v1.1.3

• Publishing to MCP registry for better reach and usability.
• Updated README.md for PyPI. No change to fleet-mcp server itself.
• Full Changelog: v1.1.2...v1.1.3

v1.1.2

[1.1.2] - 2025-11-20

Added

• Demo Screenshots: Four screenshots showcasing fleet-mcp in action (LLM-driven host queries, policy management, software tracking, and advanced operations), included in a collapsible README section. You can view it by expanding the Show/Hide Demo Screenshots section on the main README.md page.

Changed

• Policy Tools: Improved fleet_list_policies with fuzzy keyword-based search across all teams.

Fixed

• API None Handling: Corrected handling of None values for device mappings, activities, and certificates.

Documentation

• Updated docs/USAGE.md with policy search and cross-team discovery examples.

Full Changelog: v1.1.0...v1.1.2

v1.1.0

[1.1.0] - 2025-11-20

Added

• Asynchronous Query Execution: New async query pattern to work around the 60-second MCP client timeout limitation in TypeScript-based clients like LM Studio

  • fleet_run_live_query_with_results now supports async mode when FLEET_USE_ASYNC_QUERY_MODE=true
  • fleet_get_query_results tool to retrieve results from async queries by campaign ID
  • fleet_list_async_queries tool to list all running and completed async queries with status filtering
  • fleet_cancel_query tool to cancel running async queries
  • Disk-based storage for intermediate query results with configurable retention (default: 24 hours)
  • Future Redis support planned for distributed deployments

• Schema Overrides Feature: Enhanced osquery table documentation with Fleet's curated metadata

  • Automatic download of YAML schema files from Fleet's GitHub repository (schema/tables/)
  • Local caching of schema overrides in ~/.fleet-mcp/cache/schema_overrides.json
  • Intelligent merging of override data with base osquery schemas
  • Prominent display of usage requirements and examples in fleet_get_osquery_table_schema responses
  • Multi-tier loading strategy: cache → download → stale cache fallback
  • 24-hour cache TTL with graceful degradation if downloads fail

• Fuzzy Matching Host Lookup: Intelligent host identifier resolution for flexible host targeting

  • New host_identifier.py utility module for smart host lookups
  • Support for matching hosts by hostname, UUID, serial number, or hardware model
  • Enhanced fleet_run_live_query_with_results to support fuzzy host matching
  • Automatic disambiguation when multiple hosts match

• CVE Filtering Support: Enhanced vulnerability tracking and reporting

  • New CVE filtering capabilities in software_tools.py
  • Filter software by specific CVE identifiers
  • Improved vulnerability tracking across the fleet
  • Updated documentation with CVE filtering examples

• WebSocket-Based Live Query: Complete rewrite of live query execution

  • Replaced fleet_run_live_query with WebSocket-based fleet_run_live_query_with_results
  • New websocket_client.py module for real-time result streaming
  • Improved reliability and performance for live queries

• Docker Support: Containerized deployment option

  • Added Dockerfile for easy deployment and distribution
  • Simplified setup for containerized environments

• Custom Variables Support: Added support for custom variables in Fleet

• Development Tooling:

  • Pre-commit hooks for automated code quality checks (Black, isort, mypy)
  • .pre-commit-hooks-guide.md documentation
  • Updated CONTRIBUTING.md with pre-commit setup instructions
  • Auto-updating pre-commit hook versions

• Security Policy: Added SECURITY.md file with security reporting direction.

Changed

• Query Tool Enhancement: fleet_run_live_query_with_results now returns campaign_id and status immediately in async mode instead of blocking
• Configuration Options: Added three new configuration parameters:
  • use_async_query_mode (default: false) - Enable async query execution
  • async_query_storage_dir (default: .fleet_mcp_async_queries) - Directory for storing async query results
  • async_query_retention_hours (default: 24) - Hours to retain completed query results
• Table Schema Cache: Enhanced TableSchemaCache to support schema overrides with automatic download and caching
• Health Check: Now reports schema override cache status and source (cache/download/none)

Fixed

• Policy Creation: Fixed issue with creating policies globally vs team-specific
• WebSocket Connection: Improved WebSocket connection handling for live queries
• Import Organization: Updated known_first_party in pyproject.toml for better import sorting

Technical Improvements

• AsyncQueryManager: New disk-based query job manager with status tracking (pending/running/completed/failed/cancelled)
• Background Task Management: Async queries run in background tasks with proper lifecycle management
• Code Refactoring: Applied some DRY (Don't Repeat Yourself) principles across the codebase
  • Refactored all tools to use common response formatting functions
  • Created common utilities for pagination parameter building
  • Applied @handle_fleet_api_errors decorator across all tool functions
  • Consolidated error handling and response formatting
  • Refactored activity, device, user, config, team, VPP, and async query tools
• Error Handling: Improved error messages for async query operations with detailed status information
• Code Quality: Temporarily disabled ruff formatter in favor of Black for more consistent formatting
• Package Updates: Updated uv packages and added WebSocket dependencies

Documentation

• Updated usage documentation with async query pattern examples
• Added schema overrides feature documentation
• Enhanced configuration guide with new async query settings
• Added CVE filtering examples
• Added fuzzy host matching documentation
• Enhanced troubleshooting section

Full Changelog: v1.0.2...v1.1.0

v1.0.2

Fully fleshed out Fleet tools to make fleet-mcp useful.

What's new in v1.0.2:

• fleet_get_script now gets the full script content in addition to the metadata
• fleet_health_check will return current version number of fleet-mcp itself

---

Read-Only Tools (Default Mode. Set by readonly=true)

Host Management

• fleet_list_hosts - List hosts with filtering, pagination, and search
• fleet_get_host - Get detailed information about a specific host by ID
• fleet_get_host_by_identifier - Get host by hostname, UUID, or hardware serial
• fleet_search_hosts - Search hosts by hostname, UUID, serial number, or IP
• fleet_list_host_upcoming_activities - List upcoming activities for a specific host
• fleet_list_host_past_activities - List past activities for a specific host
• fleet_get_host_mdm - Get MDM information for a specific host
• fleet_list_host_certificates - List certificates for a specific host
• fleet_get_host_macadmins - Get macadmins data (Munki, MDM profiles) for a host
• fleet_get_host_device_mapping - Get device mapping information for a host
• fleet_get_host_encryption_key - Get disk encryption recovery key for a host

Query Management

• fleet_list_queries - List all saved queries with pagination
• fleet_get_query - Get details of a specific saved query
• fleet_get_query_report - Get the latest results from a scheduled query

Policy Management

• fleet_list_policies - List all compliance policies
• fleet_get_policy_results - Get compliance results for a specific policy

Software & Vulnerabilities

• fleet_list_software - List software inventory across the fleet
• fleet_get_software - Get detailed information about a specific software item
• fleet_get_host_software - Get software installed on a specific host
• fleet_get_vulnerabilities - List known vulnerabilities with filtering
• fleet_get_cve - Get detailed information about a specific CVE
• fleet_search_software - Search for software by name
• fleet_find_software_on_host - Find specific software on a host by hostname
• fleet_get_software_install_result - Get the result of a software installation request
• fleet_list_software_titles - List software titles across the fleet
• fleet_get_software_title - Get detailed information about a specific software title

Team Management

• fleet_list_teams - List all teams
• fleet_get_team - Get details of a specific team
• fleet_list_team_users - List all users that are members of a specific team
• fleet_get_team_secrets - List team-specific enroll secrets

User Management

• fleet_list_users - List all users with filtering
• fleet_get_user - Get details of a specific user
• fleet_list_user_sessions - List active sessions for a user
• fleet_get_session - Get session details by ID

Label Management

• fleet_list_labels - List all labels
• fleet_get_label - Get detailed information about a specific label

Pack Management

• fleet_list_packs - List all query packs
• fleet_get_pack - Get detailed information about a specific pack
• fleet_list_scheduled_queries - List scheduled queries in a specific pack

Script Management

• fleet_list_scripts - List all scripts available in Fleet
• fleet_get_script - Get details of a specific script
• fleet_get_script_result - Get the result of a script execution
• fleet_list_batch_scripts - List batch script executions
• fleet_get_batch_script - Get details of a batch script execution
• fleet_list_batch_script_hosts - List hosts in a batch script execution
• fleet_list_host_scripts - List scripts available for a specific host

MDM Management

• fleet_list_mdm_commands - List MDM commands that have been executed
• fleet_get_mdm_command_results - Get results of MDM commands
• fleet_list_mdm_profiles - List MDM configuration profiles
• fleet_get_host_mdm_profiles - Get MDM profiles installed on a specific host
• fleet_get_mdm_profiles_summary - Get summary of MDM profile deployment status
• fleet_get_filevault_summary - Get FileVault encryption summary
• fleet_list_mdm_devices - List all MDM-enrolled Apple devices
• fleet_get_bootstrap_metadata - Get metadata about a bootstrap package for a team
• fleet_get_bootstrap_summary - Get aggregated summary about bootstrap package deployment
• fleet_get_setup_assistant - Get the MDM Apple Setup Assistant configuration
• fleet_list_mdm_apple_installers - List all Apple MDM installers

VPP/App Store Management

• fleet_list_app_store_apps - List App Store apps available for installation
• fleet_list_vpp_tokens - List VPP tokens configured in Fleet

Configuration Management

• fleet_get_config - Get the current Fleet application configuration
• fleet_get_enroll_secrets - Get the enrollment secrets configuration
• fleet_get_certificate - Get the Fleet server certificate chain
• fleet_get_version - Get the Fleet server version information

Secret Management

• fleet_list_secrets - List secret variables in Fleet

Invite Management

• fleet_list_invites - List pending user invites
• fleet_verify_invite - Verify an invite token and get invite details

Carve Management

• fleet_list_carves - List file carve sessions
• fleet_get_carve - Get detailed information about a specific carve session
• fleet_get_carve_block - Get a specific block of data from a carve session

Device Management

• fleet_get_device_info - Get device information using a device token

Activity Monitoring

• fleet_list_activities - List Fleet activities and audit logs

Osquery Table Discovery & Reference

• fleet_list_osquery_tables - List available osquery tables with dynamic discovery
• fleet_get_osquery_table_schema - Get detailed schema for a specific table
• fleet_suggest_tables_for_query - Get AI-powered table suggestions based on intent

System

• fleet_health_check - Check Fleet server connectivity and authentication

Write/Modify Tools (Requires readonly=false)

These tools can modify Fleet state and are only available when readonly=false is set in the configuration. This will allow you to make changes to your Fleet environment such as creating scripts, policies, managing teams, etc. in addition to the read-only tools. Setting to readonly=true (default) will disable these tools.

Host Management

• fleet_delete_host - Remove a host from Fleet
• fleet_transfer_hosts - Transfer hosts to a different team
• fleet_query_host - Run an ad-hoc live query against a specific host
• fleet_query_host_by_identifier - Run a live query by hostname/UUID/serial
• fleet_cancel_host_activity - Cancel an upcoming activity for a specific host
• fleet_lock_host - Lock a host device remotely
• fleet_unlock_host - Unlock a host device remotely
• fleet_unenroll_host_mdm - Unenroll a host from MDM
• fleet_add_labels_to_host - Add labels to a host
• fleet_remove_labels_from_host - Remove labels from a host
• fleet_refetch_host - Force a host to refetch and update its data immediately

Query Management

• fleet_create_query - Create a new saved query
• fleet_delete_query - Delete a saved query
• fleet_run_live_query - Execute a live query against specified hosts
• fleet_run_saved_query - Run a saved query against hosts

Policy Management

• fleet_create_policy - Create a new compliance policy
• fleet_update_policy - Update an existing policy
• fleet_delete_policy - Delete a policy

Software Management

• fleet_install_software - Install software on a specific host
• fleet_batch_set_software - Batch upload/set software installers for a team

Team Management

• fleet_create_team - Create a new team
• fleet_add_team_users - Add one or more users to a specific team
• fleet_remove_team_user - Remove a specific user from a team

User Management

• fleet_create_user - Create a new user
• fleet_update_user - Update an existing user
• fleet_delete_session - Delete/invalidate a specific session
• fleet_delete_user_sessions - Delete all sessions for a specific user

Label Management

• fleet_create_label - Create a new label
• fleet_update_label - Update an existing label
• fleet_delete_label - Delete a label by name

Pack Management

• fleet_create_pack - Create a new query pack
• fleet_update_pack - Update an existing pack
• fleet_delete_pack - Delete a pack by name

Script Management

• fleet_run_script - Run a script on a specific host
• fleet_run_batch_script - Run a script on multiple hosts
• fleet_cancel_batch_script - Cancel a batch script execution
• fleet_create_script - Create and upload a new script
• fleet_modify_script - Modify an existing script
• fleet_delete_script - Delete a script

MDM Management

• fleet_upload_mdm_profile - Upload a new MDM configuration profile
• fleet_delete_mdm_profile - Delete an MDM configuration profile
• fleet_lock_device - Lock an MDM-enrolled device remotely
• fleet_upload_bootstrap_package - Upload a bootstrap package for MDM enrollment
• fleet_delete_bootstrap_package - Delete a bootstrap package for a team
• fleet_create_setup_assistant - Create or update an MDM Apple Setup Assistant
• fleet_delete_setup_assistant - Delete the MDM Apple Setup Assistant
• fleet_upload_mdm_apple_installer - Upload a new Apple MDM installer package
  Note: The wipe device tool is currently disabled as it is too dangerous. It may be revisited later if really needed.

VPP/App Store Management

• fleet_add_app_store_app - Add an App Store app for distribution
• fleet_update_app_store_app - Update App Store app settings
• fleet_delete_vpp_token - Delete a VPP token

Config...

v1.0.1

Fully fleshed out Fleet tools to make fleet-mcp useful.

Read-Only Tools (Default Mode. Set by readonly=true)

Host Management

• fleet_list_hosts - List hosts with filtering, pagination, and search
• fleet_get_host - Get detailed information about a specific host by ID
• fleet_get_host_by_identifier - Get host by hostname, UUID, or hardware serial
• fleet_search_hosts - Search hosts by hostname, UUID, serial number, or IP
• fleet_list_host_upcoming_activities - List upcoming activities for a specific host
• fleet_list_host_past_activities - List past activities for a specific host
• fleet_get_host_mdm - Get MDM information for a specific host
• fleet_list_host_certificates - List certificates for a specific host
• fleet_get_host_macadmins - Get macadmins data (Munki, MDM profiles) for a host
• fleet_get_host_device_mapping - Get device mapping information for a host
• fleet_get_host_encryption_key - Get disk encryption recovery key for a host

Query Management

• fleet_list_queries - List all saved queries with pagination
• fleet_get_query - Get details of a specific saved query
• fleet_get_query_report - Get the latest results from a scheduled query

Policy Management

• fleet_list_policies - List all compliance policies
• fleet_get_policy_results - Get compliance results for a specific policy

Software & Vulnerabilities

• fleet_list_software - List software inventory across the fleet
• fleet_get_software - Get detailed information about a specific software item
• fleet_get_host_software - Get software installed on a specific host
• fleet_get_vulnerabilities - List known vulnerabilities with filtering
• fleet_get_cve - Get detailed information about a specific CVE
• fleet_search_software - Search for software by name
• fleet_find_software_on_host - Find specific software on a host by hostname
• fleet_get_software_install_result - Get the result of a software installation request
• fleet_list_software_titles - List software titles across the fleet
• fleet_get_software_title - Get detailed information about a specific software title

Team Management

• fleet_list_teams - List all teams
• fleet_get_team - Get details of a specific team
• fleet_list_team_users - List all users that are members of a specific team
• fleet_get_team_secrets - List team-specific enroll secrets

User Management

• fleet_list_users - List all users with filtering
• fleet_get_user - Get details of a specific user
• fleet_list_user_sessions - List active sessions for a user
• fleet_get_session - Get session details by ID

Label Management

• fleet_list_labels - List all labels
• fleet_get_label - Get detailed information about a specific label

Pack Management

• fleet_list_packs - List all query packs
• fleet_get_pack - Get detailed information about a specific pack
• fleet_list_scheduled_queries - List scheduled queries in a specific pack

Script Management

• fleet_list_scripts - List all scripts available in Fleet
• fleet_get_script - Get details of a specific script
• fleet_get_script_result - Get the result of a script execution
• fleet_list_batch_scripts - List batch script executions
• fleet_get_batch_script - Get details of a batch script execution
• fleet_list_batch_script_hosts - List hosts in a batch script execution
• fleet_list_host_scripts - List scripts available for a specific host

MDM Management

• fleet_list_mdm_commands - List MDM commands that have been executed
• fleet_get_mdm_command_results - Get results of MDM commands
• fleet_list_mdm_profiles - List MDM configuration profiles
• fleet_get_host_mdm_profiles - Get MDM profiles installed on a specific host
• fleet_get_mdm_profiles_summary - Get summary of MDM profile deployment status
• fleet_get_filevault_summary - Get FileVault encryption summary
• fleet_list_mdm_devices - List all MDM-enrolled Apple devices
• fleet_get_bootstrap_metadata - Get metadata about a bootstrap package for a team
• fleet_get_bootstrap_summary - Get aggregated summary about bootstrap package deployment
• fleet_get_setup_assistant - Get the MDM Apple Setup Assistant configuration
• fleet_list_mdm_apple_installers - List all Apple MDM installers

VPP/App Store Management

• fleet_list_app_store_apps - List App Store apps available for installation
• fleet_list_vpp_tokens - List VPP tokens configured in Fleet

Configuration Management

• fleet_get_config - Get the current Fleet application configuration
• fleet_get_enroll_secrets - Get the enrollment secrets configuration
• fleet_get_certificate - Get the Fleet server certificate chain
• fleet_get_version - Get the Fleet server version information

Secret Management

• fleet_list_secrets - List secret variables in Fleet

Invite Management

• fleet_list_invites - List pending user invites
• fleet_verify_invite - Verify an invite token and get invite details

Carve Management

• fleet_list_carves - List file carve sessions
• fleet_get_carve - Get detailed information about a specific carve session
• fleet_get_carve_block - Get a specific block of data from a carve session

Device Management

• fleet_get_device_info - Get device information using a device token

Activity Monitoring

• fleet_list_activities - List Fleet activities and audit logs

Osquery Table Discovery & Reference

• fleet_list_osquery_tables - List available osquery tables with dynamic discovery
• fleet_get_osquery_table_schema - Get detailed schema for a specific table
• fleet_suggest_tables_for_query - Get AI-powered table suggestions based on intent

System

• fleet_health_check - Check Fleet server connectivity and authentication

Write/Modify Tools (Requires readonly=false)

These tools can modify Fleet state and are only available when readonly=false is set in the configuration. This will allow you to make changes to your Fleet environment such as creating scripts, policies, managing teams, etc. in addition to the read-only tools. Setting to readonly=true (default) will disable these tools.

Host Management

• fleet_delete_host - Remove a host from Fleet
• fleet_transfer_hosts - Transfer hosts to a different team
• fleet_query_host - Run an ad-hoc live query against a specific host
• fleet_query_host_by_identifier - Run a live query by hostname/UUID/serial
• fleet_cancel_host_activity - Cancel an upcoming activity for a specific host
• fleet_lock_host - Lock a host device remotely
• fleet_unlock_host - Unlock a host device remotely
• fleet_unenroll_host_mdm - Unenroll a host from MDM
• fleet_add_labels_to_host - Add labels to a host
• fleet_remove_labels_from_host - Remove labels from a host
• fleet_refetch_host - Force a host to refetch and update its data immediately

Query Management

• fleet_create_query - Create a new saved query
• fleet_delete_query - Delete a saved query
• fleet_run_live_query - Execute a live query against specified hosts
• fleet_run_saved_query - Run a saved query against hosts

Policy Management

• fleet_create_policy - Create a new compliance policy
• fleet_update_policy - Update an existing policy
• fleet_delete_policy - Delete a policy

Software Management

• fleet_install_software - Install software on a specific host
• fleet_batch_set_software - Batch upload/set software installers for a team

Team Management

• fleet_create_team - Create a new team
• fleet_add_team_users - Add one or more users to a specific team
• fleet_remove_team_user - Remove a specific user from a team

User Management

• fleet_create_user - Create a new user
• fleet_update_user - Update an existing user
• fleet_delete_session - Delete/invalidate a specific session
• fleet_delete_user_sessions - Delete all sessions for a specific user

Label Management

• fleet_create_label - Create a new label
• fleet_update_label - Update an existing label
• fleet_delete_label - Delete a label by name

Pack Management

• fleet_create_pack - Create a new query pack
• fleet_update_pack - Update an existing pack
• fleet_delete_pack - Delete a pack by name

Script Management

• fleet_run_script - Run a script on a specific host
• fleet_run_batch_script - Run a script on multiple hosts
• fleet_cancel_batch_script - Cancel a batch script execution
• fleet_create_script - Create and upload a new script
• fleet_modify_script - Modify an existing script
• fleet_delete_script - Delete a script

MDM Management

• fleet_upload_mdm_profile - Upload a new MDM configuration profile
• fleet_delete_mdm_profile - Delete an MDM configuration profile
• fleet_lock_device - Lock an MDM-enrolled device remotely
• fleet_upload_bootstrap_package - Upload a bootstrap package for MDM enrollment
• fleet_delete_bootstrap_package - Delete a bootstrap package for a team
• fleet_create_setup_assistant - Create or update an MDM Apple Setup Assistant
• fleet_delete_setup_assistant - Delete the MDM Apple Setup Assistant
• fleet_upload_mdm_apple_installer - Upload a new Apple MDM installer package
  Note: The wipe device tool is currently disabled as it is too dangerous. It may be revisited later if really needed.

VPP/App Store Management

• fleet_add_app_store_app - Add an App Store app for distribution
• fleet_update_app_store_app - Update App Store app settings
• fleet_delete_vpp_token - Delete a VPP token

Configuration Management

• fleet_update_config - Update the Fleet application configuration
• fleet_update_enroll_secrets - Update the enrollment secrets configuration

Secret Management

• `fle...

Initial Release of Fleet-MCP

An initial release of an experimental MCP tool for Fleet