MCP/mcaxl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: rename cisco-docs cross-reference to mcdewey

Browse Source 
The sibling docs server was renamed from `mcp-cisco-docs` to `mcdewey`
(generalized from a Cisco-only corpus to a multi-vendor docs library).
Update the prompt-enrichment section to point at the new package name +
its PyPI URL, and adjust the prose to call it "the sibling docs server"
generically rather than "cisco-docs" specifically.

The CHANGELOG entry referencing this project's own pre-rename name
(`mcp-cucm-axl`) is left intact — that's legitimate historical record
of why this project is now `mcaxl`.
This commit is contained in:
Ryan Malloy 2026-04-29 09:50:36 -06:00
parent 3cf7dbc785
commit 38307aad67
1 changed files with 58 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
README.md
View File

@ -1,11 +1,63 @@
# mcaxl
[![PyPI](https://img.shields.io/pypi/v/mcaxl.svg)](https://pypi.org/project/mcaxl/)
[![Python](https://img.shields.io/pypi/pyversions/mcaxl.svg)](https://pypi.org/project/mcaxl/)
[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
Read-only MCP server for **Cisco Unified Communications Manager (CUCM)**
exposes the AXL SOAP API and RisPort70 real-time registration state to
LLMs for dial-plan analysis, configuration auditing, and impact analysis.
> Tested against CUCM 15.0(1). Should work on any CUCM 12.5+.
## What it looks like
Invoke the `whoami` prompt in any MCP-aware LLM client. With no
arguments, it defaults to the AXL service account from your `.env`:
> **Account**: `axl-readonly` (applicationuser)
> **Access control groups**: 1 — `Read-Only-AXL`
> **Effective roles** (5):
> - **Standard CCM Admin Users** ← write access
> - **Standard AXL API Access** ← full read-write AXL
> - Standard AXL Read Only API Access
> - Standard Packet Sniffing
> - Standard RealtimeAndTraceCollection
>
> **Finding**: the group `Read-Only-AXL` contains two write-capable
> roles. The name implies read-only intent but the membership grants
> full administrative write access. Consider renaming the group OR
> removing the write-capable roles from its membership.
One tool call. One SQL join across four tables (`applicationuser →
applicationuserdirgroupmap → dirgroup → functionroledirgroupmap →
functionrole`). One audit finding with severity and remediation —
not a raw query result the operator has to interpret on their own.
That's the shape of every prompt mcaxl ships with: orchestrated
queries, structured findings, ready-to-act recommendations.
## Scope and complement
`mcaxl` is intentionally narrow — read-only audit of CUCM
configuration via AXL, with RisPort70 cross-reference for live
registration state. It does *not* cover operational debugging:
log collection, packet capture, perfmon counters, service control.
For those, install
[`@calltelemetry/cisco-cucm-mcp`](https://github.com/calltelemetry/cisco-cucm-mcp)
alongside this server:
```bash
claude mcp add cucm-ops -- npx -y @calltelemetry/cisco-cucm-mcp@latest
```
The two are designed to compose. `mcaxl` answers *"what does the
config say?"*; `cisco-cucm-mcp` answers *"what's happening right
now?"*. An LLM session with both connected can produce compound
findings like *"audit found CSS X has 0 references AND RisPort
confirms zero phones currently registered against any device pool
that inherits it → confirmed safe to delete."*
## Why this exists
CUCM's admin UI is great for one-config-at-a-time work but painful for
@ -30,12 +82,10 @@ The server **never registers** AXL write methods. There is no
operations, not by runtime sanitization. Defense-in-depth: SQL queries
are also client-side validated to begin with `SELECT` or `WITH`.
For operations that require write access (service control, packet capture,
log download, perfmon, etc.), install
[`@calltelemetry/cisco-cucm-mcp`](https://github.com/calltelemetry/cisco-cucm-mcp)
alongside this server. The two are complementary — `mcaxl` answers
"what does the config say?", `cisco-cucm-mcp` answers "what's happening
right now?".
This means the AXL service account `mcaxl` uses can be granted only
the `Standard AXL Read Only API Access` role. Even if it had write
roles attached (and operators sometimes do this for convenience),
`mcaxl` is structurally incapable of using them.
## Install
@ -149,10 +199,10 @@ audit narrative. They appear in Claude Code's slash menu under
Set `CISCO_DOCS_INDEX_PATH` to a directory containing `chunks.jsonl`
and `index_meta.json` (produced by the
[`mcp-cisco-docs`](https://github.com/...) indexer or any compatible
[`mcdewey`](https://pypi.org/project/mcdewey/) indexer or any compatible
embedding pipeline) to have prompts pull relevant Cisco documentation
chunks inline. Without this, prompts gracefully degrade to a fallback
notice instructing the LLM to use the sibling cisco-docs server's
notice instructing the LLM to use the sibling docs server's
`search_docs` tool.
## Cache