{"id":"deploymenttheory-jamfpro-mcp-server","name":"jamfpro-mcp-server","homepage":null,"repo_url":"https://github.com/deploymenttheory/jamfpro-mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","jamf-pro","ai-agents","automation","device-management","oauth2","go"],"what_it_does":"Provides a local Model Context Protocol (MCP) server that integrates with Jamf Pro APIs (Jamf Pro REST and Classic APIs) to allow AI tools to perform device/computer, mobile device, policy, and other management operations via MCP tool calls. Supports OAuth2 and Basic authentication to Jamf Pro and includes configuration for selecting toolsets and dynamic tool discovery.","use_cases":["Automating Jamf Pro workflows and device/policy operations from an AI agent","Fetching and summarizing Jamf Pro inventory data for assistants","Creating/updating/deleting Jamf Pro policies, scripts, and related resources through an MCP host","Managing Apple device/computer administration tasks via AI with controlled toolsets"],"not_for":["Exposing Jamf Pro credentials to untrusted MCP hosts or networks without proper isolation","Use as a generic Jamf Pro API wrapper in HTTP-only environments (it is MCP-first)","Highly regulated environments that require documented org-wide security controls not described in the repo content"],"best_when":"You have an MCP-capable IDE/agent host and want structured Jamf Pro operations with controlled toolsets and OAuth2-based auth.","avoid_when":"You cannot safely handle Jamf client secrets (or Basic auth passwords) inside the MCP host/container environment, or you need strong, explicit rate-limit and error-contract documentation for robust automation.","alternatives":["Direct Jamf Pro API usage from your own application (OAuth2)","Community/unofficial Jamf SDKs or wrappers","A custom thin MCP server tailored to a minimal set of Jamf endpoints","Other Jamf Pro integration options (e.g., webhook-driven or scheduled scripts) if interactive agent control is not required"],"af_score":49.2,"security_score":55.0,"reliability_score":20.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:21:50.417313+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["Go"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth2 (Jamf Pro API roles/clients)","Basic authentication (username/password)"],"oauth":true,"scopes":false,"notes":"Jamf Pro OAuth2 flow is described at a high level (client ID/secret, API roles). The README does not document MCP-level scopes/authorization controls beyond Jamf API permissions."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source; no pricing information provided in the supplied content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":49.2,"security_score":55.0,"reliability_score":20.0,"mcp_server_quality":70.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":10.0,"tls_enforcement":80.0,"auth_strength":70.0,"scope_granularity":30.0,"dependency_hygiene":50.0,"secret_handling":40.0,"security_notes":"Supports OAuth2 (better than Basic) with token refresh claimed by the README. However, the supplied content does not describe secret handling inside the MCP server (logging/redaction), TLS enforcement specifics, or fine-grained scope enforcement at the MCP layer. Running via Docker implies secrets are passed as environment variables, which increases risk if logs/debugging expose them.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":20.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"page/page_size parameters for list operations (varies by toolset)","retry_guidance_documented":false,"known_agent_gotchas":["Toolset allowlisting is important; default enables many toolsets which can expand an agent’s action surface.","Dynamic tool discovery may cause the host/agent to enable additional capabilities at runtime—ensure your agent has constraints.","Some operations are destructive (e.g., delete_* tools); agents should be configured to confirm/guard before calling them.","When using Basic auth, the MCP host/container effectively receives long-lived credentials; rotate/limit permissions where possible.","The README excerpt is truncated for some tool definitions; verify full tool parameter schemas before relying on them programmatically."]}}