Summary
Connects Claude to the Kaseya VSA RMM platform so you can query managed endpoints, inventory, patch status, alarms, and Service Desk tickets without leaving the conversation. Includes destructive operations like deploying patches and running agent procedures, which trigger MCP elicitation prompts for confirmation. Supports both local auth and Kaseya One SSO tokens. The gateway mode is designed for multi-tenant deployments where each request carries isolated credentials via HTTP headers, avoiding cross-tenant credential leakage. Useful if you're managing a fleet through Kaseya and want to triage alerts, audit software installs, or kick off remediation procedures through natural language instead of clicking through the VSA console.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Kaseya VSA MCP Server
Model Context Protocol (MCP) server for the Kaseya VSA RMM API. Exposes managed endpoints, software / hardware inventory, patch state, agent procedures, alarms, Service Desk tickets, organizations, and machine groups to AI assistants.
Tools
| Tool | Description |
|---|---|
kaseya_vsa_list_agents | List managed endpoints (agents). Optional $filter. |
kaseya_vsa_get_agent | Get an agent's details by ID. |
kaseya_vsa_get_software_inventory | Installed software for an agent. |
kaseya_vsa_get_hardware_inventory | Hardware audit for an agent. |
kaseya_vsa_get_patch_status | Pending and installed patches for an agent. |
kaseya_vsa_deploy_patches_now | Force a patch deploy on an agent (destructive — confirmation required). |
kaseya_vsa_list_procedures | Agent procedures available to run. |
kaseya_vsa_run_procedure | Execute a procedure on an agent (destructive — confirmation required). |
kaseya_vsa_list_alarms | Open alarms (optional state filter; date-window elicitation if missing). |
kaseya_vsa_list_tickets | Service Desk tickets (returns a friendly message if SD module isn't enabled). |
kaseya_vsa_list_organizations | Tenant organizations. |
kaseya_vsa_list_machine_groups | Machine group hierarchy. |
When the user omits required filters or runs a destructive action, the server uses MCP elicitation to prompt for choices or confirm.
Configuration
Environment-variable mode (default)
| Variable | Required | Description |
|---|---|---|
KASEYA_VSA_TENANT_URL | yes | Full base URL incl. /api/v1.0 |
KASEYA_VSA_USERNAME | one of | Local-auth username |
KASEYA_VSA_PASSWORD | one of | Local-auth password (secret) |
KASEYA_VSA_K1_TOKEN | one of | Kaseya One SSO token (alternative to username + password) |
MCP_TRANSPORT | no | stdio (default) or http |
MCP_HTTP_PORT | no | HTTP listen port (default 8080) |
AUTH_MODE | no | env (default) or gateway |
Either the username + password pair OR the KASEYA_VSA_K1_TOKEN is required.
Gateway mode
When deployed behind the WYRE MCP Gateway, set AUTH_MODE=gateway and the
server will read credentials from per-request HTTP headers:
X-Kaseya-VSA-Tenant-Url(required)X-Kaseya-VSA-Username(with password)X-Kaseya-VSA-Password(with username)X-Kaseya-VSA-K1-Token(alternative to username + password)
Each request creates a fresh server instance with isolated credentials — no
cross-tenant process.env pollution.
Local development
npm install
npm run build
KASEYA_VSA_TENANT_URL=https://vsa.example.com/api/v1.0 \
KASEYA_VSA_USERNAME=... \
KASEYA_VSA_PASSWORD=... \
npm start
Run as HTTP for testing:
MCP_TRANSPORT=http npm start
curl http://localhost:8080/health
Docker
docker build -t kaseya-vsa-mcp .
docker run --rm -p 8080:8080 \
-e KASEYA_VSA_TENANT_URL=https://vsa.example.com/api/v1.0 \
-e KASEYA_VSA_USERNAME=... \
-e KASEYA_VSA_PASSWORD=... \
kaseya-vsa-mcp
License
Apache-2.0
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Configuration
KASEYA_VSA_TENANT_URL*Full base URL including /api/v1.0 (e.g. https://vsa.example.com/api/v1.0)
KASEYA_VSA_USERNAMELocal-auth username (omit if using Kaseya One token)
KASEYA_VSA_PASSWORDsecretLocal-auth password (omit if using Kaseya One token)
KASEYA_VSA_K1_TOKENsecretKaseya One SSO token (alternative to username + password)
MCP_TRANSPORTdefault: stdioTransport mode for the server. Set to 'stdio' for local CLI use; the image defaults to 'http' for gateway hosting.
AUTH_MODEdefault: envCredential source: 'env' reads vars locally, 'gateway' expects header injection from the WYRE MCP Gateway.
LOG_LEVELdefault: infoLog verbosity: debug, info, warn, error
Registryactive
Packageghcr.io/wyre-technology/kaseya-vsa-mcp:v1.0.7
TransportSTDIO
AuthRequired
UpdatedMay 29, 2026