants accessible to the configured credentials |
| List managed devices in an organization |
| Get a single endpoint by id |
| List missing OS/application patches across endpoints — Action1's headline value-prop |
| List automation / policy / remediation rules |
API surface maps to PSAction1 (Action1's MIT-licensed PowerShell module). When the v1 surface earns its keep, write tools (deploy, requery, package upload) come in v2 behind separate review.
Related MCP server: datto-bcdr-mcp
Usage
Claude Desktop (MCPB)
Install via the MCPB bundle from the latest release.
Required credentials (created in Action1 → Settings → API Credentials, non-recoverable on creation — copy immediately):
API Key (Client ID)
Secret
Region (
NorthAmericadefault; alsoEurope,AsiaPacific,Australia)Optional default organization id (for single-tenant use)
Stdio (direct)
ACTION1_API_KEY=... \
ACTION1_SECRET=... \
ACTION1_REGION=NorthAmerica \
ACTION1_DEFAULT_ORG_ID=org-... \
npx -y github:wyre-technology/action1-mcpHTTP (gateway mode)
MCP_TRANSPORT=http PORT=8080 AUTH_MODE=gateway \
docker run -p 8080:8080 ghcr.io/wyre-technology/action1-mcp:latestPer-request credentials via headers:
X-Action1-API-KeyX-Action1-SecretX-Action1-RegionX-Action1-Default-Org-Id
Architecture
src/
├── index.ts # stdio + HTTP transports, tool dispatch
├── sdk/
│ └── action1-client.ts # embedded REST + OAuth client (factor-out candidate
│ # if surface crosses ~20 tools / 2+ domains)
├── utils/
│ ├── client.ts # credential resolution (env vs gateway headers)
│ └── types.ts # DomainHandler interface
├── domains/ # one file per resource type
│ ├── organizations.ts
│ ├── endpoints.ts
│ ├── policies.ts
│ └── updates.ts
└── __tests__/domains/ # one test per domainPer-request credential isolation via AsyncLocalStorage — concurrent requests in HTTP mode never share credentials through process.env.
Development
npm install
npm run build
npm test
npm run dev # tsc --watch
npm run lint # eslint
npm run typecheckLicense
Apache-2.0. See LICENSE.
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/wyre-technology/action1-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server