Huntress MCP Server

A Model Context Protocol (MCP) server that provides AI assistants with structured access to Huntress cybersecurity platform data and operations.

Note: This project is maintained by Wyre Technology.

Quick Start

Claude Desktop — download, open, done:

1. Download huntress-mcp.mcpb from the latest release
2. Open the file (double-click or drag into Claude Desktop)
3. Enter your Huntress credentials when prompted (API Key, API Secret)

No terminal, no JSON editing, no Node.js install required.

Claude Code (CLI):

claude mcp add huntress-mcp \
  -e HUNTRESS_API_KEY=your-api-key \
  -e HUNTRESS_API_SECRET=your-api-secret \
  -- npx -y github:wyre-technology/huntress-mcp

See Installation for Docker and from-source methods.

Features

• 🔌 MCP Protocol Compliance: Full support for MCP resources and tools
• 🛡️ Comprehensive Security Coverage: Tools spanning agents, organizations, incidents, escalations, billing, signals, and users
• 🔍 Decision-Tree Navigation: Start with huntress_navigate to explore domains, then dynamically load domain-specific tools
• 📝 CRUD Operations: Create, read, update, delete operations for organizations, memberships, incidents, and more
• 🔒 Secure Authentication: HTTP Basic Auth with Huntress API credentials
• 🌐 Dual Transport: Supports both stdio (local) and HTTP Streamable (remote/Docker) transports
• 📦 MCPB Packaging: One-click installation via MCP Bundle for desktop clients
• 🐳 Docker Ready: Containerized deployment with HTTP transport and health checks
• ⚡ Rate Limiting: Built-in rate limiter respects Huntress API limits (60 req/min)
• 📊 Structured Logging: Comprehensive logging with configurable levels

Table of Contents

• Installation
• Configuration
• Usage
• Domains
• Docker Deployment
• Development
• Testing
• Contributing
• License

Installation

Option 1: MCPB Bundle (Claude Desktop)

The simplest method — no terminal, no JSON editing, no Node.js install required.

1. Download huntress-mcp.mcpb from the latest release
2. Open the file (double-click or drag into Claude Desktop)
3. Enter your Huntress credentials when prompted (API Key, API Secret)

For Claude Code (CLI), one command:

claude mcp add huntress-mcp \
  -e HUNTRESS_API_KEY=your-api-key \
  -e HUNTRESS_API_SECRET=your-api-secret \
  -- npx -y github:wyre-technology/huntress-mcp

Option 2: Docker

docker compose up

Or pull the pre-built image:

docker run -d \
  -e HUNTRESS_API_KEY=your-key \
  -e HUNTRESS_API_SECRET=your-secret \
  -p 8080:8080 \
  ghcr.io/wyre-technology/huntress-mcp:latest

Option 3: From Source

git clone https://github.com/wyre-technology/huntress-mcp.git
cd huntress-mcp
npm ci
npm run build

Configuration

Variable	Description	Default
HUNTRESS_API_KEY	API public key	—
HUNTRESS_API_SECRET	API secret key	—
MCP_TRANSPORT	Transport mode (stdio or http)	stdio
MCP_HTTP_PORT	HTTP server port	8080
AUTH_MODE	Auth mode (env or gateway)	env
LOG_LEVEL	Log level (debug, info, warn, error)	info

Domains

The server uses decision-tree navigation. Start with huntress_navigate to pick a domain:

Domain	Tools
accounts	Get account info, get current actor
agents	List agents, get agent by ID
organizations	List, get, create, update, delete organizations
incidents	Incident reports (list/get/resolve), remediations (list/get/approve/reject), escalations (list/get/resolve)
billing	Billing reports, summary reports
signals	List/get security signals
users	Membership CRUD (list/get/create/update/delete)

Docker Deployment

See docker-compose.yml for full configuration. Copy .env.example to .env and fill in your credentials:

cp .env.example .env
# Edit .env with your Huntress API credentials
docker compose up -d

Development

npm ci
npm run build       # Build the project
npm run dev         # Watch mode
npm run test        # Run tests
npm run lint        # Type-check
npm run clean       # Remove dist/

Testing

npm test            # Run test suite
npm run test:watch  # Watch mode

Contributing

See CONTRIBUTING.md for guidelines.

License

Apache 2.0 — Copyright WYRE Technology