You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
README: rework intro to cover the full ESET surface; drop em-dashes
The opening paragraph now names ESET PROTECT On-Prem alongside Connect /
Inspect / Cloud Office, and re-frames the project as a single hub for
any number of ESET deployments (cloud + on-prem in one process, per-request
routing via headers).
Replaces every em-dash and en-dash with a plain hyphen for consistent
ASCII punctuation. No content changes outside the intro paragraph.
|`X-ESET-Region`| no | Override default region (`eu`/`de`/`us`/`ca`/`jpn`) |
287
-
|`X-ESET-Server-URL`| no | Route this request to an on-prem PROTECT console (e.g. `https://protect.example.com:9443`) — see [On-prem support](#on-prem-eset-protect-support)|
304
+
|`X-ESET-Server-URL`| no | Route this request to an on-prem PROTECT console (e.g. `https://protect.example.com:9443`) - see [On-prem support](#on-prem-eset-protect-support)|
288
305
|`X-ESET-CF-Access-Client-Id`| no | Cloudflare Access Service Token client-id (on-prem behind CF Access) |
289
-
|`X-ESET-CF-Access-Client-Secret`| no | Paired with the above — both must be sent together |
306
+
|`X-ESET-CF-Access-Client-Secret`| no | Paired with the above - both must be sent together |
290
307
291
308
Example Python client:
292
309
@@ -316,8 +333,8 @@ async with streamablehttp_client(
316
333
ESET ships PROTECT as both a cloud service (the ESET Connect API at
317
334
`*.eset.systems`) and an on-prem console customers self-host. The on-prem
318
335
REST API lives on a single host (default port `9443`) and uses a different
319
-
authentication endpoint —`POST /GetTokens` with a JSON body and a
320
-
camelCase response — but otherwise shares the URL structure of the cloud
336
+
authentication endpoint -`POST /GetTokens` with a JSON body and a
337
+
camelCase response - but otherwise shares the URL structure of the cloud
321
338
API. ESET-MCP supports both, **in the same process**.
322
339
323
340
### How the server decides cloud vs on-prem
@@ -328,7 +345,7 @@ API. ESET-MCP supports both, **in the same process**.
328
345
|`basic`| Per request: presence of `X-ESET-Server-URL` switches that single request to on-prem; absence falls back to the env default (cloud or on-prem) |
329
346
330
347
So a single MCP server can front the cloud for most clients **and** route
331
-
specific requests to one or more on-prem consoles — keyed entirely by which
348
+
specific requests to one or more on-prem consoles - keyed entirely by which
332
349
URL each client sends in `X-ESET-Server-URL`.
333
350
334
351
### Single-tenant on-prem (env mode)
@@ -350,7 +367,7 @@ ESET_PASSWORD=...
350
367
ESET_AUTH_MODE=basic
351
368
ESET_MCP_TRANSPORT=http
352
369
ESET_DEPLOYMENT=cloud # default; clients opt into on-prem per-request
353
-
# ESET_ONPREM_SERVER_URL is optional — if set it becomes the on-prem default
370
+
# ESET_ONPREM_SERVER_URL is optional - if set it becomes the on-prem default
354
371
```
355
372
356
373
Client targeting on-prem:
@@ -362,8 +379,8 @@ headers = {
362
379
}
363
380
```
364
381
365
-
Same MCP server, different request — same headers minus `X-ESET-Server-URL`
366
-
— stays on cloud.
382
+
Same MCP server, different request - same headers minus `X-ESET-Server-URL`
383
+
- stays on cloud.
367
384
368
385
### What works on on-prem vs cloud
369
386
@@ -377,9 +394,9 @@ cloud credentials and on-prem paths for on-prem credentials.
377
394
`quarantine_*` and most of `vuln_*` correspond to separate ESET products
378
395
(ESET Inspect, Cloud Office Security, MDM) that are not part of the
379
396
on-prem PROTECT installation. Calling them against an on-prem console
380
-
returns a plain 404 from ESET — surfaced to the agent as an
397
+
returns a plain 404 from ESET - surfaced to the agent as an
381
398
`ESET API error: 404` text response with no special handling.
382
-
-**Path overrides**: a few endpoints have a different URL on-prem — e.g.
399
+
-**Path overrides**: a few endpoints have a different URL on-prem - e.g.
383
400
`POST /v1/devices/{uuid}:rename` is `:renameDevice` on-prem. These are
384
401
declared in [`eset_mcp/openapi/onprem-path-overrides.json`](eset_mcp/openapi/onprem-path-overrides.json)
385
402
and applied automatically when the request targets on-prem.
0 commit comments