A Model Context Protocol (MCP) server for the Fleet endpoint security platform.
Transform how you interact with your endpoint data. Query OSQuery, check compliance, and investigate CVEs natively from Claude, Cursor, and any MCP-compatible AI agent.
π GitHub Repo: https://github.com/karmine05/fleet-mcp π Learn about MCP: https://modelcontextprotocol.io/ π Learn about Fleet: https://fleetdm.com/
#DevSecOps #CyberSecurity #AI #ModelContextProtocol #FleetDM #OSQuery #GoLang #OpenSource
Watch 1 hr long walkthrough demonstrating how to use Claude Desktop to instantly write and run live OSQueries across your fleet.
This server provides an MCP interface to Fleet, enabling AI systems (Claude Desktop, Claude Code, Cursor, and any MCP-compatible client) to natively interact with your Fleet deployment. Instead of raw API endpoints, it exposes typed Tools that AI agents can call directly β querying endpoints, running live OSQuery, checking compliance policies, and more.
Both SSE (Server-Sent Events) and stdio transports are supported.
| Tool | Description |
|---|---|
get_endpoints |
List all hosts/endpoints enrolled in Fleet |
get_host |
Get full details for a single host including labels, team, and platform info |
get_queries |
List all saved Fleet queries |
get_policies |
List all policies with pass/fail host counts |
get_labels |
List all endpoint labels |
get_aggregate_platforms |
Get system count broken down by OS platform (macOS/Windows/Linux) |
get_total_system_count |
Get total count of active enrolled systems |
get_policy_compliance |
Check compliance stats for a specific policy ID |
get_vulnerability_impact |
Check how many systems are impacted by a CVE |
prepare_live_query |
Step 1 of 2: Validate targets and get OSQuery schema before running a query |
run_live_query |
Step 2 of 2: Execute an OSQuery SQL statement against live Fleet devices |
create_saved_query |
Create a new saved query in Fleet |
get_osquery_schema |
Get the OSQuery table schema for a given platform |
get_vetted_queries |
Get a library of vetted CIS-8.1 compliance policy queries |
Configure the server using environment variables or a .env file.
| Variable | Default | Description |
|---|---|---|
PORT |
8080 |
HTTP port for SSE transport |
FLEET_BASE_URL |
https://localhost:8080 |
Base URL of your Fleet instance |
FLEET_API_KEY |
(required) | Fleet API token β see Fleet docs |
LOG_LEVEL |
info |
Log verbosity: debug, info, warn, error |
FLEET_TLS_SKIP_VERIFY |
false |
Skip TLS certificate verification. Dev/test only β do not use in production. |
FLEET_CA_FILE |
(optional) | Path to a PEM CA certificate for self-signed Fleet instances |
Copy the provided example to get started:
cp .env.example .env
# Edit .env with your Fleet URL and API key- Go 1.23+
- A running Fleet instance
- A Fleet API key with appropriate permissions
git clone https://github.com/karmine05/fleet-mcp.git
cd fleet-mcp
go mod tidy
go build -o fleet-mcp .Start the server β it will listen for SSE connections:
./fleet-mcp
# Listening on :8080/sseConfigure your MCP client to connect to http://localhost:8080/sse.
For Claude Code, add to your project's .mcp.json or global MCP config:
{
"mcpServers": {
"fleet": {
"type": "sse",
"url": "http://localhost:8080/sse"
}
}
}Stdio mode runs the binary directly as a subprocess with no network port needed.
- Build the binary:
go build -o fleet-mcp . - Edit
~/Library/Application Support/Claude/claude_desktop_config.json(macOS):
{
"mcpServers": {
"fleet": {
"command": "/path/to/fleet-mcp",
"args": ["-transport", "stdio"],
"env": {
"FLEET_BASE_URL": "https://your-fleet.example.com",
"FLEET_API_KEY": "YOUR_FLEET_API_KEY",
"LOG_LEVEL": "info"
}
}
}
}- Relaunch Claude Desktop. The Fleet tools will appear in your context.
- Add a method to
FleetClientinfleet_integration.go - Register the tool via
mcp.NewToolinSetupMCPServerinmcp_server.go
MIT