The world's first all-in-one, self-hosted MQTT broker manager with built-in AI assistant, smart anomaly detection, and local automation agents.

• What is BunkerM?
• Quick Start
• Core Features
  • Broker Dashboard
  • ACL & Client Management
  • MQTT Explorer
  • Message History & Replay
  • Smart Anomaly Detection
  • Agents — Schedulers & Watchers
  • Local LLM — Private AI via LM Studio
  • BunkerAI — Cloud AI Assistant
  • Cloud Bridge Integrations
• Feature Comparison
• Community vs BunkerAI
• Troubleshooting
• Support the Project
• Contact & Links
• License

BunkerM is a free, open-source, containerized MQTT management platform. It bundles Eclipse Mosquitto with a full-featured web dashboard, packaging everything into a single Docker container — one command to get a production-ready MQTT broker with a management UI.

On top of the core broker management, BunkerM includes a local statistical engine (smart anomaly detection), a local automation engine (schedulers and watchers), and a local AI engine (LM Studio integration) — all running entirely inside your container. BunkerAI is the optional cloud AI layer that adds a more powerful natural-language assistant reachable via Telegram, Slack, or the built-in web chat.

What you get out of the box:

• Pre-configured Eclipse Mosquitto broker (MQTT 3.1.1 + 5)
• Web-based ACL management — clients, roles, groups, topic permissions
• Real-time monitoring dashboard, connected clients, and event logs
• MQTT Explorer — live topic tree with publish-from-browser
• Message History & Replay — every MQTT message stored locally in SQLite, searchable and replayable
• Statistical anomaly detection (Z-score, EWMA, spike, silence detectors)
• Local automation agents — cron schedulers and condition-based watchers
• Local LLM AI assistant via LM Studio — fully private, no cloud required
• AWS IoT Core and Azure IoT Hub bridge configuration
• Optional BunkerAI subscription — cloud AI assistant with Telegram, Slack, and unlimited interactions

• Docker installed

docker run -d -p 1900:1900 -p 2000:2000 bunkeriot/bunkerm:latest

Open http://localhost:2000 and set up your first Admin account.

Default MQTT credentials: username bunker / password bunker

docker run -d \
  -p 1900:1900 \
  -p 2000:2000 \
  -v mosquitto_data:/var/lib/mosquitto \
  -v mosquitto_conf:/etc/mosquitto \
  -v auth_data:/data \
  bunkeriot/bunkerm:latest

docker run -d \
  -p 1900:1900 \
  -p 2000:2000 \
  -e HOST_ADDRESS=<YOUR_IP_OR_DOMAIN> \
  bunkeriot/bunkerm:latest

services:
  bunkerm:
    image: bunkeriot/bunkerm:latest
    ports:
      - "1900:1900"
      - "2000:2000"
    volumes:
      - mosquitto_data:/var/lib/mosquitto
      - mosquitto_conf:/etc/mosquitto
      - auth_data:/data
    environment:
      - HOST_ADDRESS=localhost          # change to your IP/domain for remote access
      # - BUNKERAI_API_KEY=bkai_...     # optional: connect to BunkerAI
    restart: unless-stopped

volumes:
  mosquitto_data:
  mosquitto_conf:
  auth_data:

1. Open http://localhost:2000 and create your Admin account (first-time setup wizard)
2. Go to ACL → Clients and create an MQTT client with a username and password
3. Connect your MQTT device or client to localhost:1900 using those credentials
4. Explore the Dashboard to see live broker stats

Real-time overview of your broker health:

• Connected clients count and history
• Message publish/receive rates
• Byte throughput (in/out)
• Subscription and retained message counts
• Recent MQTT connection events (connect, disconnect, subscribe, publish)

Full dynamic security management powered by Mosquitto's Dynamic Security plugin:

• Create, update, and delete MQTT clients
• Set credentials (username + password hash)
• Enable / disable clients individually
• Assign clients to groups

• Create roles with fine-grained topic ACL rules
• Define allow / deny permissions per topic
• Wildcard topic support (#, +)
• ACL types: publishClientSend, subscribeLiteral, and more

• Create groups and assign roles to them
• Add / remove clients from groups
• Set role priorities within groups

Back up and restore your complete security configuration in one click:

• Export — downloads a JSON snapshot of all clients (including password hashes), roles, and groups
• Import — upload a previously exported JSON to fully restore your configuration; the broker reloads automatically
• Available in ACL → Clients next to the Create Client button

Inspect and interact with live broker traffic directly from the browser:

• Live topic tree — full hierarchy of all active topics, refreshed every 3 seconds
• Per-topic metadata — latest value, message count, QoS, retain flag, last-updated timestamp
• Search & filter — instantly narrow the tree by typing a topic path fragment
• Publish panel — send messages from the browser: pick a client, enter a topic, choose payload type (RAW / JSON / XML with built-in validation), set QoS and retain flag

Every MQTT message published through your broker is automatically captured and stored in a local SQLite database — no configuration required. History starts accumulating from the moment BunkerM starts, and it keeps running silently in the background.

All messages published to the broker are captured, excluding internal $SYS/ diagnostics. Each record stores:

Navigate to Logs → Message History in the sidebar to access:

• Stats overview — total stored messages, unique topic count, database size on disk, and retention window
• Topic filter — dropdown populated from all topics seen by the broker, with message counts
• Free-text search — matches against topic path or payload content
• Paginated table — 100 messages per page, newest-first, with full metadata

Every message row has a Replay button. Click it to open a dialog pre-filled with the original topic and payload. You can edit the payload, choose QoS and retain flag, then publish directly back to the broker — useful for retesting device logic or simulating conditions.

By default, BunkerM keeps up to 50,000 messages and 7 days of history. Older messages are pruned automatically. These limits are configurable via environment variables:

-e HISTORY_MAX_MESSAGES=50000   # max records in the database
-e HISTORY_MAX_AGE_DAYS=7       # max age of any stored message

History is stored in a SQLite file at /var/lib/history/history.db inside the container. To persist history across container restarts, mount a Docker volume:

docker run -d \
  -p 1900:1900 -p 2000:2000 \
  -v history_data:/var/lib/history \
  bunkeriot/bunkerm:latest

The Docker Compose file already includes this volume by default.

A fully local statistical engine that continuously monitors your MQTT traffic and raises alerts when behavior deviates from the baseline. No cloud dependency — everything runs inside the container.

The engine polls the broker every 10 seconds, builds statistical baselines over 1-hour and 24-hour sliding windows, and runs four independent detectors every 60 seconds:

Alerts are generated with severity levels: low / medium / high / critical.

A local automation engine built into every BunkerM instance. Agents run entirely on your infrastructure — no cloud connectivity required after creation.

Publish MQTT messages on a recurring cron schedule:

• Full cron expression support with built-in presets (every minute, hourly, daily, weekly, etc.)
• Live cron preview showing next 5 run times
• Tracks last fired time and total execution count
• Examples: "turn on pump every day at 06:00", "send heartbeat every 5 minutes"

Monitor MQTT topics and trigger actions when conditions are met:

• Condition operators: > < >= <= == != contains starts_with any_change
• JSON field extraction using dot-path notation (sensors.temperature)
• Response message templates with {{value}}, {{topic}}, {{timestamp}}
• Cooldown enforcement (minimum time between triggers)
• One-shot mode (auto-delete after first trigger)
• Real-time notification bell in the dashboard (Server-Sent Events, sub-2s delivery)

Activation: A one-time free activation is required to unlock agent creation. BunkerM attempts this automatically on first start. For air-gapped deployments, create a free account at bunkerai.dev and paste your Community key into the dashboard — no ongoing internet connection required after that.

BunkerM Community includes a built-in Local LLM integration. Connect any model running in LM Studio to get a fully private, offline-capable AI assistant that understands your live broker state and can take actions on your behalf — no cloud account or subscription required.

On every chat message, BunkerM injects a live snapshot of your broker (connected clients, active topics with their latest payloads, broker stats, registered ACL clients) directly into the model's context. The model can then respond accurately to questions about your live MQTT environment and execute actions through BunkerM's internal APIs.

• Plain-English device control — say "turn off my room light" and the AI figures out the right topic and payload from your annotations and context, then publishes it
• ACL management — create, enable, disable, delete MQTT clients and batch-create multiple clients at once
• Live topic queries — "What is the current value of the door sensor?" returns the actual retained payload
• Broker awareness — ask about connected clients, message rates, subscriptions, and uptime

1. Install LM Studio and load a model (Qwen2.5-7B-Instruct or Llama-3-Instruct recommended)
2. Start the LM Studio local server (default port: 1234)
3. In BunkerM go to Settings → Integrations → Local LLM, enter http://host.docker.internal:1234, fetch models, and save
4. Switch to Local LLM mode in AI → Chat

Full guide: bunkerai.dev/docs/local-llm

BunkerAI is the optional cloud AI layer for BunkerM. Subscribe at bunkerai.dev to unlock a more powerful natural-language assistant with cross-channel memory, Telegram and Slack integrations, and higher interaction limits.

BunkerM handles your local broker. BunkerAI handles the cloud intelligence.

• READ — query live broker stats, topic payloads, connected clients, anomaly alerts, and topic annotations
• WRITE — publish MQTT messages by describing the intent ("turn on light 1", "set thermostat to 22°C")
• CREATE — build schedulers and watchers through natural conversation ("alert me if temperature exceeds 80")
• MANAGE — full ACL management, broker configuration, and agent control through plain English

Configure connectors at Settings → Cloud in the dashboard.

One interaction = one complete AI request/response cycle (may involve multiple internal tool calls). Manage your subscription and credit balance at Settings → Credits in the BunkerM dashboard.

Forward MQTT traffic to major cloud providers:

• Configure AWS IoT endpoint and region
• Upload device certificates directly from the UI
• Define topic mapping rules (local ↔ cloud)
• Secure TLS mutual authentication

• Configure IoT Hub connection string
• SAS token management and rotation
• Device-to-cloud and cloud-to-device topic routing

BunkerM Community is the free, self-hosted MQTT management platform. It is open-source and always will be.

BunkerAI is a separate, optional subscription service that adds AI intelligence to your BunkerM instance. You do not need BunkerAI to run BunkerM — it simply adds a natural-language assistant and cross-channel notifications on top.

Pay for AI intelligence. Agents are yours to keep.

• Agents (schedulers + watchers) are a local BunkerM feature. They run on your infrastructure regardless of any subscription status. Once created, agents keep executing even if you cancel BunkerAI or run out of interactions.
• BunkerAI is billed monthly by interaction quota. When your quota runs out, the AI assistant pauses — your broker, agents, and all local features continue unaffected.
• Subscribing to Pro or Team removes the 2-agent ceiling and unlocks Telegram/Slack channels in addition to the larger interaction quota.

This model is designed for self-hosted, industrial, and air-gapped environments where production automations cannot be held hostage by a billing event.

BunkerM Community requires a one-time free activation to enforce the 2-agent limit:

1. BunkerM silently attempts auto-activation on first start.
2. For air-gapped deployments, create a free account at bunkerai.dev, copy your Community key, and paste it into the dashboard.
3. The license key is stored locally and verified offline using cryptographic signatures — BunkerAI does not need to be reachable again after activation.

BunkerM is built and maintained by a solo developer. If it saves you time or powers your IoT projects, consider supporting its development:

Your support funds:

• New feature development
• Bug fixes and security patches
• Documentation and guides
• Community support

This project is licensed under the Apache License 2.0 — free to use, modify, and distribute, including for commercial purposes.

Full license text →

Made with ❤️ for the IoT community · bunkerai.dev