macos-mcp

macos-mcp

A lightweight MCP server that bridges AI agents and macOS, enabling automation of file navigation, application control, UI interaction, browser automation, and system operations.

Category
访问服务器

README

<!-- mcp-name: io.github.Jeomon/macos-mcp --> <div align="center"> <h1>🍎 macOS-MCP</h1>

<a href="https://github.com/Jeomon/macos-mcp/blob/main/LICENSE"> <img src="https://img.shields.io/badge/license-MIT-green" alt="License"> </a> <img src="https://img.shields.io/badge/python-3.11%2B-blue" alt="Python"> <img src="https://img.shields.io/badge/platform-macOS%2012%2B-blue" alt="Platform: macOS 12+"> <img src="https://img.shields.io/github/last-commit/Jeomon/macos-mcp" alt="Last Commit">

</div>

Overview

macOS-MCP is a lightweight, open-source Model Context Protocol server that bridges AI agents and the macOS operating system. It enables seamless automation of macOS through LLMs via tasks such as file navigation, application control, UI interaction, browser automation, and system operations.

Supported Operating Systems

  • macOS 12 (Monterey)
  • macOS 13 (Ventura)
  • macOS 14 (Sonoma)
  • macOS 15 (Sequoia)

Key Features

  • Works with Any LLM (Vision Optional)
    Unlike traditional automation tools, macOS-MCP doesn't require computer vision, fine-tuned models, or specialized setup. Works seamlessly with any LLM—Claude, GPT, Gemini, or others.

  • Native macOS Integration
    Interacts natively with macOS UI elements using the Accessibility API. Opens apps, controls windows, simulates user input, and captures desktop state without workarounds.

  • Rich Toolset for Automation
    Complete toolkit for keyboard/mouse operations, window management, UI state capture, interactive element extraction from the accessibility tree, and AppleScript execution.

  • Lightweight and Open-Source
    Minimal dependencies with full source code available under MIT license. Easy setup and deployment.

  • Smart Context Awareness
    Automatically detects application state (Launchpad, Control Center, Spotlight). Scans menu bar, dock, desktop, and system UI elements intelligently.

  • Customizable and Extensible
    Easily extend with custom tools or modify behavior to suit your specific automation needs.

Installation

Prerequisites

  • Python: 3.11 or later
  • UV Package Manager: Install with pip install uv or curl -LsSf https://astral.sh/uv/install.sh | sh
  • macOS: 12 (Monterey) or later
  • Accessibility Permissions: Required for UI element interaction

Quick Start

Run the server directly:

uvx macos-mcp

# Or with SSE/Streamable HTTP for network access
uvx macos-mcp --transport sse --host localhost --port 8000
uvx macos-mcp --transport streamable-http --host localhost --port 8000

Run it as a background service that starts now and at every login:

macos-mcp install

# Or choose the HTTP transport and bind address explicitly
macos-mcp install --transport sse --host 127.0.0.1 --port 8000

This installs a launchd Launch Agent at ~/Library/LaunchAgents/com.macos-mcp.server.plist. Use macos-mcp uninstall to remove it. Logs are written to ~/.macos-mcp/server.log and ~/.macos-mcp/server.error.log.

Transport Options

Transport Flag Use Case
stdio (default) --transport stdio Direct connection from MCP clients like Claude Desktop, Cursor, etc.
sse --transport sse --host HOST --port PORT Network-accessible via Server-Sent Events
streamable-http --transport streamable-http --host HOST --port PORT Network-accessible via HTTP streaming (recommended for production)

Grant Required Permissions

macOS-MCP requires Accessibility and Screen Recording permissions to function properly.

Accessibility Permissions

  1. Open System SettingsPrivacy & SecurityAccessibility
  2. Click the lock icon and authenticate
  3. Add the following applications:
    • Your terminal application (Terminal, iTerm2, VS Code, etc.)
    • Python (typically /usr/bin/python3 or the Python version managed by UV)
    • UV (~/.local/bin/uv if installed locally, or the Python environment UV manages)
  4. Restart the terminal after granting permissions

For uvx users: Grant permissions to your terminal application and Python, as uvx runs Python packages from UV's cache.

Screen Recording Permissions

The Snapshot tool requires Screen Recording permissions to capture screenshots:

  1. Open System SettingsPrivacy & SecurityScreen Recording
  2. Click the lock icon and authenticate
  3. Add the same applications as above (terminal, Python, UV)
  4. Restart the terminal after granting permissions

Note: If the Snapshot tool fails, verify both permissions are granted in System Settings.

Integration Options

<details> <summary><strong>Claude Desktop</strong></summary>

  1. Install Claude Desktop

  2. Edit ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "macos-mcp": {
      "command": "uvx",
      "args": ["macos-mcp"]
    }
  }
}
  1. Restart Claude Desktop

</details>

<details> <summary><strong>Gemini CLI</strong></summary>

  1. Install Gemini CLI:
npm install -g @google/gemini-cli

  1. Navigate to ~/.gemini and open settings.json

  2. Add the server config:

{
  "theme": "Default",
  "mcpServers": {
    "macos-mcp": {
      "command": "uvx",
      "args": ["macos-mcp"]
    }
  }
}
  1. Restart Gemini CLI

</details>

<details> <summary><strong>Claude Code</strong></summary>

  1. Install Claude Code

  2. Add to your project configuration or use the MCP marketplace integration

</details>

<details> <summary><strong>Pi Agent</strong></summary>

Pi does not ship with built-in MCP support, but macOS-MCP can be installed as a Pi package. The package starts this MCP server over stdio and exposes convenient Pi tools that wrap the existing macOS-MCP tools.

One-line global setup:

pi install git:github.com/CursorTouch/MacOS-MCP

After install, restart Pi or run:

/reload

Try without installing:

pi -e git:github.com/CursorTouch/MacOS-MCP

Local checkout setup:

git clone https://github.com/CursorTouch/MacOS-MCP.git
cd MacOS-MCP
uv sync
npm install
pi

If you copied only the extension into another Pi project, run Pi from the macOS-MCP checkout or set:

export MACOS_MCP_ROOT=/path/to/MacOS-MCP

The extension exposes these Pi tools:

Pi Tool Purpose
mac_snapshot Read current macOS UI state through the existing Snapshot tool.
mac_app Launch, switch, move, or resize macOS applications/windows.
mac_click Click coordinates returned by mac_snapshot.
mac_type Type text at coordinates returned by mac_snapshot.
mac_shortcut Run keyboard shortcuts such as command+c or command+space.
mac_scroll Scroll at the current pointer or coordinates.
mac_wait Wait for UI changes/loading.

Recommended agent workflow:

  • Call mac_snapshot first.
  • Use the coordinates returned by Snapshot with mac_click, mac_type, and mac_scroll.
  • Use screenshots/vision only when Accessibility data is missing or ambiguous.

The extension auto-detects the macOS-MCP checkout when installed as a Pi package. If you use a manually copied extension, set MACOS_MCP_ROOT=/path/to/MacOS-MCP.

</details>

<details> <summary><strong>Other Integrations</strong></summary>

Any client supporting the Model Context Protocol can integrate macOS-MCP by configuring the uvx macos-mcp command in their MCP server settings.

</details>

MCP Tools

macOS-MCP provides a comprehensive toolset for desktop automation:

Tool Purpose
Click Click at coordinates with support for left, right, and double-click
Type Type text at cursor position, optionally clearing existing text
Scroll Scroll vertically or horizontally in focused window or regions
Move Move mouse pointer or drag to coordinates
Shortcut Press keyboard shortcuts (Cmd+C, Cmd+Tab, etc.)
App Launch applications, manage windows (resize/move), switch between apps. Supports app names and bundle IDs
Shell Execute commands or AppleScript. Use mode='osascript' for AppleScript
Scrape Extract and convert webpage content to Markdown format
Wait Pause execution for a defined duration

Limitations

  • Accessibility Requirements: Manual permission grant required in System Preferences
  • App Compatibility: Some applications have limited or no Accessibility API support
  • Performance Variance: Complex UIs with many elements may have slower traversal
  • Text Input: Some specialized input fields may not properly receive keystrokes
  • Authentication: Cannot interact with system authentication dialogs

Security & Access Control

Authentication

macos-mcp --transport sse --host 0.0.0.0 --auth-key "your_token"

Requires Authorization: Bearer your_token header on all requests.

IP Allowlist

macos-mcp --auth-key "token" --ip-allowlist "203.0.113.0/24,198.51.100.5"

Restricts connections to specified CIDR ranges.

TLS/HTTPS

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

macos-mcp --ssl-certfile cert.pem --ssl-keyfile key.pem

OAuth 2.0 + PKCE

For MCP clients that use OAuth (e.g. Claude Desktop) instead of a static API key:

macos-mcp --transport streamable-http --host 0.0.0.0 \
  --ssl-certfile ~/.macos-mcp/cert.pem \
  --ssl-keyfile  ~/.macos-mcp/key.pem \
  --oauth-client-id my-client \
  --oauth-client-secret my-secret

Claude Desktop config:

{
  "mcpServers": {
    "macos-mcp": {
      "type": "http",
      "url": "https://<host>:8000/mcp/",
      "oauth": {
        "clientId": "my-client",
        "clientSecret": "my-secret"
      }
    }
  }
}

The OAuth server exposes:

  • GET /.well-known/oauth-authorization-server — server metadata (RFC 8414)
  • GET /oauth/authorize — Authorization Code + PKCE (S256 required)
  • POST /oauth/token — token exchange (client secret required)
  • POST /oauth/register — disabled; clients must be pre-provisioned

Dynamic client registration is disabled. Redirect URIs must be loopback http(s) only. Auth key and OAuth can coexist — both are accepted as valid Bearer tokens.

SSRF Protection

The Scrape tool blocks: private IPs, loopback, link-local, credentials-in-URLs, non-HTTP schemes.

Config File (~/.macos-mcp/config.toml)

Instead of passing flags every time, store your configuration in ~/.macos-mcp/config.toml. CLI flags always override config file values.

Search order:

  1. --config /path/to/config.toml
  2. ~/.macos-mcp/config.toml

stdio — local only, no security needed:

[server]
transport = "stdio"

SSE — network access with auth and IP restriction:

[server]
transport = "sse"
host      = "0.0.0.0"
port      = 8000
auth_key  = "your-secret-key"

[security]
ip_allowlist = ["192.168.1.0/24"]

Streamable HTTP — network access with auth and TLS (recommended for production):

[server]
transport    = "streamable-http"
host         = "0.0.0.0"
port         = 8000
auth_key     = "your-secret-key"
ssl_certfile = "cert.pem"   # resolved relative to ~/.macos-mcp/
ssl_keyfile  = "key.pem"

[security]
ip_allowlist        = ["192.168.1.0/24"]
oauth_client_id     = "my-client"      # optional — enables OAuth 2.0 + PKCE
oauth_client_secret = "my-secret"

[tools]
exclude = ["Shell", "Scrape"]   # disable specific tools

Available tool names: App, Shell, Snapshot, Click, Type, Scroll, Move, Shortcut, Wait, Scrape, Notification

Place your cert and key files in the same directory:

~/.macos-mcp/
├── config.toml
├── cert.pem
└── key.pem

Generate a self-signed cert directly into that directory:

mkdir -p ~/.macos-mcp
openssl req -x509 -newkey rsa:4096 \
  -keyout ~/.macos-mcp/key.pem \
  -out ~/.macos-mcp/cert.pem \
  -days 365 -nodes

Environment Variables

All variables are optional. Set them via the env key in claude_desktop_config.json.

Variable Default Description
ANONYMIZED_TELEMETRY true Set to false to disable anonymous usage telemetry. No personal data, tool arguments, or outputs are ever collected.
MACOS_MCP_AUTH_KEY (none) Bearer token required on all HTTP requests. Alternative to --auth-key CLI flag.
MACOS_MCP_IP_ALLOWLIST (none) Comma-separated list of allowed client IPs or CIDR ranges. Alternative to --ip-allowlist CLI flag.
MACOS_MCP_SSL_CERTFILE (none) Path to TLS certificate file (.pem). Must be provided with MACOS_MCP_SSL_KEYFILE.
MACOS_MCP_SSL_KEYFILE (none) Path to TLS private key file (.pem). Must be provided with MACOS_MCP_SSL_CERTFILE.

Example claude_desktop_config.json (remote with auth + TLS):

{
  "mcpServers": {
    "macos-mcp": {
      "command": "uvx",
      "args": ["macos-mcp", "--transport", "sse", "--host", "0.0.0.0"],
      "env": {
        "MACOS_MCP_AUTH_KEY": "your_token",
        "MACOS_MCP_IP_ALLOWLIST": "203.0.113.0/24",
        "MACOS_MCP_SSL_CERTFILE": "/path/to/cert.pem",
        "MACOS_MCP_SSL_KEYFILE": "/path/to/key.pem"
      }
    }
  }
}

Telemetry

macOS-MCP collects anonymous usage data to help improve the server. No personal information, tool arguments, or outputs are tracked.

To disable telemetry, set ANONYMIZED_TELEMETRY to false:

{
  "mcpServers": {
    "macos-mcp": {
      "command": "uvx",
      "args": ["macos-mcp"],
      "env": { "ANONYMIZED_TELEMETRY": "false" }
    }
  }
}

Security

⚠️ Important Security Notice: macOS-MCP operates with full Accessibility API permissions and executes real system operations without sandboxing. It can perform permanent, irreversible actions.

Before using macOS-MCP:

  • ✅ Grant Accessibility permissions only to trusted applications
  • ✅ Understand that Shell commands execute with full user privileges
  • ✅ Review AI-generated action plans before execution
  • ✅ Use only in virtual machines or isolated environments with valueless data
  • ✅ Create backups before testing in production-like scenarios

⛔ Do NOT use on:

  • Systems with irreplaceable data
  • Production machines or shared systems
  • Compliance-regulated environments (HIPAA, PCI, etc.)

For detailed security guidance, see SECURITY.md.

Contributing

We welcome contributions! Please see CONTRIBUTING.md for:

  • Development setup and code standards
  • Testing requirements
  • Pull request process
  • Coding conventions (Ruff formatting, 100 char line length)

License

macOS-MCP is licensed under the MIT License - see LICENSE for details.

Acknowledgements

macOS-MCP is built with excellent open-source projects:

  • PyObjC - Python to Objective-C bridge
  • Pillow - Python Imaging Library
  • FastMCP - MCP framework
  • macOS Accessibility API (ApplicationServices)

Citation

If you use macOS-MCP in your research or project, please cite:

@software{macos-mcp,
  author       = {Jeomon George},
  title        = {macOS-MCP: Lightweight MCP Server for macOS Automation},
  year         = {2025},
  publisher    = {GitHub},
  url          = {https://github.com/Jeomon/macos-mcp}
}

Questions or Issues? Open an issue or check SECURITY.md for security concerns.

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选