{"id":"isac322-kwin-mcp","name":"kwin-mcp","homepage":"https://pypi.org/project/kwin-mcp/","repo_url":"https://github.com/isac322/kwin-mcp","category":"automation","subcategories":[],"tags":["mcp","model-context-protocol","desktop-automation","gui-automation","wayland","kde","kwin","at-spi2","accessibility","libei","e2e-testing","headless-testing","python"],"what_it_does":"kwin-mcp is an MCP (Model Context Protocol) server for Linux KDE Plasma 6 on Wayland that enables AI agents to start isolated virtual KWin sessions (or connect to live sessions) and automate desktop GUI interactions. It provides MCP tools for session management, UI observation via AT-SPI2 accessibility trees and screenshots, and action injection via KWin’s Emulated Input Server (EIS)/libei, covering mouse, keyboard, touch, clipboard, window management, and some advanced D-Bus/diagnostic utilities.","use_cases":["End-to-end GUI testing for Wayland apps on KDE Plasma in isolated virtual sessions","AI-driven desktop automation using structured accessibility trees","Live desktop collaboration/automation by attaching to an existing KWin session (including containerized ones)","Headless-ish CI/CD style desktop testing using virtual KWin compositors","Kiosk/embedded device UI automation on KDE Plasma/Wayland"],"not_for":["Secure remote multi-tenant deployments without additional network/isolation controls","Environments that require strong user-consent prompts for input injection","Non-KDE/Wayland systems (or non-Plasma 6 Wayland setups) where KWin EIS/libei/AT-SPI2 integration may not apply","Use as a general-purpose web/API service over HTTPS (it is a local MCP stdio server)"],"best_when":"You control the host environment and want an agent to run GUI automation inside isolated KWin Wayland sessions on KDE Plasma 6, using accessibility trees for robust element targeting.","avoid_when":"You need a hardened, auth-gated service exposed to untrusted networks/clients, or you cannot run the required KDE/Wayland/EIS/AT-SPI2 components.","alternatives":["SikuliX (vision-based, less robust for accessibility-first agents)","Playwright (web-focused, not general Wayland desktop GUI)","Robot Framework + Sikuli/remote desktop approaches","VNC/remote desktop automation tools (less integrated with Wayland accessibility trees)","Other MCP servers for UI automation (if available for your desktop stack)"],"af_score":53.2,"security_score":30.5,"reliability_score":30.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:39:41.458105+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Local stdio MCP transport (client launches/execs the server via command/args)"],"oauth":false,"scopes":false,"notes":"The README emphasizes 'zero authorization prompts' by using private KWin/EIS D-Bus interfaces, but it does not describe any authentication/authorization mechanism for controlling the MCP server itself. In practice, auth likely depends on who can execute/use the local process and access the user session/DBus."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source MIT package; no pricing model indicated."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":53.2,"security_score":30.5,"reliability_score":30.0,"mcp_server_quality":86.0,"documentation_accuracy":78.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":20.0,"rate_limit_clarity":0.0,"tls_enforcement":0.0,"auth_strength":25.0,"scope_granularity":20.0,"dependency_hygiene":55.0,"secret_handling":60.0,"security_notes":"Local automation tool with powerful input injection capabilities. README does not document authentication/authorization controls for MCP access; security largely relies on local process execution permissions and session isolation choices. It claims isolation via dbus-run-session + virtual KWin and optional home isolation (isolate_home), which is a positive security model, but there is no explicit discussion of permission boundaries, audit logging, or safe handling of sensitive UI/clipboard data. Dependencies listed include mcp, PyGObject, dbus-python, Pillow; no vulnerability/CVE posture is provided.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":40.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":"Most tools (e.g., mouse/keyboard input, session_start/connect) are inherently stateful and not obviously idempotent; no explicit idempotency guidance is provided.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Input injection targets are best derived from accessibility_tree/find_ui_elements; coordinate-based actions may be brittle across window layouts/resolutions.","Session lifecycle matters: session_stop behavior differs between virtual (terminates KWin/apps) and live (disconnects only).","Clipboard tools require enable_clipboard=true in session_start (and wl-clipboard installed).","keyboard_type_unicode may depend on wtype or clipboard fallback utilities being installed."]}}