Run the 24/7 server edition
A headless build for continuous, always-on monitoring — no GUI. Run it in Docker, or install it on Windows Server / Windows 11, Debian/Ubuntu (.deb) or Fedora (.rpm). Covered by your existing license.
Beta
What the server edition does
Always-on monitoring
Runs headless 24/7 and keeps watching the networks you care about — even when your desktop is off.
Uptime & SLA tracking
Daily availability per device and service, with retries, dependencies and CSV export.
Alerts without the flood
Email/SMTP, ntfy, Gotify and webhooks — with severity routing and digest batching.
Public status page
An optional read-only health page anyone can see — no login required.
Cross-subnet discovery
SNMP and multi-NIC support to reach networks beyond the local segment.
Ask your AI (MCP)
Expose your live inventory to an AI assistant — strictly local, read-only, off by default.
Docker easiest
Save this as docker-compose.yml and run docker compose up -d. network_mode: host lets it see your LAN; the two capabilities are explained below.
services:
deviceshelf:
image: ghcr.io/wealthwallet/deviceshelf-server:1.5.15
network_mode: host
cap_add:
- NET_RAW # ARP scan (raw sockets)
- NET_BIND_SERVICE # passive DHCP fingerprinting (UDP/67) → Fingerbank
volumes:
- ./data:/data # chown 10001:10001 ./data
restart: unless-stopped
# optional: environment: { DEVICESHELF_FINGERBANK_KEY: "<free key from fingerbank.org>" }
Why these capabilities? DeviceShelf Server identifies devices partly by their DHCP fingerprint and listens passively on UDP port 67. Because the container deliberately runs as a non-privileged user (uid 10001), binding that system port needs the narrowly-scoped NET_BIND_SERVICE — no root, no NET_ADMIN, just opening low ports. Without it the server still starts normally, only without DHCP/Fingerbank identification. NET_RAW is for the ARP scan.
Debian / Ubuntu (.deb)
Install from the terminal — do not double-click. On Ubuntu 24.04 a double-clicked .deb opens in the App Center, which can fail silently for third-party packages. The terminal resolves dependencies and starts the deviceshelf-server service:
Download .deb — amd64 (Intel/AMD) Download .deb — arm64 (Raspberry Pi)
sudo apt install ./DeviceShelf-Server-*.deb
On ARM (Raspberry Pi, ARM servers) use the -arm64.deb file.
Windows Server / Windows 11 beta
Download the zip, extract it, and double-click install.bat — confirm the Windows admin prompt (UAC). It installs and starts the 24/7 service, then shows the dashboard URL and access token and opens the dashboard. Uninstall with uninstall.bat.
This beta isn't code-signed yet, so Windows may warn: on SmartScreen click More info → Run anyway; if Smart App Control is on it blocks unsigned apps entirely until we ship a signed build. Before extracting, you can right-click the zip → Properties → tick Unblock. Full details are in the README inside the zip (7 languages). Passive DHCP fingerprinting isn't available on Windows; everything else — scanning, monitoring, SNMP, alerts, dashboard, API — is included.
First start: the access token
On first start the server prints an auto-generated API token to its log. Grab it, then open the web UI on port 8088 and paste it:
# .deb / systemd:
journalctl -u deviceshelf-server | grep -iA1 auto-generated
# Docker:
docker logs deviceshelf-server | grep -iA1 auto-generated
Then open http://<host>:8088 in your browser and paste the token.
Email notifications (SMTP)
Add your own mail account as the sender in the dashboard's alert settings. For common providers — Gmail, Yahoo, Outlook/Hotmail, iCloud, GMX and others — leave the SMTP server field empty; DeviceShelf detects the right server automatically. Because of two-factor login, Gmail, Yahoo and Outlook require an app password (created in your mail account's security settings), not your normal password. For any other or self-hosted provider, fill in the SMTP server, port and security. Alerts are then sent through your account to the recipients you list.
Ask your AI about your network MCP
The server can expose your live inventory to an AI assistant over the Model Context Protocol — so you can ask “what's online right now?”, “which certificates expire soon?” or “what's vulnerable?” and get answers from your own data. It's strictly local: the endpoint runs inside your server, behind the same token, reachable only on your LAN — there is no DeviceShelf cloud connector. Off by default, read-only, and included with your license (it works in the trial too).
# enable in /etc/deviceshelf/server.env (or your Docker env):
DEVICESHELF_MCP_ENABLE=true
# then point Claude Desktop at it via the mcp-remote bridge:
# http://<host>:8088/mcp (Authorization: Bearer <your-token>)
See the announcement for the full tool list and setup. Write actions (rename a device, acknowledge an alarm, trigger a scan) stay off unless you explicitly opt in.
Connect your AI agent MCP
Enable MCP first (above), then point your AI client at the server's /mcp endpoint with your API token. Replace <host> and <token> below. Most clients speak Streamable HTTP natively:
Claude Code
claude mcp add --transport http deviceshelf http://<host>:8088/mcp \
--header "Authorization: Bearer <token>"
Cursor — ~/.cursor/mcp.json
{ "mcpServers": { "deviceshelf": {
"url": "http://<host>:8088/mcp",
"headers": { "Authorization": "Bearer <token>" }
} } }
VS Code (Copilot agent) — .vscode/mcp.json
{ "servers": { "deviceshelf": {
"type": "http",
"url": "http://<host>:8088/mcp",
"headers": { "Authorization": "Bearer <token>" }
} } }
Windsurf — ~/.codeium/windsurf/mcp_config.json (note: serverUrl)
{ "mcpServers": { "deviceshelf": {
"serverUrl": "http://<host>:8088/mcp",
"headers": { "Authorization": "Bearer <token>" }
} } }
Cline — cline_mcp_settings.json ("type": "streamableHttp" is required, else it falls back to SSE and fails)
{ "mcpServers": { "deviceshelf": {
"type": "streamableHttp",
"url": "http://<host>:8088/mcp",
"headers": { "Authorization": "Bearer <token>" }
} } }
Gemini CLI — ~/.gemini/settings.json (note: httpUrl)
{ "mcpServers": { "deviceshelf": {
"httpUrl": "http://<host>:8088/mcp",
"headers": { "Authorization": "Bearer <token>" }
} } }
Claude Desktop — claude_desktop_config.json. It has no native static-token remote support, so bridge it with mcp-remote (keep --allow-http for plain http; the token goes in an env var to avoid a Windows arg-quoting bug). Fully quit and relaunch after saving.
{ "mcpServers": { "deviceshelf": {
"command": "npx",
"args": ["-y", "mcp-remote", "http://<host>:8088/mcp",
"--transport", "http-only", "--allow-http",
"--header", "Authorization:${AUTH}"],
"env": { "AUTH": "Bearer <token>" }
} } }
ChatGPT connectors run in OpenAI's cloud and cannot reach a LAN server directly. To use them, put the server behind a public HTTPS tunnel (OpenAI's Secure MCP Tunnel, ngrok or Cloudflare Tunnel) so it has an https://…/mcp address. For a strictly-local setup, prefer one of the clients above.
It's a beta
The server edition is new — expect a few rough edges. Found a bug or want a feature? Get in touch — your feedback shapes it. See the release notes for what's in this build.