Back to Home
grammy-jiang icon

RouterOS-MCP

Verified Safe

by grammy-jiang

View Source

Overview

A Model Context Protocol (MCP) service for managing multiple MikroTik RouterOS v7 devices, exposing safe and auditable network operations to AI tools with strong security guardrails, role-based authorization, and built-in approval workflows.

Installation

Run Command
uv run python -m routeros_mcp.main -- --config config/lab.yaml

Environment Variables

  • ROUTEROS_MCP_ENVIRONMENT
  • ROUTEROS_MCP_LOG_LEVEL
  • ROUTEROS_MCP_LOG_FORMAT
  • ROUTEROS_MCP_MCP_TRANSPORT
  • ROUTEROS_MCP_MCP_DESCRIPTION
  • ROUTEROS_MCP_MCP_HTTP_HOST
  • ROUTEROS_MCP_MCP_HTTP_PORT
  • ROUTEROS_MCP_MCP_HTTP_BASE_PATH
  • ROUTEROS_MCP_DATABASE_URL
  • ROUTEROS_MCP_DATABASE_POOL_SIZE
  • ROUTEROS_MCP_DATABASE_MAX_OVERFLOW
  • ROUTEROS_MCP_DATABASE_ECHO
  • ROUTEROS_MCP_REDIS_URL
  • ROUTEROS_MCP_REDIS_POOL_SIZE
  • ROUTEROS_MCP_REDIS_TIMEOUT_SECONDS
  • ROUTEROS_MCP_OIDC_ENABLED
  • ROUTEROS_MCP_OIDC_PROVIDER_URL
  • ROUTEROS_MCP_OIDC_CLIENT_ID
  • ROUTEROS_MCP_OIDC_CLIENT_SECRET
  • ROUTEROS_MCP_OIDC_AUDIENCE
  • ROUTEROS_MCP_OIDC_SCOPES
  • ROUTEROS_MCP_OIDC_SKIP_VERIFICATION
  • ROUTEROS_MCP_ROUTEROS_REST_TIMEOUT_SECONDS
  • ROUTEROS_MCP_ROUTEROS_MAX_CONCURRENT_REQUESTS_PER_DEVICE
  • ROUTEROS_MCP_ROUTEROS_RETRY_ATTEMPTS
  • ROUTEROS_MCP_ROUTEROS_RETRY_BACKOFF_BASE
  • ROUTEROS_MCP_ENABLE_HEALTH_CHECKS
  • ROUTEROS_MCP_HEALTH_CHECK_INTERVAL_SECONDS
  • ROUTEROS_MCP_HEALTH_CHECK_JITTER_SECONDS
  • ROUTEROS_MCP_METRICS_COLLECTION_INTERVAL_SECONDS
  • ROUTEROS_MCP_ENABLE_RESOURCE_CACHE
  • ROUTEROS_MCP_RESOURCE_CACHE_DEFAULT_TTL_SECONDS
  • ROUTEROS_MCP_RESOURCE_CACHE_MAX_ENTRIES
  • ROUTEROS_MCP_SNAPSHOT_ENABLED
  • ROUTEROS_MCP_SNAPSHOT_RETENTION_DAYS
  • ROUTEROS_MCP_SNAPSHOT_COMPRESSION_LEVEL
  • ROUTEROS_MCP_SNAPSHOT_MAX_SIZE_BYTES
  • ROUTEROS_MCP_SNAPSHOT_USE_SSH_FALLBACK
  • ROUTEROS_MCP_ENCRYPTION_KEY
  • ROUTEROS_MCP_ENCRYPTION_ALGORITHM
  • ROUTEROS_MCP_PLAN_APPROVAL_REQUIRED
  • ROUTEROS_MCP_PLAN_APPROVAL_TIMEOUT_SECONDS
  • ROUTEROS_MCP_PLAN_PREVIEW_MAX_TOKENS
  • ROUTEROS_MCP_PLAN_MAX_DEVICES
  • ROUTEROS_MCP_PLAN_DEFAULT_BATCH_SIZE
  • ROUTEROS_MCP_PLAN_PAUSE_BETWEEN_BATCHES_SECONDS
  • ROUTEROS_MCP_PLAN_ROLLBACK_ON_FAILURE
  • ROUTEROS_MCP_SMTP_ENABLED
  • ROUTEROS_MCP_SMTP_FROM_ADDRESS
  • ROUTEROS_MCP_SMTP_HOST
  • ROUTEROS_MCP_SMTP_PORT
  • ROUTEROS_MCP_SMTP_USE_TLS
  • ROUTEROS_MCP_SMTP_USERNAME
  • ROUTEROS_MCP_SMTP_PASSWORD
  • ROUTEROS_MCP_SLACK_ENABLED
  • ROUTEROS_MCP_SLACK_WEBHOOK_URL
  • ROUTEROS_MCP_AUTHZ_GROUP_MAPPINGS
  • ROUTEROS_MCP_USER_SESSION_TTL_SECONDS
  • ROUTEROS_MCP_REDIS_SESSION_STORE_TTL_SECONDS
  • ROUTEROS_MCP_RATE_LIMIT_ENABLED
  • ROUTEROS_MCP_RATE_LIMIT_USE_REDIS
  • ROUTEROS_MCP_RATE_LIMIT_DEFAULT_REQUESTS_PER_MINUTE
  • ROUTEROS_MCP_RATE_LIMIT_ROLES_CONFIG
  • ROUTEROS_MCP_TRUSTED_WORKFLOWS

Security Notes

The project demonstrates a strong focus on security design, including server-side enforcement of authorization, encrypted credentials (Fernet), and a robust plan/apply approval framework with HMAC-signed tokens and automatic rollback. It also plans for OAuth 2.1/OIDC multi-user RBAC. However, the Bandit report highlights a `exec` call in `routeros_mcp/mcp_prompts/registry.py` for dynamic prompt handler creation and `autoescape=False` in Jinja2 environment in `routeros_mcp/mcp_prompts/renderer.py`. These are high-severity vulnerabilities if input is not strictly controlled or if rendered output is displayed in a browser context without additional sanitization. While likely used with trusted templates, they introduce a non-trivial risk if not managed with extreme care. Minor hardcoded password warnings from Bandit appear in redaction/placeholder contexts.

Similar Servers

mcp-context-forge

3113

Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.

Other
9
$Low

unifi-network-mcp

119

Programmatic management and automation of UniFi Network Controllers, enabling external systems (like LLMs or custom scripts) to interact with UniFi devices, clients, and network configurations.

Other
6
$Low

unifi-mcp-server

17

A Model Context Protocol (MCP) server that exposes the UniFi Network Controller API, enabling AI agents and applications to interact with UniFi network infrastructure in a standardized way.

Other
9
$Low

mcp-cli

11

A command-line interface tool for managing Model Context Protocol (MCP) server configuration files across various AI tools.

Other
9
$Low

Stats

Interest Score30
Security Score7
Cost ClassMedium
Avg Tokens2500
Stars1
Forks0
Last Update2026-01-13

Tags

RouterOSMikroTikMCPAI ToolsNetwork ManagementSecurityObservabilityPlan/ApplyFleet Management