Netbird
List and analyze Netbird network peers, groups, policies, and more.
Netbird MCP Server
A Model Context Protocol (MCP) server for Netbird.
This project is derived from the MCP Server for Grafana by Grafana Labs and is licensed under the same Apache License 2.0.
It also uses MCP Go by Mark III Labs.
Note: this project is still in development.
Installing
Installing from source
Clone the repository
git clone https://github.com/aantti/mcp-netbird
Build and install
cd mcp-netbird && \
make install
Installing from GitHub
go install github.com/aantti/mcp-netbird/cmd/mcp-netbird@latest
Installing via Smithery
To install Netbird MCP Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @aantti/mcp-netbird --client claude
Configuration
The server requires the following environment variables:
NETBIRD_API_TOKEN: Your Netbird API tokenNETBIRD_HOST(optional): The Netbird API host (default isapi.netbird.io)
Features
This server uses the Netbird API to provide LLMs information about Netbird network. Currently it's a 1:1 mapping of select read-only Netbird API resources to tools.
- Uses Netbird API to access configuration and status
- Configurable API endpoint
- Secure token-based authentication for Netbird API
Tools
| Tool | Description | Netbird API |
|---|---|---|
list_netbird_peers | All peers | List all Peers |
list_netbird_port_allocations | All ingress ports for peerId | List all Port Allocations |
list_netbird_groups | All groups | List all Groups |
list_netbird_policies | All policies | List all Policies |
list_netbird_posture_checks | All posture checks | List all Posture Checks |
list_netbird_networks | All networks | List all Networks |
list_netbird_nameservers | All nameserver groups | List all Nameserver Groups |
Adding tools
To add new tools:
- Create a new file in
tools(e.g.,tools/users.go), possibly use existing code as a template - Add API route and response specifics to the new file
- Add the tool to
func newServer()incmd/main.go
Usage
-
Get your Netbird API token from the Netbird management console.
-
Install the
mcp-netbirdbinary using one of the installation methods above. Make sure the binary is in your PATH. -
Add the server configuration to your client configuration file. E.g., for Codeium Windsurf add the following to
~/.codeium/windsurf/mcp_config.json:{ "mcpServers": { "netbird": { "command": "mcp-netbird", "args": [], "env": { "NETBIRD_API_TOKEN": "<your-api-token>" } } } }
For more information on how to add a similar configuration to Claude Desktop, see here.
Note: if you see something along the lines of
[netbird] [error] spawn mcp-netbird ENOENTin Claude Desktop logs, you need to specify the full path tomcp-netbird. On macOS Claude Logs are in~/Library/Logs/Claude.
- Try asking questions along the lines of "Can you explain my Netbird peers, groups and policies to me?"
Docker
Build an image and tag it:
docker build -t mcp-netbird-sse:v1 -f Dockerfile.sse .
Run the image:
docker run --name mcp-netbird -p 8001:8001 -e NETBIRD_API_TOKEN=<your-api-token> mcp-netbird-sse:v1
ToolHive
ToolHive (thv) is a lightweight utility designed to simplify the deployment and management of MCP servers.
You can use ToolHive to deploy and run Netbird MCP as follows:
-
Install
thvas described in ToolHive README. -
Add Netbird API token to
thvsecrets:
thv secret set netbird
-
Build an SSE image as described in the Docker section above
-
Start Netbird MCP with
thv runon port 8080:
thv run --secret netbird,target=NETBIRD_API_TOKEN --transport sse --name thv-mcp-netbird --port 8080 --target-port 8001 mcp-netbird-sse:v1
- When you want to stop the server, use:
thv stop thv-mcp-netbird
Development
Contributions are welcome! Please open an issue or submit a pull request if you have any suggestions or improvements.
This project is written in Go. Install Go following the instructions for your platform.
To run the server manually, use:
export NETBIRD_API_TOKEN=your-token && \
go run cmd/mcp-netbird/main.go
Or in SSE mode:
export NETBIRD_API_TOKEN=your-token && \
go run cmd/mcp-netbird/main.go --transport sse --sse-address :8001
Debugging
The MCP Inspector is an interactive developer tool for testing and debugging MCP servers. Read more about it here.
Here's how to start the MCP Inspector:
export NETBIRD_API_TOKEN=your-token && \
npx @modelcontextprotocol/inspector
Netbird MCP Server can then be tested with either stdio or SSE transport type. For stdio specify the full path to mcp-netbird in the UI.
Testing
TODO: add more tests
Linting
To lint the code, run:
make lint
License
This project is licensed under the Apache License, Version 2.0.
This project includes software developed at Grafana Labs (https://grafana.com/).
This project includes software developed at Mark III Labs (https://github.com/mark3labs/mcp-go).
Related Servers
Azure Data Catalog by CData
A read-only MCP server for Azure Data Catalog, powered by CData's JDBC driver.
Wazuh MCP Server
A Rust-based server that integrates the Wazuh SIEM system with MCP-compatible applications.
CISA M365 MCP Server
Implements CISA Binding Operational Directive 25-01 security controls for Microsoft 365 and Azure AD/Entra ID.
Microsoft Entra ID MCP Server
A Python MCP server for Microsoft Entra ID (Azure AD) directory, user, group, device, sign-in, and security operations via Microsoft Graph.
Eyevinn Open Source Cloud
Interact with the Eyevinn Open Source Cloud API. Requires a Personal Access Token (OSC_ACCESS_TOKEN).
Linode
Interact with the Linode API to manage cloud resources.
PayPal
The PayPal Model Context Protocol server allows you to integrate with PayPal APIs through function calling. This protocol supports various tools to interact with different PayPal services.
Weather
Accurate weather forecasts via the AccuWeather API (free tier available).
Remote MCP Server on Cloudflare
An MCP server deployed on Cloudflare Workers, featuring OAuth login and data storage via Cloudflare KV.
AWS MCP
Interact with your AWS environment using natural language to query and manage resources. Requires local AWS credentials.