Netbird
List and analyze Netbird network peers, groups, policies, and more.
Netbird MCP Server
A Model Context Protocol (MCP) server for Netbird.
This project is derived from the MCP Server for Grafana by Grafana Labs and is licensed under the same Apache License 2.0.
It also uses MCP Go by Mark III Labs.
Note: this project is still in development.
Installing
Installing from source
Clone the repository
git clone https://github.com/aantti/mcp-netbird
Build and install
cd mcp-netbird && \
make install
Installing from GitHub
go install github.com/aantti/mcp-netbird/cmd/mcp-netbird@latest
Installing via Smithery
To install Netbird MCP Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @aantti/mcp-netbird --client claude
Configuration
The server requires the following environment variables:
NETBIRD_API_TOKEN: Your Netbird API tokenNETBIRD_HOST(optional): The Netbird API host (default isapi.netbird.io)
Features
This server uses the Netbird API to provide LLMs information about Netbird network. Currently it's a 1:1 mapping of select read-only Netbird API resources to tools.
- Uses Netbird API to access configuration and status
- Configurable API endpoint
- Secure token-based authentication for Netbird API
Tools
| Tool | Description | Netbird API |
|---|---|---|
list_netbird_peers | All peers | List all Peers |
list_netbird_port_allocations | All ingress ports for peerId | List all Port Allocations |
list_netbird_groups | All groups | List all Groups |
list_netbird_policies | All policies | List all Policies |
list_netbird_posture_checks | All posture checks | List all Posture Checks |
list_netbird_networks | All networks | List all Networks |
list_netbird_nameservers | All nameserver groups | List all Nameserver Groups |
Adding tools
To add new tools:
- Create a new file in
tools(e.g.,tools/users.go), possibly use existing code as a template - Add API route and response specifics to the new file
- Add the tool to
func newServer()incmd/main.go
Usage
-
Get your Netbird API token from the Netbird management console.
-
Install the
mcp-netbirdbinary using one of the installation methods above. Make sure the binary is in your PATH. -
Add the server configuration to your client configuration file. E.g., for Codeium Windsurf add the following to
~/.codeium/windsurf/mcp_config.json:{ "mcpServers": { "netbird": { "command": "mcp-netbird", "args": [], "env": { "NETBIRD_API_TOKEN": "<your-api-token>" } } } }
For more information on how to add a similar configuration to Claude Desktop, see here.
Note: if you see something along the lines of
[netbird] [error] spawn mcp-netbird ENOENTin Claude Desktop logs, you need to specify the full path tomcp-netbird. On macOS Claude Logs are in~/Library/Logs/Claude.
- Try asking questions along the lines of "Can you explain my Netbird peers, groups and policies to me?"
Docker
Build an image and tag it:
docker build -t mcp-netbird-sse:v1 -f Dockerfile.sse .
Run the image:
docker run --name mcp-netbird -p 8001:8001 -e NETBIRD_API_TOKEN=<your-api-token> mcp-netbird-sse:v1
ToolHive
ToolHive (thv) is a lightweight utility designed to simplify the deployment and management of MCP servers.
You can use ToolHive to deploy and run Netbird MCP as follows:
-
Install
thvas described in ToolHive README. -
Add Netbird API token to
thvsecrets:
thv secret set netbird
-
Build an SSE image as described in the Docker section above
-
Start Netbird MCP with
thv runon port 8080:
thv run --secret netbird,target=NETBIRD_API_TOKEN --transport sse --name thv-mcp-netbird --port 8080 --target-port 8001 mcp-netbird-sse:v1
- When you want to stop the server, use:
thv stop thv-mcp-netbird
Development
Contributions are welcome! Please open an issue or submit a pull request if you have any suggestions or improvements.
This project is written in Go. Install Go following the instructions for your platform.
To run the server manually, use:
export NETBIRD_API_TOKEN=your-token && \
go run cmd/mcp-netbird/main.go
Or in SSE mode:
export NETBIRD_API_TOKEN=your-token && \
go run cmd/mcp-netbird/main.go --transport sse --sse-address :8001
Debugging
The MCP Inspector is an interactive developer tool for testing and debugging MCP servers. Read more about it here.
Here's how to start the MCP Inspector:
export NETBIRD_API_TOKEN=your-token && \
npx @modelcontextprotocol/inspector
Netbird MCP Server can then be tested with either stdio or SSE transport type. For stdio specify the full path to mcp-netbird in the UI.
Testing
TODO: add more tests
Linting
To lint the code, run:
make lint
License
This project is licensed under the Apache License, Version 2.0.
This project includes software developed at Grafana Labs (https://grafana.com/).
This project includes software developed at Mark III Labs (https://github.com/mark3labs/mcp-go).
Related Servers
CData DocuSign
Access DocuSign data through CData's MCP Server, powered by the CData JDBC Driver.
Weather MCP Tool
Provides real-time weather information for any city, with paywalled access to forecasts.
echo-mcp
Automatically convert any Echo API to a MCP Tool
Binance MCP Server
Interact with the Binance API to view portfolios, convert tokens, and execute trades with minimal market impact.
Kong Konnect MCP Server
Interact with Kong Konnect APIs to query and analyze Kong Gateway configurations, traffic, and analytics.
MCP Gemini Server
An MCP server that exposes Google's Gemini model capabilities as tools using the @google/genai SDK.
Remote MCP Server on Cloudflare
A remote MCP server running on Cloudflare Workers with OAuth login support.
FastlyMCP
Interact with the Fastly API and CLI using an API key.
Cloudflare DNS
Manage Cloudflare DNS records for your domains.
Gdrive Cloudflare worker
Remote MCP server for Google Drive and Sheets running on Cloudflare Workers with full OAuth 2.0 support.