{"id":"jumpserver-guacd","name":"guacd","homepage":"https://hub.docker.com/r/jumpserver/guacd","repo_url":"https://hub.docker.com/r/jumpserver/guacd","category":"infrastructure","subcategories":[],"tags":["remote-access","vnc","rdp","ssh","guacamole","gateway","daemon","self-hosted"],"what_it_does":"guacd (the “Guacamole protocol daemon”) is the server-side component of Apache Guacamole that bridges web clients to backend services (e.g., SSH, RDP, VNC) using Guacamole’s protocol.","use_cases":["Provide browser-based access to remote desktops/terminals (SSH/RDP/VNC) via Guacamole","Terminate Guacamole protocol connections and forward sessions to target services","Run as a component in self-hosted remote access gateways"],"not_for":["A general-purpose REST/GraphQL API for application developers","Direct client access to arbitrary services without Guacamole protocol/session configuration","Use where browser-to-backend tunneling must be exposed without careful network and credential controls"],"best_when":"You run Guacamole in a controlled network and want a reliable gateway component to translate Guacamole client traffic to specific backend protocols.","avoid_when":"You cannot properly secure guacd’s network exposure and backend credentials, or you need a cloud-managed service with hosted APIs/SLAs rather than a self-hosted daemon.","alternatives":["Apache Guacamole Server components (as a whole)","SSH/RDP gateway solutions (e.g., reverse proxies + bastion hosts) without Guacamole protocol","NoVNC/other VNC web gateways (different architecture)"],"af_score":22.5,"security_score":48.5,"reliability_score":40.0,"package_type":"mcp_server","discovery_source":["docker_mcp"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:34:21.440430+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Guacamole connection authentication (typically via Guacamole Server and configured credentials), plus backend protocol credentials for SSH/RDP/VNC"],"oauth":false,"scopes":false,"notes":"guacd itself is a protocol daemon; authentication is typically enforced by the surrounding Guacamole Server/auth mechanism and by backend protocol credentials rather than guacd exposing an OAuth/API-style auth layer."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source/self-hosted component; costs are infrastructure/operations rather than API usage pricing."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":22.5,"security_score":48.5,"reliability_score":40.0,"mcp_server_quality":0.0,"documentation_accuracy":0.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":50.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":55.0,"scope_granularity":30.0,"dependency_hygiene":45.0,"secret_handling":50.0,"security_notes":"As a self-hosted gateway component, security depends heavily on transport/network configuration (TLS where applicable), isolation, and safe handling of backend credentials (SSH keys/passwords in configs). There is no evidence here of fine-grained scopes or API-layer authorization; treat guacd exposure as high-risk and ensure least-privilege network access and credential protection.","uptime_documented":20.0,"version_stability":60.0,"breaking_changes_history":40.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["guacd is primarily a daemon/daemonized service rather than an agent-friendly API; programmatic interaction usually requires provisioning configs and managing sessions at the Guacamole Server layer","session semantics and backend connectivity are configuration-driven; failures often require inspecting server logs/config rather than relying on structured API errors","if you expose guacd/Guacamole externally, network-level restrictions and credential management become the primary ‘gotcha’ for agents automating deployments"]}}