MCP Server
Bring Breeze operations into MCP workflows.
The Breeze MCP Server exposes RMM capabilities to external AI clients through the Model Context Protocol. Any MCP-compatible host — Claude Desktop, Claude Code, Cursor, Windsurf — can connect to your Breeze instance, query fleet state, triage alerts, deploy patches, and execute scripts. Every action goes through the same RBAC, risk engine, and tenant isolation that governs the native AI assistant.
What Is the Model Context Protocol
The Model Context Protocol (MCP) is an open standard created by Anthropic that defines how AI assistants communicate with external services. Think of it as a universal adapter: instead of building a custom integration for every AI tool, a service exposes its capabilities once through MCP, and any compatible client can use them.
For MSPs, this matters because AI assistants are becoming daily tools for triage, documentation, and workflow automation. Without MCP, those assistants are limited to what they know from their training data. With MCP, they can reach into Breeze and work with live fleet data — device status, active alerts, patch compliance, recent scripts — all through the same governed interface your team already trusts.
Breeze is the first RMM to ship an MCP server. The implementation follows the MCP specification for tool discovery, invocation, and result streaming. When an AI client connects, it receives the full tool catalog and can call any tool the connecting API key is scoped to use.
How It Works
Breeze exposes an SSE (Server-Sent Events) endpoint at /api/v1/mcp/sse. AI clients connect to this endpoint with an API key and receive a persistent stream for tool discovery and result delivery.
The connection flow:
- The AI client opens an SSE connection to your Breeze instance.
- Breeze authenticates the request using the
X-API-Keyheader. - The client receives the tool catalog — names, descriptions, parameter schemas — scoped to what the API key allows.
- When the client sends a tool call, Breeze validates it through RBAC, risk tiers, and tenant isolation.
- If the action is permitted, Breeze executes it and streams the result back. If denied, the denial reason and audit entry are returned.
Connecting Claude Code
claude mcp add breeze-rmm \
--transport sse \
--url https://your-api/api/v1/mcp/sse \
--header "X-API-Key: brz_..."After adding the server, Claude Code can discover and call Breeze tools directly. The same pattern works for Claude Desktop, Cursor, Windsurf, or any client that supports the MCP SSE transport.
Tool Access Through MCP
Breeze exposes 17 MCP tools organized by workflow category. These are the same tools available to the built-in AI assistant — MCP does not create a separate or reduced toolset.
Device Management
| Tool | Description | Tier |
|---|---|---|
| List Devices | Query fleet state with filters for status, group, OS, and compliance posture | 1 |
| Get Device Details | Pull full device context including hardware, software inventory, and recent activity | 1 |
| Device Actions | Reboot, shutdown, lock, or isolate endpoints through governed execution | 2/3 |
Alert Handling
| Tool | Description | Tier |
|---|---|---|
| Get Alerts | Retrieve active alerts with severity, source, and affected device context | 1 |
| Acknowledge Alerts | Mark alerts as seen to reduce noise during active triage | 2 |
| Resolve Alerts | Close alerts with resolution notes for audit continuity | 2 |
Patch Deployment
| Tool | Description | Tier |
|---|---|---|
| Get Patch Status | Query patch compliance across devices or groups | 1 |
| Deploy Patches | Schedule and execute patch deployments with maintenance window awareness | 3 |
Script Execution
| Tool | Description | Tier |
|---|---|---|
| Run Script | Execute PowerShell, Bash, or Python on target devices with result retrieval | 3 |
| Get Script Results | Retrieve output, exit codes, and execution metadata from previous runs | 1 |
Reporting
| Tool | Description | Tier |
|---|---|---|
| Generate Reports | Produce compliance, security, inventory, and executive reports on demand | 2 |
| Get Report Status | Check generation progress and retrieve completed reports | 1 |
Documentation
| Tool | Description | Tier |
|---|---|---|
| Create Runbooks | Generate operational documentation from incident context | 1 |
| Add Incident Notes | Append context and resolution details to active incidents | 1 |
| Create Change Logs | Document changes with before/after state for audit trails | 1 |
Fleet Intelligence
| Tool | Description | Tier |
|---|---|---|
| Fleet Health Check | Aggregate health metrics across devices, groups, or tenants | 1 |
| Compliance Summary | Pull current posture against configured compliance frameworks | 1 |
Deep dive: MCP Tools for IT Management documents each tool with workflow examples and chaining patterns.
Governance Continuity
MCP actions are not a side channel. Every tool call goes through the same governance stack as native AI assistant actions.
Risk Engine Integration
All 17 MCP tools carry risk classifications through the 4-tier engine:
- Tier 1: Read-only operations auto-execute. Listing devices, pulling alerts, checking patch status.
- Tier 2: Low-risk mutating operations auto-execute with audit logging. Acknowledging alerts, adding notes.
- Tier 3: Higher-risk actions require human approval. Script execution, patch deployment, device isolation.
- Tier 4: Blocked operations are never executed regardless of API key scope.
Scoped API Key Access
API keys are issued with explicit scope boundaries that limit which tool tiers are accessible:
| Scope | What It Unlocks | Risk Level |
|---|---|---|
ai:read | Tier 1 tools only (query, view, analyze) | Low — read-only |
ai:write | Tier 1 + Tier 2 tools (alert management) | Medium — can acknowledge/resolve alerts |
ai:execute | All tiers including Tier 3 (commands, scripts, file ops) | High — can modify devices |
Tier 4 actions remain blocked at every scope level. There is no API key that bypasses Tier 4 restrictions.
Tenant Isolation
MCP connections are tenant-scoped. An API key issued for Tenant A cannot access devices, alerts, or resources belonging to Tenant B. This holds regardless of which AI client is connecting or what tools are called.
Audit Parity
Tool calls and denials through MCP are logged identically to native AI assistant actions. The audit trail includes the tool name, parameters, API key identity, tenant context, risk tier evaluation, and execution outcome. There is no distinction in the audit log between an action taken from the Breeze UI and one taken through MCP.
Compatible Clients
MCP is an open standard. Any client that implements the MCP specification can connect to the Breeze MCP server.
Tested and supported clients:
- Claude Desktop — Anthropic’s desktop AI assistant with full MCP support.
- Claude Code — CLI-based AI development tool. Connect with
claude mcp add. - Cursor — AI-native code editor with MCP client support.
- Windsurf — AI-powered development environment with MCP integration.
- Custom clients — Any application built against the MCP SDK can connect.
The protocol handles tool discovery, schema negotiation, and result streaming. Client-side implementation details vary, but all clients receive the same tool catalog and governance behavior from Breeze.
Use Cases
Triage Alerts from Claude Desktop
An on-call technician opens Claude Desktop and asks: “Show me all critical alerts from the last hour.” The AI queries Breeze through MCP, returns the alert list with device context, and the technician can acknowledge or escalate without switching to the Breeze UI.
Fleet Health Checks from Your IDE
A technician working in Cursor runs a fleet health check between code changes. Device status, patch compliance, and active alert counts surface directly in the editor. No context switching, no browser tab.
Chain Breeze with Other MCP Servers
MCP clients can connect to multiple servers simultaneously. A workflow might pull an alert from Breeze, create a ticket in a PSA through its MCP server, run a remediation script back through Breeze, and update the ticket with the result — all in a single AI conversation.
Custom AI Workflows
Teams building internal AI tools can use Breeze as the execution authority. The MCP server provides a governed interface that is safer than raw API calls because every action passes through risk classification and tenant isolation before execution.
Step-by-step setup: How to Use Your RMM From Claude Desktop (or Cursor) walks through connecting and running your first queries.
Production Hardening
Breeze provides configuration options for locking down MCP access in production environments.
MCP_REQUIRE_EXECUTE_ADMIN— When enabled, only admin-role API keys can invoke Tier 3 (execute) tools. Prevents standard keys from escalating to high-risk operations.MCP_EXECUTE_TOOL_ALLOWLIST— Restricts which specific tools are available through MCP. Tools not on the list return a denial even if the API key scope would otherwise permit them.- Rate limits — Per-key rate limits apply to MCP connections. Exceeding the limit returns a throttle response with retry timing. Rate limit state is visible in the Risk Engine dashboard.
These controls are configured through environment variables on the Breeze instance. See Configuring Breeze AI: The Self-Hoster’s Guide for the full configuration reference.
Learn More
- What Breeze AI Can Do For Your Help Desk — Practical walkthrough of AI-assisted triage and remediation workflows.
- Configuring Breeze AI: The Self-Hoster’s Guide — Full configuration reference including MCP environment variables, risk engine tuning, and API key management.
Capabilities
MCP Protocol Support
SSE transport endpoint lets Claude Desktop, Claude Code, Cursor, Windsurf, and any MCP-compatible host connect to your Breeze instance.
17 Fleet Tools
Device management, alert handling, patch deployment, script execution, reporting, and documentation tools — the same catalog available to the native AI assistant.
Governance Continuity
Every MCP tool call passes through the 4-tier risk engine, RBAC, tenant isolation, and approval workflows before execution.
Scoped API Key Access
API keys are issued with ai:read, ai:write, or ai:execute scopes that control which risk tiers the connected client can reach.
Production Hardening
Tool allowlists, execute-admin requirements, and per-key rate limits lock down MCP access for production environments.
Execution and Denial Audit
Tool calls, denials, and throttle events through MCP are logged identically to native AI assistant actions with full parameter and outcome detail.