{"id":50735410,"url":"https://github.com/wyre-technology/threatlocker-mcp","last_synced_at":"2026-06-10T13:01:25.841Z","repository":{"id":355518236,"uuid":"1224882787","full_name":"wyre-technology/threatlocker-mcp","owner":"wyre-technology","description":"MCP server for ThreatLocker — zero-trust application allowlisting, approval requests, audit logs","archived":false,"fork":false,"pushed_at":"2026-05-26T01:24:22.000Z","size":471,"stargazers_count":1,"open_issues_count":8,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-26T03:14:59.586Z","etag":null,"topics":["mcp","mcp-server","msp","security","threatlocker","zero-trust"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wyre-technology.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-29T18:17:02.000Z","updated_at":"2026-05-26T01:07:15.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/wyre-technology/threatlocker-mcp","commit_stats":null,"previous_names":["wyre-technology/threatlocker-mcp"],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/wyre-technology/threatlocker-mcp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wyre-technology%2Fthreatlocker-mcp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wyre-technology%2Fthreatlocker-mcp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wyre-technology%2Fthreatlocker-mcp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wyre-technology%2Fthreatlocker-mcp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wyre-technology","download_url":"https://codeload.github.com/wyre-technology/threatlocker-mcp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wyre-technology%2Fthreatlocker-mcp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34153483,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-10T02:00:07.152Z","response_time":89,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mcp","mcp-server","msp","security","threatlocker","zero-trust"],"created_at":"2026-06-10T13:01:24.941Z","updated_at":"2026-06-10T13:01:25.829Z","avatar_url":"https://github.com/wyre-technology.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ThreatLocker MCP Server\n\nA Model Context Protocol (MCP) server that provides AI assistants with access to the ThreatLocker Portal API. Manage computers, approval requests, audit logs, and organizations through natural language interactions.\n\n## Features\n\n- **Stateless Architecture**: No session state required, fresh connections per request\n- **Decision-Tree Navigation**: Navigate domains with `threatlocker_navigate`\n- **Gateway Mode**: Multi-tenant support via HTTP headers\n- **Elicitation Support**: Interactive prompts for missing parameters\n- **Comprehensive Error Handling**: Detailed error messages and logging\n- **Docker Support**: Production-ready containerization\n\n## Tools\n\n### Navigation\n- `threatlocker_navigate` - Navigate to a domain to see available tools\n- `threatlocker_status` - Check API connection status and available domains\n\n### Computers\n- `threatlocker_computers_list` - List computers with filters (search, group, pagination)\n- `threatlocker_computers_get` - Get detailed computer information\n- `threatlocker_computers_get_checkins` - Get computer checkin history\n\n### Computer Groups\n- `threatlocker_computer_groups_list` - List computer groups with filters\n- `threatlocker_computer_groups_dropdown` - Get computer groups for dropdown selection\n\n### Approval Requests\n- `threatlocker_approvals_list` - List approval requests with status filters\n- `threatlocker_approvals_get` - Get detailed approval request information\n- `threatlocker_approvals_pending_count` - Get count of pending approvals\n- `threatlocker_approvals_get_permit_application` - Get permit application details\n\n### Audit Log\n- `threatlocker_audit_search` - Search audit log entries with filters\n- `threatlocker_audit_get` - Get detailed audit log entry\n- `threatlocker_audit_file_history` - Get audit history for specific file\n\n### Organizations\n- `threatlocker_organizations_list_children` - List child organizations\n- `threatlocker_organizations_get_auth_key` - Get organization auth key\n- `threatlocker_organizations_for_move_computers` - Get organizations for computer moves\n\n## Configuration\n\n### Environment Variables\n\n#### Stdio Mode (Direct API Access)\n```bash\nTHREATLOCKER_API_KEY=your_api_key_here\nTHREATLOCKER_ORGANIZATION_ID=your_org_id_here\nMCP_TRANSPORT=stdio\n```\n\n#### Gateway Mode (Multi-tenant)\n```bash\nAUTH_MODE=gateway\nMCP_TRANSPORT=http\nMCP_HTTP_PORT=8080\nMCP_HTTP_HOST=0.0.0.0\n```\n\n#### Gateway Mode Headers\nWhen running in gateway mode, include these headers with each request:\n- `X-Threatlocker-Api-Key`: Your ThreatLocker API key\n- `X-Threatlocker-Organization-Id`: Your organization ID\n\n### Logging\n```bash\nLOG_LEVEL=debug|info|warn|error  # Default: info\n```\n\n## Local Development\n\n1. Clone the repository:\n```bash\ngit clone https://github.com/wyre-technology/threatlocker-mcp.git\ncd threatlocker-mcp\n```\n\n2. Install dependencies:\n```bash\nnpm install\n```\n\n3. Set environment variables:\n```bash\ncp .env.example .env\n# Edit .env with your ThreatLocker credentials\n```\n\n4. Build and run:\n```bash\nnpm run build\nnpm start\n\n# Or for development with hot reload:\nnpm run dev\n```\n\n5. Test the server:\n```bash\n# Stdio mode\necho '{\"jsonrpc\": \"2.0\", \"id\": 1, \"method\": \"tools/list\"}' | npm start\n\n# HTTP mode\ncurl http://localhost:8080/health\n```\n\n## Docker\n\n### Using Docker Compose\n\n```bash\n# Pull and run latest image\ndocker compose up -d\n\n# Or build locally\ndocker compose -f docker-compose.dev.yml up --build\n```\n\n### Using Docker directly\n\n```bash\n# Gateway mode (recommended)\ndocker run -d \\\n  --name threatlocker-mcp \\\n  -p 8080:8080 \\\n  -e AUTH_MODE=gateway \\\n  ghcr.io/wyre-technology/threatlocker-mcp:latest\n\n# Stdio mode\ndocker run -d \\\n  --name threatlocker-mcp \\\n  -e THREATLOCKER_API_KEY=your_key \\\n  -e THREATLOCKER_ORGANIZATION_ID=your_org_id \\\n  -e MCP_TRANSPORT=stdio \\\n  ghcr.io/wyre-technology/threatlocker-mcp:latest\n```\n\n## Architecture\n\n### Directory Structure\n```\nsrc/\n├── domains/           # Domain-specific handlers\n│   ├── computers.ts\n│   ├── computer_groups.ts\n│   ├── approval_requests.ts\n│   ├── audit_log.ts\n│   ├── organizations.ts\n│   ├── navigation.ts\n│   └── index.ts\n├── utils/             # Utilities\n│   ├── client.ts      # ThreatLocker API client\n│   ├── logger.ts      # Structured logging\n│   ├── types.ts       # TypeScript types\n│   ├── server-ref.ts  # Server reference for elicitation\n│   └── elicitation.ts # Interactive prompts\n├── server.ts          # MCP server creation\n├── index.ts           # Stdio transport entry\n└── http.ts            # HTTP transport entry\n```\n\n### Design Patterns\n- **Domain Handlers**: Each API area has its own handler with `getTools()` and `handleCall()`\n- **Lazy Loading**: Domain handlers are imported on-demand\n- **Fresh Connections**: New server instance per HTTP request for stateless operation\n- **Credential Invalidation**: Client is reset when credentials change\n- **Elicitation Framework**: Interactive prompts for missing parameters\n\n## License\n\nApache-2.0 - see [LICENSE](LICENSE) for details.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwyre-technology%2Fthreatlocker-mcp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwyre-technology%2Fthreatlocker-mcp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwyre-technology%2Fthreatlocker-mcp/lists"}