Kaseya VSA
MCP server for Kaseya VSA RMM β agents, patches, procedures, alarms, tickets.
Ask AI about Kaseya VSA
Powered by Claude Β· Grounded in docs
I know everything about Kaseya VSA. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
Kaseya VSA MCP Server
Model Context Protocol (MCP) server for the Kaseya VSA RMM API. Exposes managed endpoints, software / hardware inventory, patch state, agent procedures, alarms, Service Desk tickets, organizations, and machine groups to AI assistants.
Tools
| Tool | Description |
|---|---|
kaseya_vsa_list_agents | List managed endpoints (agents). Optional $filter. |
kaseya_vsa_get_agent | Get an agent's details by ID. |
kaseya_vsa_get_software_inventory | Installed software for an agent. |
kaseya_vsa_get_hardware_inventory | Hardware audit for an agent. |
kaseya_vsa_get_patch_status | Pending and installed patches for an agent. |
kaseya_vsa_deploy_patches_now | Force a patch deploy on an agent (destructive β confirmation required). |
kaseya_vsa_list_procedures | Agent procedures available to run. |
kaseya_vsa_run_procedure | Execute a procedure on an agent (destructive β confirmation required). |
kaseya_vsa_list_alarms | Open alarms (optional state filter; date-window elicitation if missing). |
kaseya_vsa_list_tickets | Service Desk tickets (returns a friendly message if SD module isn't enabled). |
kaseya_vsa_list_organizations | Tenant organizations. |
kaseya_vsa_list_machine_groups | Machine group hierarchy. |
When the user omits required filters or runs a destructive action, the server uses MCP elicitation to prompt for choices or confirm.
Configuration
Environment-variable mode (default)
| Variable | Required | Description |
|---|---|---|
KASEYA_VSA_TENANT_URL | yes | Full base URL incl. /api/v1.0 |
KASEYA_VSA_USERNAME | one of | Local-auth username |
KASEYA_VSA_PASSWORD | one of | Local-auth password (secret) |
KASEYA_VSA_K1_TOKEN | one of | Kaseya One SSO token (alternative to username + password) |
MCP_TRANSPORT | no | stdio (default) or http |
MCP_HTTP_PORT | no | HTTP listen port (default 8080) |
AUTH_MODE | no | env (default) or gateway |
Either the username + password pair OR the KASEYA_VSA_K1_TOKEN is required.
Gateway mode
When deployed behind the WYRE MCP Gateway, set AUTH_MODE=gateway and the
server will read credentials from per-request HTTP headers:
X-Kaseya-VSA-Tenant-Url(required)X-Kaseya-VSA-Username(with password)X-Kaseya-VSA-Password(with username)X-Kaseya-VSA-K1-Token(alternative to username + password)
Each request creates a fresh server instance with isolated credentials β no
cross-tenant process.env pollution.
Local development
npm install
npm run build
KASEYA_VSA_TENANT_URL=https://vsa.example.com/api/v1.0 \
KASEYA_VSA_USERNAME=... \
KASEYA_VSA_PASSWORD=... \
npm start
Run as HTTP for testing:
MCP_TRANSPORT=http npm start
curl http://localhost:8080/health
Docker
docker build -t kaseya-vsa-mcp .
docker run --rm -p 8080:8080 \
-e KASEYA_VSA_TENANT_URL=https://vsa.example.com/api/v1.0 \
-e KASEYA_VSA_USERNAME=... \
-e KASEYA_VSA_PASSWORD=... \
kaseya-vsa-mcp
License
Apache-2.0