{"id":26570792,"url":"https://github.com/johnneerdael/netskope-mcp","last_synced_at":"2025-03-22T22:19:17.223Z","repository":{"id":278736516,"uuid":"923883481","full_name":"johnneerdael/netskope-mcp","owner":"johnneerdael","description":null,"archived":false,"fork":false,"pushed_at":"2025-02-21T11:38:33.000Z","size":363,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-21T12:31:10.377Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/johnneerdael.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-29T01:53:05.000Z","updated_at":"2025-02-21T11:38:35.000Z","dependencies_parsed_at":"2025-02-21T12:31:16.331Z","dependency_job_id":"99683d55-af1f-4a0f-8c06-37a94e009f1b","html_url":"https://github.com/johnneerdael/netskope-mcp","commit_stats":null,"previous_names":["johnneerdael/netskope-mcp"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johnneerdael%2Fnetskope-mcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johnneerdael%2Fnetskope-mcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johnneerdael%2Fnetskope-mcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/johnneerdael%2Fnetskope-mcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/johnneerdael","download_url":"https://codeload.github.com/johnneerdael/netskope-mcp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245026537,"owners_count":20549157,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-22T22:19:14.677Z","updated_at":"2025-03-22T22:19:17.178Z","avatar_url":"https://github.com/johnneerdael.png","language":"TypeScript","funding_links":[],"categories":["Cloud \u0026 DevOps MCP Servers","MCP 服务器精选列表","Legend","Table of Contents","サーバー実装","MCP Servers","Cloud Services","Security","☁️ Cloud Platforms","🌐 Web Development","Uncategorized"],"sub_categories":["☁️ 云平台与服务集成 (AWS, Cloudflare, Azure, K8s, etc.)","☁️ \u003ca name=\"cloud-platforms\"\u003e\u003c/a\u003eCloud Platforms","System Automation","☁️ \u003ca name=\"cloud-platforms\"\u003e\u003c/a\u003eクラウドプラットフォーム","☁️ Cloud Platforms","How to Submit","Uncategorized"],"readme":"# Netskope NPA MCP Server\n\nA Model Context Protocol (MCP) server for managing Netskope Network Private Access (NPA) infrastructure through Large Language Models (LLMs).\n\n## Warning\n\nStill lots of work needs to be done for all 50 tools to be operational, i strongly advise against using this with any production environment\n\n## Demonstration\nhttps://github.com/johnneerdael/netskope-mcp/raw/refs/heads/main/demo.mov\n\n## Installation\n\n### Option 1: NPM Package\n\nInstall the package using npm:\n\n```bash\nnpm install @johnneerdael/netskope-mcp\n```\n\n### Option 2: Local Development\n\nClone the repository and install dependencies:\n\n```bash\ngit clone https://github.com/johnneerdael/netskope-mcp.git\ncd netskope-mcp\nnpm install\nnpm run build\n```\n\n### MCP Configuration\n\nAdd the following configuration to your MCP settings file:\n\n#### Windows with WSL\n\nFor NPM installation:\n```json\n{\n \"mcpServers\": {\n \"netskope-mcp\": {\n \"command\": \"wsl.exe\",\n \"args\": [\n \"bash\",\n \"-c\",\n \"source ~/.nvm/nvm.sh \u0026\u0026 NETSKOPE_BASE_URL=https://your-tenant.goskope.com NETSKOPE_API_KEY=your-token npx -y @johnneerdael/netskope-mcp\"\n ]\n }\n }\n}\n```\n\nFor local development:\n```json\n{\n \"mcpServers\": {\n \"netskope-mcp\": {\n \"command\": \"wsl.exe\",\n \"args\": [\n \"bash\",\n \"-c\",\n \"cd /path/to/netskope-mcp \u0026\u0026 NETSKOPE_BASE_URL=https://your-tenant.goskope.com NETSKOPE_API_KEY=your-token node dist/cli.js\"\n ]\n }\n }\n}\n```\n\n#### Linux and macOS\n\nFor NPM installation:\n```json\n{\n \"mcpServers\": {\n \"netskope-mcp\": {\n \"command\": \"npx\",\n \"args\": [\"-y\", \"@johnneerdael/netskope-mcp\"],\n \"env\": {\n \"NETSKOPE_BASE_URL\": \"https://your-tenant.goskope.com\",\n \"NETSKOPE_API_KEY\": \"your-token\"\n }\n }\n }\n}\n```\n\nFor local development:\n```json\n{\n \"mcpServers\": {\n \"netskope-mcp\": {\n \"command\": \"node\",\n \"args\": [\"dist/cli.js\"],\n \"cwd\": \"/path/to/netskope-mcp\",\n \"env\": {\n \"NETSKOPE_BASE_URL\": \"https://your-tenant.goskope.com\",\n \"NETSKOPE_API_KEY\": \"your-token\"\n }\n }\n }\n}\n```\n\n## Environment Variables\n\nThe Netskope NPA MCP Server requires the following environment variables to be configured for proper operation:\n\n### Required Variables\n\n- **NETSKOPE_BASE_URL**\n - **Description**: The base URL of your Netskope tenant\n - **Format**: Full URL including protocol\n - **Example**: `https://your-tenant.goskope.com`\n - **Usage**: Used for all API communications with your Netskope tenant\n - **Note**: Must be the complete tenant URL without any path components\n\n- **NETSKOPE_API_KEY**\n - **Description**: API token for authentication with Netskope services\n - **Format**: String token from Netskope admin console\n - **Example**: `030f31f7d57fd94834af57a3edc4bbda`\n - **Usage**: Required for authenticating all API requests\n - **Security Note**: Keep this token secure and never commit it to version control\n\n### Configuration Examples\n\n#### Development Environment\n```bash\nexport NETSKOPE_BASE_URL=\"https://dev-tenant.goskope.com\"\nexport NETSKOPE_API_KEY=\"your-development-token\"\n```\n\n#### Production Environment\n```bash\nexport NETSKOPE_BASE_URL=\"https://prod-tenant.goskope.com\"\nexport NETSKOPE_API_KEY=\"your-production-token\"\n```\n\n### AlertsTools\n- **getAlertConfig**\n - **Description**: Retrieves the current alert configuration settings for publishers, including notification preferences for various events such as upgrades and connection status changes.\n - **Required Parameters**: None\n - **Response Schema**:\n ```typescript\n {\n adminUsers: string[], // Array of admin user emails to notify\n eventTypes: string[], // Array of event types to monitor\n selectedUsers: string // Additional users to notify\n }\n ```\n - **Event Types**:\n - `UPGRADE_WILL_START`: Notification before a publisher upgrade begins\n - `UPGRADE_STARTED`: Notification when upgrade process initiates\n - `UPGRADE_SUCCEEDED`: Notification upon successful upgrade completion\n - `UPGRADE_FAILED`: Notification if upgrade process fails\n - `CONNECTION_FAILED`: Notification when publisher connection issues occur\n - **Usage Examples**:\n 1. \"Check which administrators are configured to receive upgrade notifications: Use `getAlertConfig` to return the current list of admin users and their notification preferences.\"\n 2. \"Verify the alert configuration before a planned maintenance window: Use `getAlertConfig` to ensure the right team members will be notified of upgrade events.\"\n 3. \"Audit the publisher monitoring setup: Use `getAlertConfig` to show which critical events are being tracked and who receives notifications.\"\n\n- **updateAlertConfig**\n - **Description**: Updates the alert configuration settings for publishers, allowing customization of notification preferences for various system events including upgrades and connection status changes.\n - **Required Parameters**:\n ```typescript\n {\n adminUsers: string[], // Array of admin user emails to receive notifications\n eventTypes: string[], // Array of event types to monitor\n selectedUsers: string // Additional users to receive notifications\n }\n ```\n - **Response Schema**: Same as getAlertConfig\n - **Usage Examples**:\n 1. \"Configure notifications: Update alert settings to ensure critical events are properly monitored.\"\n 2. \"Modify recipients: Adjust the list of administrators who receive specific types of alerts.\"\n 3. \"Event selection: Customize which event types trigger notifications for different user groups.\"\n\n### LocalBrokerTools\n- **listLocalBrokers**\n - **Description**: Lists all configured local brokers in your Netskope environment. Local brokers are used for on-premises Zero Trust Network Access (ZTNA) scenarios where end-users connect to a Local Broker instead of a Cloud Broker to access private applications hosted on-premises.\n - **Required Parameters**: None\n - **Optional Parameters**:\n - `fields`: Array of specific fields to return in the response\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'not found',\n total: number,\n data: Array\u003c{\n id: number, // Unique identifier for the local broker\n name: string, // Display name of the local broker\n common_name: string, // Common name used for broker identification\n registered: boolean // Registration status of the broker\n }\u003e\n }\n ```\n - **Usage Examples**:\n 1. \"Monitor your local broker deployment by listing your local brokers to get an overview of all registered brokers and their current status.\"\n 2. \"Verify high availability setup: Check if you have multiple local brokers configured per site by reviewing the list of deployed brokers.\"\n 3. \"Audit broker registration: List all local brokers to identify any unregistered instances that need attention.\"\n\n- **createLocalBroker**\n - **Description**: Creates a new local broker instance for handling on-premises ZTNA traffic. This is typically used when setting up new sites or expanding capacity for existing locations.\n - **Required Parameters**:\n ```typescript\n {\n name: string // Name for the new local broker\n }\n ```\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'not found',\n data: {\n id: number, // Assigned unique identifier\n name: string, // Configured broker name\n common_name: string, // Assigned common name\n registered: boolean // Initial registration status\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Deploy a new site: Create a local broker twice to ensure high availability for a new office location.\"\n 2. \"Expand capacity: Add additional local brokers to handle increased on-premises traffic by creating new broker instances.\"\n 3. \"Initialize HA setup: Create multiple local brokers with descriptive names indicating their site and role.\"\n\n- **getLocalBroker**\n - **Description**: Retrieves detailed information about a specific local broker by its ID. Use this to monitor the status and configuration of individual broker instances.\n - **Required Parameters**:\n - `id`: Numeric identifier of the local broker to retrieve\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'not found',\n data: {\n id: number, // Broker's unique identifier\n name: string, // Broker's display name\n common_name: string, // Broker's common name\n registered: boolean // Current registration status\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Check broker health: Retrieve specific broker details to verify its registration status and configuration.\"\n 2. \"Troubleshoot connectivity: Get detailed information about a broker that's experiencing issues.\"\n 3. \"Verify deployment: Confirm the successful creation of a new broker by retrieving its details.\"\n\n- **updateLocalBroker**\n - **Description**: Updates the configuration of an existing local broker. This allows you to modify broker settings such as its name while maintaining its identity and connections.\n - **Required Parameters**:\n ```typescript\n {\n id: number, // Identifier of broker to update\n name: string // New name for the broker\n }\n ```\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'not found',\n data: {\n id: number, // Broker's identifier\n name: string, // Updated broker name\n common_name: string, // Broker's common name\n registered: boolean // Current registration status\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Rename for clarity: Update a broker's name to better reflect its location or role in your infrastructure.\"\n 2. \"Standardize naming: Modify broker names to follow updated naming conventions across your organization.\"\n 3. \"Update HA pair: Adjust broker names to clearly indicate primary and secondary roles.\"\n\n- **deleteLocalBroker**\n - **Description**: Removes a local broker from your Netskope configuration. Use this when decommissioning brokers or cleaning up unused instances.\n - **Required Parameters**:\n - `id`: Numeric identifier of the local broker to delete\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'not found'\n }\n ```\n - **Usage Examples**:\n 1. \"Decommission old brokers: Remove brokers that are no longer needed or have been replaced.\"\n 2. \"Clean up test instances: Delete temporary brokers created for testing purposes.\"\n 3. \"Site consolidation: Remove brokers from decommissioned locations while maintaining service at active sites.\"\n\n- **getBrokerConfig**\n - **Description**: Retrieves the global configuration settings for local brokers, including hostname configurations that affect all broker instances.\n - **Required Parameters**: None\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'not found',\n data: {\n hostname: string // Global hostname configuration\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Review global settings: Check the current hostname configuration affecting all local brokers.\"\n 2. \"Prepare for changes: Verify existing configuration before planning updates.\"\n 3. \"Audit configuration: Ensure hostname settings align with your network architecture.\"\n\n- **updateBrokerConfig**\n - **Description**: Updates the global configuration settings for all local brokers, allowing you to modify system-wide broker behavior.\n - **Required Parameters**:\n ```typescript\n {\n hostname: string // New hostname configuration\n }\n ```\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'not found',\n data: {\n hostname: string // Updated hostname configuration\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Modify global settings: Update the hostname configuration to reflect network changes.\"\n 2. \"Infrastructure updates: Adjust broker configurations to accommodate new networking requirements.\"\n 3. \"Standardize setup: Ensure consistent hostname configuration across all broker instances.\"\n\n- **generateLocalBrokerRegistrationToken**\n - **Description**: Generates a new registration token for a specific local broker, enabling secure registration with the Netskope management plane.\n - **Required Parameters**:\n - `id`: Numeric identifier of the local broker\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'not found',\n data: {\n token: string // Generated registration token\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Secure new broker: Generate a token to safely register a newly deployed local broker.\"\n 2. \"Re-register broker: Create a new token when needing to re-establish broker registration.\"\n 3. \"Token rotation: Generate new registration tokens as part of security maintenance.\"\n\n### PolicyTools\n- **listRules**\n - **Description**: Lists all policy rules configured in your Netskope Private Access environment. These rules define access controls for private applications using Zero Trust Network Access (ZTNA) principles.\n - **Required Parameters**: None\n - **Optional Parameters**: \n - `fields`: Array of specific fields to return\n - `filter`: Filter criteria for the rules\n - `limit`: Maximum number of rules to return\n - `offset`: Number of rules to skip\n - `sortby`: Field to sort by\n - `sortorder`: Sort direction ('asc' or 'desc')\n - **Response Schema**:\n ```typescript\n {\n data: {\n rules: Array\u003c{\n id: number,\n name: string,\n description?: string,\n enabled: boolean,\n action: 'allow' | 'block',\n policy_group_id: number,\n priority: number,\n conditions: Array\u003c{\n type: 'private_app' | 'user' | 'group' | 'organization_unit' | 'location' | 'device',\n operator: 'in' | 'not_in' | 'equals' | 'not_equals' | 'contains' | 'not_contains' | 'starts_with' | 'ends_with',\n value: string | string[] | number | number[]\n }\u003e,\n created_at: string,\n updated_at: string\n }\u003e\n },\n status: 'success' | 'error',\n total: number\n }\n ```\n - **Usage Examples**:\n 1. \"Audit access policies to review all configured rules and their conditions to ensure proper access controls.\"\n 2. \"Prioritize rules: List rules sorted by priority to understand the order of policy evaluation and identify potential conflicts.\"\n 3. \"Filter specific policies: Retrieve rules related to specific applications or user groups using the filter parameter.\"\n\n- **getRule**\n - **Description**: Retrieves detailed information about a specific policy rule by its ID. Use this to examine individual rule configurations and conditions.\n - **Required Parameters**: \n - `id`: Numeric identifier of the policy rule\n - **Optional Parameters**: \n - `fields`: Array of specific fields to return\n - **Response Schema**:\n ```typescript\n {\n data: {\n id: number,\n name: string,\n description?: string,\n enabled: boolean,\n action: 'allow' | 'block',\n policy_group_id: number,\n priority: number,\n conditions: Array\u003c{\n type: 'private_app' | 'user' | 'group' | 'organization_unit' | 'location' | 'device',\n operator: 'in' | 'not_in' | 'equals' | 'not_equals' | 'contains' | 'not_contains' | 'starts_with' | 'ends_with',\n value: string | string[] | number | number[]\n }\u003e,\n created_at: string,\n updated_at: string\n },\n status: 'success' | 'error'\n }\n ```\n - **Usage Examples**:\n 1. \"Troubleshoot access issues: Examine specific rule details to understand why access might be blocked or allowed.\"\n 2. \"Verify rule conditions: Check the exact conditions configured for a critical access policy.\"\n 3. \"Review rule history: Check creation and update timestamps to track policy changes.\"\n\n- **createRule**\n - **Description**: Creates a new policy rule to control access to private applications. Rules can be based on various conditions including user identity, device status, and location.\n - **Required Parameters**:\n ```typescript\n {\n name: string, // Rule name\n description?: string, // Optional rule description\n enabled: boolean, // Rule status\n action: 'allow' | 'block', // Access action\n policy_group_id: number, // Associated policy group\n priority: number, // Rule priority\n conditions: Array\u003c{\n type: 'private_app' | 'user' | 'group' | 'organization_unit' | 'location' | 'device',\n operator: 'in' | 'not_in' | 'equals' | 'not_equals' | 'contains' | 'not_contains' | 'starts_with' | 'ends_with',\n value: string | string[] | number | number[]\n }\u003e\n }\n ```\n - **Usage Examples**:\n 1. \"Implement least privilege access: Create rules that grant access only to specific applications based on user roles and device status.\"\n 2. \"Set up location-based policies: Define rules that restrict access based on user location for compliance requirements.\"\n 3. \"Configure group-based access: Create rules that allow specific user groups to access designated private applications.\"\n\n- **updateRule**\n - **Description**: Updates an existing policy rule's configuration. Use this to modify access controls, conditions, or rule properties.\n - **Required Parameters**: \n - `id`: Numeric identifier of the rule to update\n - `data`: Updated rule configuration following the same schema as create_rule\n - **Response Schema**:\n ```typescript\n {\n data: {\n // Updated rule details (same as get_rule response)\n },\n status: 'success' | 'error'\n }\n ```\n - **Usage Examples**:\n 1. \"Adjust access conditions: Modify rule conditions to accommodate new security requirements or organizational changes.\"\n 2. \"Update rule priority: Change a rule's priority to ensure proper policy evaluation order.\"\n 3. \"Enable/disable rules: Toggle rule status during maintenance or when implementing policy changes.\"\n\n- **deleteRule**\n - **Description**: Removes a policy rule from your configuration. Use with caution as this permanently removes the access control policy.\n - **Required Parameters**: \n - `id`: Numeric identifier of the rule to delete\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'error'\n }\n ```\n - **Usage Examples**:\n 1. \"Clean up obsolete policies: Remove rules that are no longer needed or have been superseded by new policies.\"\n 2. \"Policy consolidation: Delete redundant rules after merging policy configurations.\"\n 3. \"Remove temporary rules: Clean up temporary access policies created for specific projects or maintenance.\"\n\n### PrivateAppsTools\n- **createPrivateApp**\n - **Description**: Creates a new private application in your Netskope environment. This allows you to define and configure applications that will be accessible through your Zero Trust Network Access (ZTNA) infrastructure.\n - **Required Parameters**:\n ```typescript\n {\n app_name: string, // Name of the private application\n host: string, // Host address of the application\n clientless_access: boolean, // Enable clientless access\n is_user_portal_app: boolean, // Show in user portal\n protocols: Array\u003c{\n port: string, // Port number\n type: 'tcp' | 'udp' // Protocol type\n }\u003e,\n publisher_tags?: Array\u003c{ // Optional publisher tags\n tag_name: string\n }\u003e,\n publishers: Array\u003c{ // Associated publishers\n publisher_id: string,\n publisher_name: string\n }\u003e,\n trust_self_signed_certs: boolean, // Trust self-signed certificates\n use_publisher_dns: boolean, // Use publisher DNS\n allow_unauthenticated_cors?: boolean, // Optional CORS settings\n allow_uri_bypass?: boolean, // Optional URI bypass\n bypass_uris?: string[], // Optional bypass URIs\n real_host?: string, // Optional real host\n app_option?: Record\u003cstring, unknown\u003e // Additional options\n }\n ```\n - **Response Schema**:\n ```typescript\n {\n data: {\n allow_unauthenticated_cors: boolean,\n allow_uri_bypass: boolean,\n uribypass_header_value: string,\n bypass_uris: string[],\n app_option: Record\u003cstring, unknown\u003e,\n clientless_access: boolean,\n host: string,\n id: number,\n is_user_portal_app: boolean,\n name: string,\n protocols: Array\u003c{\n ports: string[],\n type: string\n }\u003e,\n real_host: string,\n service_publisher_assignments: Array\u003c{\n primary: boolean,\n publisher_id: number,\n publisher_name: string,\n reachability: {\n error_code: number,\n error_string: string,\n reachable: boolean\n },\n service_id: number\n }\u003e,\n tags: Array\u003c{\n tag_id: number,\n tag_name: string\n }\u003e,\n trust_self_signed_certs: boolean,\n use_publisher_dns: boolean\n },\n status: 'success' | 'not found'\n }\n ```\n - **Usage Examples**:\n 1. \"Deploy internal application: Create a private app definition for an internal web service with specific protocol and security settings.\"\n 2. \"Configure high availability: Set up a private application with multiple publishers for redundancy.\"\n 3. \"Enable secure access: Create a private app with strict security settings and specific bypass rules.\"\n\n- **updatePrivateApp**\n - **Description**: Updates the configuration of an existing private application, allowing modification of access settings, protocols, and security parameters.\n - **Required Parameters**:\n ```typescript\n {\n id: number, // Application ID\n // All other fields same as create_private_app\n }\n ```\n - **Response Schema**: Same as create_private_app\n - **Usage Examples**:\n 1. \"Modify security settings: Update certificate trust settings and CORS configuration for enhanced security.\"\n 2. \"Adjust access parameters: Update protocols or bypass rules to accommodate changing requirements.\"\n 3. \"Publisher reassignment: Modify the list of publishers handling the application traffic.\"\n\n- **deletePrivateApp**\n - **Description**: Removes a private application from your Netskope configuration. This action permanently removes the application definition and associated access controls.\n - **Required Parameters**:\n - `id`: Numeric identifier of the private application\n - **Response Schema**:\n ```typescript\n {\n status: number,\n result: string\n }\n ```\n - **Usage Examples**:\n 1. \"Decommission service: Remove a private application that is no longer in use.\"\n 2. \"Clean up test apps: Delete temporary applications used for testing.\"\n 3. \"Remove deprecated services: Clean up old application definitions during infrastructure updates.\"\n\n- **getPrivateApp**\n - **Description**: Retrieves detailed configuration information about a specific private application.\n - **Required Parameters**:\n - `id`: Numeric identifier of the private application\n - **Response Schema**: Same as create_private_app response\n - **Usage Examples**:\n 1. \"Audit configuration: Review detailed settings of a private application for compliance checks.\"\n 2. \"Troubleshoot access: Examine application configuration to resolve connectivity issues.\"\n 3. \"Verify settings: Confirm proper configuration after making changes to the application.\"\n\n- **listPrivateApps**\n - **Description**: Retrieves a list of all configured private applications with their configurations.\n - **Required Parameters**: None\n - **Optional Parameters**:\n - `fields`: Specific fields to return\n - `filter`: Filter criteria\n - `query`: Search query\n - `limit`: Maximum number of results\n - `offset`: Number of results to skip\n - **Response Schema**:\n ```typescript\n {\n data: Array\u003c{\n // Same fields as get_private_app response\n }\u003e,\n status: 'success' | 'not found',\n total: number\n }\n ```\n - **Usage Examples**:\n 1. \"Inventory applications: Get a complete list of all private applications for audit purposes.\"\n 2. \"Filter by criteria: Search for applications with specific configurations or tags.\"\n 3. \"Paginated review: Retrieve applications in manageable chunks for large deployments.\"\n\n- **getPrivateAppTags**\n - **Description**: Retrieves all tags associated with private applications, useful for organizing and categorizing applications.\n - **Required Parameters**: None\n - **Optional Parameters**:\n - `query`: Search query for tags\n - `limit`: Maximum number of tags\n - `offset`: Number of tags to skip\n - **Response Schema**:\n ```typescript\n {\n data: Array\u003c{\n tag_id: number,\n tag_name: string\n }\u003e,\n status: 'success' | 'not found'\n }\n ```\n - **Usage Examples**:\n 1. \"List categories: Retrieve all tags to understand application categorization.\"\n 2. \"Search tags: Find specific tags matching certain criteria.\"\n 3. \"Tag inventory: Review all available tags for standardization purposes.\"\n\n- **createPrivateAppTags**\n - **Description**: Associates new tags with a private application for better organization and management.\n - **Required Parameters**:\n - `id`: Application identifier\n - `tags`: Array of tag objects\n - **Usage Examples**:\n 1. \"Categorize apps: Add organizational tags to group related applications.\"\n 2. \"Environment labeling: Tag applications based on their deployment environment.\"\n 3. \"Team assignment: Add tags to indicate which team owns or manages the application.\"\n\n- **updatePrivateAppTags**\n - **Description**: Updates the tags associated with one or more private applications.\n - **Required Parameters**:\n - `ids`: Array of application identifiers\n - `tags`: Array of updated tag objects\n - **Usage Examples**:\n 1. \"Bulk tag update: Modify tags for multiple applications simultaneously.\"\n 2. \"Tag standardization: Update tags to conform to new naming conventions.\"\n 3. \"Ownership changes: Update tags to reflect new team assignments.\"\n\n- **updatePrivateAppPublishers**\n - **Description**: Updates the publisher assignments for private applications, controlling which publishers handle application traffic.\n - **Required Parameters**:\n ```typescript\n {\n private_app_ids: string[], // Application IDs\n publisher_ids: string[] // Publisher IDs\n }\n ```\n - **Usage Examples**:\n 1. \"Load balancing: Distribute application traffic across multiple publishers.\"\n 2. \"Publisher migration: Move applications to new or different publishers.\"\n 3. \"HA configuration: Add backup publishers for high availability.\"\n\n- **deletePrivateAppPublishers**\n - **Description**: Removes publisher assignments from private applications.\n - **Required Parameters**:\n ```typescript\n {\n private_app_ids: string[], // Application IDs\n publisher_ids: string[] // Publisher IDs to remove\n }\n ```\n - **Usage Examples**:\n 1. \"Publisher decommission: Remove old publishers from application configurations.\"\n 2. \"Clean up assignments: Remove unnecessary publisher assignments.\"\n 3. \"Reconfigure routing: Remove publishers during traffic flow updates.\"\n\n- **getDiscoverySettings**\n - **Description**: Retrieves the current discovery settings for private applications, which control how applications are discovered and monitored.\n - **Required Parameters**: None\n - **Usage Examples**:\n 1. \"Review discovery: Check current application discovery configuration.\"\n 2. \"Audit settings: Verify discovery parameters for compliance.\"\n 3. \"Monitor configuration: Examine how applications are being discovered and tracked.\"\n\n- **getPolicyInUse**\n - **Description**: Retrieves the active policies associated with specified private applications.\n - **Required Parameters**:\n - `ids`: Array of application identifiers\n - **Usage Examples**:\n 1. \"Policy audit: Review which policies are affecting specific applications.\"\n 2. \"Access control review: Verify policy assignments for security compliance.\"\n 3. \"Troubleshoot access: Check policies when investigating access issues.\"\n\n### PublishersTools\n- **listPublishers**\n - **Description**: Lists all publishers configured in your Netskope environment. Publishers are the components that handle private application traffic and require proper management for optimal performance.\n - **Required Parameters**: None\n - **Optional Parameters**:\n - `fields`: Specific fields to return in the response\n - **Response Schema**:\n ```typescript\n {\n data: {\n publishers: Array\u003c{\n apps_count: number,\n assessment: {\n ca_certs_status: {\n hashes: string[],\n last_modified: number\n },\n eee_support: boolean,\n hdd_free: string,\n hdd_total: string,\n ip_address: string,\n latency: number,\n version: string\n },\n capabilities: {\n DTLS: boolean,\n EEE: boolean,\n auto_upgrade: boolean,\n nwa_ba: boolean,\n pull_nsconfig: {\n orgkey_exist: boolean,\n orguri_exist: boolean\n }\n },\n common_name: string,\n connected_apps: string[],\n id: number,\n lbrokerconnect: boolean,\n name: string,\n publisher_upgrade_profiles_id: number,\n registered: boolean,\n status: 'connected' | 'not registered',\n stitcher_id: number,\n sticher_pop: string,\n upgrade_request: boolean,\n upgrade_status: {\n upstat: string\n }\n }\u003e\n },\n status: 'success' | 'not found',\n total: number\n }\n ```\n - **Usage Examples**:\n 1. \"Monitor deployment: List all publishers to check their connection status and capabilities.\"\n 2. \"Audit configuration: Review publisher settings and associated applications.\"\n 3. \"Capacity planning: Check the number of apps and load across publishers.\"\n\n- **getPublisher**\n - **Description**: Retrieves detailed information about a specific publisher, including its configuration, status, and capabilities.\n - **Required Parameters**:\n - `id`: Numeric identifier of the publisher\n - **Response Schema**: Same as individual publisher in list_publishers response\n - **Usage Examples**:\n 1. \"Health check: Get detailed status information for a specific publisher.\"\n 2. \"Troubleshoot connectivity: Examine publisher capabilities and connection status.\"\n 3. \"Version verification: Check publisher version and upgrade status.\"\n\n- **createPublisher**\n - **Description**: Creates a new publisher instance in your Netskope environment.\n - **Required Parameters**:\n ```typescript\n {\n name: string, // Publisher name\n lbrokerconnect?: boolean, // Optional local broker connection\n publisher_upgrade_profiles_id?: number // Optional upgrade profile assignment\n }\n ```\n - **Response Schema**: Same as get_publisher response\n - **Usage Examples**:\n 1. \"Deploy new publisher: Create a publisher for a new data center location.\"\n 2. \"Expand capacity: Add publishers to handle increased application traffic.\"\n 3. \"Configure HA: Create additional publishers for high availability setup.\"\n\n- **patchPublisher**\n - **Description**: Partially updates a publisher's configuration, allowing modification of specific settings while maintaining others.\n - **Required Parameters**:\n ```typescript\n {\n name: string, // Publisher name\n id?: number, // Optional publisher ID\n lbrokerconnect?: boolean, // Optional local broker connection\n publisher_upgrade_profiles_id?: number // Optional upgrade profile assignment\n }\n ```\n - **Response Schema**: Same as get_publisher response\n - **Usage Examples**:\n 1. \"Update name: Change publisher name to match new naming convention.\"\n 2. \"Modify connection: Update local broker connection settings.\"\n 3. \"Assign profile: Link publisher to an upgrade profile.\"\n\n- **updatePublisher**\n - **Description**: Performs a complete update of a publisher's configuration, replacing all settings with the provided values.\n - **Required Parameters**:\n ```typescript\n {\n id: number, // Publisher ID\n name: string, // Publisher name\n lbrokerconnect?: boolean, // Optional local broker connection\n tags?: Array\u003c{ // Optional tags\n tag_id: number,\n tag_name: string\n }\u003e\n }\n ```\n - **Response Schema**: Same as get_publisher response\n - **Usage Examples**:\n 1. \"Full reconfiguration: Update all publisher settings at once.\"\n 2. \"Tag management: Update publisher tags and configuration together.\"\n 3. \"Reset settings: Replace existing configuration with new values.\"\n\n- **deletePublisher**\n - **Description**: Removes a publisher from your Netskope configuration. Use with caution as this affects application access.\n - **Required Parameters**:\n - `id`: Numeric identifier of the publisher to delete\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'error'\n }\n ```\n - **Usage Examples**:\n 1. \"Decommission publisher: Remove a publisher that's being retired.\"\n 2. \"Clean up test instances: Delete publishers used for testing.\"\n 3. \"Remove unused: Clean up publishers that are no longer needed.\"\n\n- **bulkUpgradePublishers**\n - **Description**: Initiates upgrades for multiple publishers simultaneously.\n - **Required Parameters**:\n ```typescript\n {\n publishers: {\n apply: {\n upgrade_request: boolean // Whether to request upgrade\n },\n id: string[] // Array of publisher IDs\n }\n }\n ```\n - **Response Schema**:\n ```typescript\n {\n data: {\n publishers: Array\u003cPublisherResponse\u003e\n },\n status: 'success' | 'not found'\n }\n ```\n - **Usage Examples**:\n 1. \"Mass upgrade: Upgrade all publishers in a specific region.\"\n 2. \"Staged rollout: Upgrade a subset of publishers at once.\"\n 3. \"Emergency patching: Apply critical updates to multiple publishers.\"\n\n- **getReleases**\n - **Description**: Retrieves information about available publisher releases.\n - **Required Parameters**: None\n - **Response Schema**:\n ```typescript\n {\n data: Array\u003c{\n docker_tag: string,\n is_recommended: boolean,\n release_type: 'Beta' | 'Latest' | 'Latest-1' | 'Latest-2',\n version: string\n }\u003e,\n status: 'success' | 'not found'\n }\n ```\n - **Usage Examples**:\n 1. \"Version planning: Check available releases for upgrade planning.\"\n 2. \"Release tracking: Monitor new versions and recommendations.\"\n 3. \"Compatibility check: Verify release types before upgrading.\"\n\n- **getPrivateApps**\n - **Description**: Retrieves the list of private applications associated with a specific publisher.\n - **Required Parameters**:\n - `publisherId`: Numeric identifier of the publisher\n - **Response Schema**: Application-specific response\n - **Usage Examples**:\n 1. \"App inventory: List all applications handled by a publisher.\"\n 2. \"Load assessment: Check number and type of apps on a publisher.\"\n 3. \"Migration planning: Review apps before moving to a different publisher.\"\n\n- **generatePublisherRegistrationToken**\n - **Description**: Creates a new registration token for a publisher, enabling secure registration with the Netskope control plane.\n - **Required Parameters**:\n - `publisherId`: Numeric identifier of the publisher\n - **Response Schema**:\n ```typescript\n {\n data: {\n token: string // Registration token\n },\n status: string\n }\n ```\n - **Usage Examples**:\n 1. \"Initial setup: Generate token for new publisher registration.\"\n 2. \"Re-registration: Create new token for publisher reconnection.\"\n 3. \"Security refresh: Rotate registration tokens periodically.\"\n\n### UpgradeProfileTools\n- **listUpgradeProfiles**\n - **Description**: Lists all upgrade profiles configured in your Netskope environment. Upgrade profiles define when and how publisher upgrades are performed.\n - **Required Parameters**: None\n - **Response Schema**:\n ```typescript\n {\n data: {\n upgrade_profiles: Array\u003c{\n id: number,\n external_id: number,\n name: string,\n docker_tag: string,\n enabled: boolean,\n frequency: string, // Cron format: minute hour day * DAY_OF_WEEK\n timezone: string, // Standard timezone identifier\n release_type: 'Beta' | 'Latest' | 'Latest-1' | 'Latest-2',\n created_at: string,\n updated_at: string,\n next_update_time?: number,\n num_associated_publisher: number,\n upgrading_stage?: number,\n will_start?: boolean\n }\u003e\n },\n status: 'success' | 'not found',\n total: number\n }\n ```\n - **Usage Examples**:\n 1. \"Review upgrade schedules: List all profiles to understand when different publishers are scheduled for upgrades.\"\n 2. \"Audit configurations: Check all upgrade profiles for consistency in settings and schedules.\"\n 3. \"Monitor upgrade status: View which profiles are actively upgrading or scheduled for updates.\"\n\n- **getUpgradeProfile**\n - **Description**: Retrieves detailed information about a specific upgrade profile, including its schedule and configuration.\n - **Required Parameters**:\n - `id`: Numeric identifier of the upgrade profile\n - **Response Schema**: Same as individual profile in list_upgrade_profiles\n - **Usage Examples**:\n 1. \"Verify settings: Check specific profile configuration before an upgrade window.\"\n 2. \"Troubleshoot upgrades: Examine profile details when investigating upgrade issues.\"\n 3. \"Monitor progress: Track the status of an ongoing upgrade process.\"\n\n- **createUpgradeProfile**\n - **Description**: Creates a new upgrade profile to manage automated publisher upgrades. Profiles control when and how updates are applied to publishers.\n - **Required Parameters**:\n ```typescript\n {\n name: string, // Profile name\n enabled: boolean, // Profile status\n docker_tag: string, // Docker image tag for upgrade\n frequency: string, // Cron schedule format\n timezone: string, // Timezone for schedule\n release_type: 'Beta' | 'Latest' | 'Latest-1' | 'Latest-2'\n }\n ```\n - **Usage Examples**:\n 1. \"Schedule maintenance: Create a profile for regular off-hours upgrades.\"\n 2. \"Beta testing: Set up a profile for testing new releases on selected publishers.\"\n 3. \"Regional updates: Create profiles aligned with different timezone maintenance windows.\"\n\n- **updateUpgradeProfile**\n - **Description**: Updates an existing upgrade profile's configuration, allowing modification of schedule, release type, and other settings.\n - **Required Parameters**:\n - `id`: Profile identifier\n - `data`: Updated profile configuration (same schema as create_upgrade_profile)\n - **Response Schema**:\n ```typescript\n {\n data: {\n // Updated profile details (same as get_upgrade_profile response)\n },\n status: 'success' | 'not found'\n }\n ```\n - **Usage Examples**:\n 1. \"Adjust schedule: Modify upgrade timing to better align with maintenance windows.\"\n 2. \"Change release track: Update profile to use a different release type.\"\n 3. \"Enable/disable upgrades: Toggle profile status during change freeze periods.\"\n\n- **deleteUpgradeProfile**\n - **Description**: Removes an upgrade profile from your configuration. Use with caution as this affects automated upgrade scheduling.\n - **Required Parameters**:\n - `id`: Numeric identifier of the profile to delete\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'not found'\n }\n ```\n - **Usage Examples**:\n 1. \"Remove obsolete profiles: Clean up unused upgrade configurations.\"\n 2. \"Profile consolidation: Delete redundant profiles after consolidating upgrade schedules.\"\n 3. \"Clean up test profiles: Remove temporary profiles used for upgrade testing.\"\n\n### SteeringTools\n- **updatePublisherAssociation**\n - **Description**: Updates the association between private applications and publishers, allowing you to modify which publishers handle specific application traffic.\n - **Required Parameters**:\n ```typescript\n {\n private_app_ids: string[], // Array of private application IDs\n publisher_ids: string[] // Array of publisher IDs\n }\n ```\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'error',\n data: {\n private_app_ids: string[],\n publisher_ids: string[]\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Reassign publishers: Update which publishers handle specific private applications.\"\n 2. \"Load distribution: Modify publisher assignments for better traffic distribution.\"\n 3. \"HA configuration: Set up multiple publishers for application redundancy.\"\n\n- **deletePublisherAssociation**\n - **Description**: Removes associations between private applications and publishers, effectively stopping those publishers from handling the applications' traffic.\n - **Required Parameters**:\n ```typescript\n {\n private_app_ids: string[], // Array of private application IDs\n publisher_ids: string[] // Array of publisher IDs to remove\n }\n ```\n - **Response Schema**: Same as update_publisher_association\n - **Usage Examples**:\n 1. \"Remove associations: Stop specific publishers from handling certain applications.\"\n 2. \"Clean up configuration: Remove unnecessary publisher assignments.\"\n 3. \"Prepare for decommission: Remove applications before retiring a publisher.\"\n\n- **getUserDiagnostics**\n - **Description**: Retrieves diagnostic information about user access to private applications, helping troubleshoot connectivity issues.\n - **Required Parameters**: None\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'error',\n data: {\n user_id: string,\n diagnostics: Array\u003c{\n private_app_id: string,\n private_app_name: string,\n publisher_id: string,\n publisher_name: string,\n status: string,\n timestamp: string\n }\u003e\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Access troubleshooting: Investigate user connectivity issues to private applications.\"\n 2. \"Audit access patterns: Review which publishers users are connecting through.\"\n 3. \"Monitor performance: Check connection status and timing for user access.\"\n\n- **getDeviceDiagnostics**\n - **Description**: Retrieves diagnostic information about device access to specific private applications.\n - **Required Parameters**:\n - `deviceId`: Device identifier\n - `privateAppId`: Private application identifier\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'error',\n data: {\n device_id: string,\n private_app_id: string,\n diagnostics: Array\u003c{\n publisher_id: string,\n publisher_name: string,\n status: string,\n timestamp: string\n }\u003e\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Device troubleshooting: Investigate specific device connectivity issues.\"\n 2. \"Application access: Check device-specific access to private applications.\"\n 3. \"Connection history: Review device connection patterns and status.\"\n\n### ValidationTools\n- **validateName**\n - **Description**: Validates names for various resources (publishers, private apps, policies, etc.) to ensure they meet naming requirements.\n - **Required Parameters**:\n ```typescript\n {\n resourceType: 'publisher' | 'private_app' | 'policy' | 'policy_group' | 'upgrade_profile',\n name: string,\n tagType?: 'publisher' | 'private_app'\n }\n ```\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'error',\n data: {\n valid: boolean,\n message?: string\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Name validation: Check if a proposed resource name meets requirements.\"\n 2. \"Tag verification: Validate tag names before creation.\"\n 3. \"Policy naming: Ensure policy names follow conventions.\"\n\n- **validateResource**\n - **Description**: Validates complete resource configurations before creation or update operations.\n - **Required Parameters**:\n ```typescript\n {\n resourceType: 'publisher' | 'private_app' | 'policy' | 'policy_group' | 'upgrade_profile',\n data: {\n name: string,\n // Additional resource-specific fields\n }\n }\n ```\n - **Response Schema**:\n ```typescript\n {\n status: 'success' | 'error',\n data: {\n valid: boolean,\n errors?: string[]\n }\n }\n ```\n - **Usage Examples**:\n 1. \"Configuration validation: Verify resource settings before creation.\"\n 2. \"Update verification: Validate changes before applying updates.\"\n 3. \"Compliance check: Ensure resources meet required standards.\"\n\n- **searchResources**\n - **Description**: Searches for publishers or private applications based on specified criteria.\n - **Required Parameters**:\n ```typescript\n {\n resourceType: 'publishers' | 'private_apps',\n query: string\n }\n ```\n - **Response Schema**: Resource-specific response format\n - **Usage Examples**:\n 1. \"Resource search: Find resources matching specific criteria.\"\n 2. \"Publisher lookup: Search for publishers by name or attributes.\"\n 3. \"Application discovery: Find private apps matching search terms.\"\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjohnneerdael%2Fnetskope-mcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjohnneerdael%2Fnetskope-mcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjohnneerdael%2Fnetskope-mcp/lists"}