Summary
Connects Claude to Action1's endpoint management platform via REST API. Exposes read-only tools for querying managed devices, missing patches, policies, and multi-tenant organization data. The headline use case is patch visibility: ask Claude which endpoints are missing specific updates across your fleet, then cross-reference against policies or inventory metadata. Built on Action1's PowerShell module surface. Ships with stdio and HTTP gateway transports, the latter using per-request credential headers for multi-tenant deployments. Write operations (policy deployment, remediation triggers) are intentionally held back to v2 to limit blast radius during the read-only proving period.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Action1 MCP Server
MCP server for Action1 — endpoint inventory, patch visibility, and policy automation via the Model Context Protocol.
Read-only in v1. Deploy / automation surface is intentionally separated to a later release for blast-radius reasons (a bad policy push can brick endpoint fleets).
Tools
| Tool | Description |
|---|---|
action1_navigate | Discover available tools by domain (organizations / endpoints / policies / updates) |
action1_list_organizations | List Action1 tenants accessible to the configured credentials |
action1_list_endpoints | List managed devices in an organization |
action1_get_endpoint | Get a single endpoint by id |
action1_list_missing_updates | List missing OS/application patches across endpoints — Action1's headline value-prop |
action1_list_policies | List automation / policy / remediation rules |
API surface maps to PSAction1 (Action1's MIT-licensed PowerShell module). When the v1 surface earns its keep, write tools (deploy, requery, package upload) come in v2 behind separate review.
Usage
Claude Desktop (MCPB)
Install via the MCPB bundle from the latest release.
Required credentials (created in Action1 → Settings → API Credentials, non-recoverable on creation — copy immediately):
- API Key (Client ID)
- Secret
- Region (
NorthAmericadefault; alsoEurope,AsiaPacific,Australia) - Optional default organization id (for single-tenant use)
Stdio (direct)
ACTION1_API_KEY=... \
ACTION1_SECRET=... \
ACTION1_REGION=NorthAmerica \
ACTION1_DEFAULT_ORG_ID=org-... \
npx -y github:wyre-technology/action1-mcp
HTTP (gateway mode)
MCP_TRANSPORT=http PORT=8080 AUTH_MODE=gateway \
docker run -p 8080:8080 ghcr.io/wyre-technology/action1-mcp:latest
Per-request credentials via headers:
X-Action1-API-KeyX-Action1-SecretX-Action1-RegionX-Action1-Default-Org-Id
Architecture
src/
├── index.ts # stdio + HTTP transports, tool dispatch
├── sdk/
│ └── action1-client.ts # embedded REST + OAuth client (factor-out candidate
│ # if surface crosses ~20 tools / 2+ domains)
├── utils/
│ ├── client.ts # credential resolution (env vs gateway headers)
│ └── types.ts # DomainHandler interface
├── domains/ # one file per resource type
│ ├── organizations.ts
│ ├── endpoints.ts
│ ├── policies.ts
│ └── updates.ts
└── __tests__/domains/ # one test per domain
Per-request credential isolation via AsyncLocalStorage — concurrent requests in HTTP mode never share credentials through process.env.
Development
npm install
npm run build
npm test
npm run dev # tsc --watch
npm run lint # eslint
npm run typecheck
License
Apache-2.0. See LICENSE.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
ACTION1_CLIENT_ID*Action1 OAuth client ID
ACTION1_CLIENT_SECRET*secretAction1 OAuth client secret
ACTION1_TENANTAction1 tenant identifier (subdomain). Provide this or ACTION1_BASE_URL.
ACTION1_BASE_URLAction1 base URL (e.g. https://your-instance.action1.com). Provide this or ACTION1_TENANT.
MCP_TRANSPORTdefault: stdioTransport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.
AUTH_MODEdefault: envCredential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.
LOG_LEVELdefault: infoLog verbosity: debug, info, warn, error
Categories
Registryactive
Packageghcr.io/wyre-technology/action1-mcp:v1.0.4
TransportSTDIO
AuthRequired
UpdatedJun 4, 2026
