Piumy has one owner-scoped MCP tool:Documentation Index
Fetch the complete documentation index at: https://mintlify.com/chamilonster/Piumy/llms.txt
Use this file to discover all available pages before exploring further.
reset_dashboard_password. It is the only tool in the MCP surface that checks whether PIMYWA_MCP_KEY is configured and refuses outright if it is not. The reasoning is straightforward: on an open MCP server (no bearer token), there is no “you are the owner” signal at all, so a password-reset tool would be reachable by any process on the LAN.
reset_dashboard_password
Resets the dashboard login password and returns the new plaintext password exactly once in the tool response. The dashboard stores passwords as bcrypt hashes, which are one-way by design. This tool does not retrieve the current password — it replaces it with a new one, then shows you the plaintext so you can save it. After the response is returned, the plaintext is gone; only the bcrypt hash remains in storage.Optional. A specific password to set (minimum 8 characters). If omitted, a fresh random 24-character password is generated automatically.
Refusal conditions
The tool returns an error (not a success) in these cases:| Condition | Error |
|---|---|
PIMYWA_MCP_KEY is not configured | "refused: PIMYWA_MCP_KEY is not set — an open MCP server has no owner-only boundary to scope a password reset to. Configure PIMYWA_MCP_KEY, then retry." |
new_password is provided but shorter than 8 characters | "new_password must be at least 8 characters" |
Example: generate a random password
Call the tool with no arguments to let Piumy generate a secure 24-character password:Example: set a specific password
Why MCP auth is required for this tool
The bearer token configured inPIMYWA_MCP_KEY is the only “you are the owner” signal that the MCP transport has. Unlike the REST API (which gates sensitive actions behind a whitelisted JID or a dashboard login), MCP has no per-caller identity of its own — every connected agent looks the same to the server.
This means:
- If
PIMYWA_MCP_KEYis set, the bearer token IS the ownership proof. Any agent that can make authenticated MCP calls is presumed to be operating on the owner’s behalf. - If
PIMYWA_MCP_KEYis not set, the MCP endpoint rejects every request — but if it were somehow left open, any process on the LAN could callreset_dashboard_passwordand lock the owner out of their own dashboard.
PIMYWA_MCP_KEY before this tool will operate ensures there is always an explicit trust boundary in place. Configure authentication first, then use this tool.
Run
sudo /opt/pimywa/pimywa auth setup to generate and persist a token. The MCP endpoint will then accept requests and this tool will become available.Alternative: set the password via environment variable
If you prefer not to use the MCP tool (or if MCP is not yet configured), you can set the dashboard password directly in the environment file and restart the service.PIMYWA_DASH_PASS) is hashed and removed from the environment at startup — it will not persist in memory or logs. Using the pre-hashed form (PIMYWA_DASH_PASS_HASH) means the plaintext never touches the device at all.