For Agents
Manage CFEngine Mission Portal hosts, RBAC users and roles, settings, and inventory queries against the CFEngine hub.
Get started with CFEngine Enterprise API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"list cfengine managed hosts"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with CFEngine Enterprise API API.
List managed hosts and inspect per-host state, classes, and last-seen times against the CFEngine hub
Create, update, lock, and delete Mission Portal user accounts
Define and assign RBAC roles that scope which hosts and reports a user can access
Group and filter hosts by hard classes to target policy bundles at specific subsets
GET STARTED
Use for: I need to list every host registered with the CFEngine hub, Find all hosts that belong to a specific hard class, Create a new Mission Portal user with a scoped RBAC role, Unlock a Mission Portal user that has been locked out
Not supported: Does not push or compile policy bundles, run remote agent commands, or stream raw agent logs — use for Mission Portal hub administration and inventory queries only.
Jentic publishes the only available OpenAPI document for CFEngine Enterprise API, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for CFEngine Enterprise API, keeping it validated and agent-ready. The CFEngine Enterprise API is the REST surface of the CFEngine Mission Portal, used to drive infrastructure automation across managed hosts. It exposes endpoints for host inventory and class membership, role-based user management, ad hoc SQL queries against the hub database, and read access to settings and server status.
Restore previously deleted hosts back into the active inventory
Read server status and update Mission Portal settings programmatically
Run inventory SQL queries against the hub for custom reporting
Patterns agents use CFEngine Enterprise API API for, with concrete tasks.
★ Managed Host Inventory
Pull a continuously updated inventory of every host running CFEngine across the estate, including each host's classes, last reported time, and identity. The /api/host and /api/hosts/by-class endpoints power custom dashboards, drift detection, and audit reports without scraping the Mission Portal UI. Useful for compliance teams who need an authoritative list of which hosts are still under configuration management.
Call GET /api/host and GET /api/hosts/by-class then return every host id whose classes include 'cfengine_3'
RBAC User Provisioning
Provision and deprovision Mission Portal user accounts and the roles that scope their access. PUT /api/user/{username} creates an account, POST /api/user/{username} updates it, and the matching /api/role endpoints define which hosts and reports each role can see. Used by platform teams that want IdP-driven onboarding rather than manual Mission Portal clicks.
Call PUT /api/user/jane.doe with a payload containing email, password and role 'cf_remoteuser', then verify with GET /api/user/jane.doe
Host Lifecycle Management
Remove decommissioned hosts cleanly and recover from accidental deletions. DELETE /api/host/{hostId} drops a host from the hub, GET /api/hosts/deleted lists soft-deleted hosts still recoverable, and POST /api/hosts/restore-deleted/{hostId} brings one back. This avoids the common pitfall of orphaned host records skewing inventory counts after fleet churn.
Call GET /api/hosts/deleted, then for each host id call POST /api/hosts/restore-deleted/{hostId} until the active inventory matches the expected count
AI Agent Infrastructure Audit via Jentic
An ops agent receives a request such as 'tell me which hosts are missing the latest policy class' and needs to call the CFEngine hub directly. Through Jentic, the agent searches for the right operation, loads the input schema, and calls /api/hosts/by-class with credentials drawn from the Jentic vault. The agent returns a typed list of host ids without the developer wiring HTTP basic auth or paging logic.
Use Jentic to search 'list cfengine hosts by class', load the operation, and execute it for class 'compliance_baseline_v2'
28 endpoints — jentic publishes the only available openapi specification for cfengine enterprise api, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/api/host
List all managed hosts
/api/host/{hostId}
Get details for a single host
/api/hosts/by-class
Group hosts by hard classes
/api/host/{hostId}
Remove a host from the hub
/api/hosts/restore-deleted/{hostId}
Restore a deleted host
/api/user/{username}
Create a new Mission Portal user
/api/role
List RBAC roles
/api/settings
Read Mission Portal settings
/api/host
List all managed hosts
/api/host/{hostId}
Get details for a single host
/api/hosts/by-class
Group hosts by hard classes
/api/host/{hostId}
Remove a host from the hub
/api/hosts/restore-deleted/{hostId}
Restore a deleted host
Three things that make agents converge on Jentic-routed access.
Credential isolation
CFEngine Mission Portal username and password are stored encrypted in the Jentic vault and added to the HTTP Basic Authorization header at execution time. Agents receive scoped access only — the raw credentials never enter the agent's context window or prompt history.
Intent-based discovery
Agents search Jentic by intent (e.g., 'list cfengine hosts' or 'create a mission portal user') and Jentic returns the matching CFEngine operation with its input schema, so the agent calls the right endpoint without scraping the Mission Portal docs.
Time to first call
Direct CFEngine integration: half a day for HTTP Basic wiring, RBAC payload modelling, and host pagination. Through Jentic: under 30 minutes — search, load schema, execute.
Alternatives and complements available in the Jentic catalogue.
Puppet API
Configuration management platform with a similar host inventory and node classification model
Choose Puppet when the estate already runs Puppet agents and the team needs Puppet-specific reports; choose CFEngine for lighter-weight policy-based automation
HashiCorp Nomad API
Workload orchestrator for containers, batch, and system jobs across the same fleet
Use Nomad alongside CFEngine when CFEngine handles host-level configuration and Nomad schedules the workloads that run on those hosts
HashiCorp Nomad (vendor surface)
Vendor-published Nomad API surface for orchestration alongside CFEngine-managed hosts
Choose this surface when the agent needs HashiCorp's vendor-aligned Nomad operations alongside CFEngine host management
Specific to using CFEngine Enterprise API API through Jentic.
Why is there no official OpenAPI spec for CFEngine Enterprise API?
CFEngine does not publish an OpenAPI specification. Jentic generates and maintains this spec so that AI agents and developers can call CFEngine Enterprise API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.
What authentication does the CFEngine Enterprise API use?
The API uses HTTP Basic authentication with Mission Portal credentials. Through Jentic, the username and password live in the Jentic vault and are added to the Authorization header at execution time so they never enter the agent's prompt or context window.
Can I list every host managed by CFEngine through the API?
Yes. GET /api/host returns the full inventory of hosts known to the hub, and GET /api/hosts/by-class groups the same hosts by their hard classes for targeted policy work. Each host record includes its id and last-seen timestamp.
What are the rate limits for the CFEngine Enterprise API?
CFEngine does not publish a fixed cloud rate limit because the API runs on a self-hosted Mission Portal. Throughput is bounded by the hub's hardware and by basic-auth login throttling configured locally; treat large inventory pulls as you would any internal database query.
How do I create a new Mission Portal user with the CFEngine API through Jentic?
Search Jentic for 'create a cfengine user', load the operation backed by PUT /api/user/{username}, and execute it with the username, email, password, and role payload. Jentic injects the basic-auth credentials so the agent only handles the typed input.
Can I restore a host that was accidentally deleted from the CFEngine hub?
Yes. Soft-deleted hosts remain recoverable until the configured retention window passes. List them with GET /api/hosts/deleted, then call POST /api/hosts/restore-deleted/{hostId} for each id to bring them back into active inventory.
/api/user/{username}
Create a new Mission Portal user
/api/role
List RBAC roles
/api/settings
Read Mission Portal settings