Tailscale MCP Server

Tailscale'in CLI ve API'si ile otomatik ağ yönetimi ve izleme için entegrasyon sağlar.

Dokümantasyon

Tailscale MCP Server

npm version MIT License CI status Docker image

Tailscale MCP server on Glama

A Model Context Protocol (MCP) server for operating Tailscale from any MCP client. Supports local stdio for desktop clients and an authenticated HTTP transport for private tailnet deployments. Defaults to read-only access, localhost binding, and short-lived OAuth credentials where available.


Table of Contents


Features

  • Device management — list, authorize, deauthorize, delete, expire keys, manage routes.
  • Network operations — connect/disconnect host, ping peers, get CLI status and version.
  • Administration — tailnet info, file sharing, exit nodes, webhooks, device tags, server version.
  • ACL and policy — read/validate/update ACL, DNS settings, auth keys, policy file, network lock.
  • Read-only resources — tailnet summary, device list, per-device detail, current ACL.
  • Prompts — guided connectivity diagnosis and ACL change review.
  • Risk-gated toolsread, write, and admin levels via TAILSCALE_ALLOWED_TOOL_RISK.
  • OAuth + API key — OAuth client credentials (preferred) or legacy API key.
  • Private HTTP mode — bearer auth, Host validation, request size limits, health check endpoint.
  • Docker support — pre-built images on Docker Hub and GHCR; sidecar deployment with Tailscale Serve.

Requirements

One of:

  • Node.js 20+ — run via npx or install globally (no extra runtime needed).
  • Bun 1.3+ — used for development; also works as a production runtime.
  • Docker — use the pre-built image (no local runtime required).

Plus one auth method:

  • OAuth client credentials: TAILSCALE_OAUTH_CLIENT_ID + TAILSCALE_OAUTH_CLIENT_SECRET (preferred).
  • Legacy API key: TAILSCALE_API_KEY.

The local Tailscale CLI is optional. It is only required for CLI-backed tools: get_network_status, connect_network, disconnect_network, ping_peer, get_version, and manage_exit_nodes (set/clear operations).


Quick Start

Claude Desktop

Edit ~/.claude/claude_desktop_config.json (create if absent).

OAuth credentials (recommended)

{
  "mcpServers": {
    "tailscale": {
      "command": "npx",
      "args": ["-y", "@hexsleeves/tailscale-mcp-server"],
      "env": {
        "TAILSCALE_OAUTH_CLIENT_ID": "your-client-id",
        "TAILSCALE_OAUTH_CLIENT_SECRET": "your-client-secret",
        "TAILSCALE_TAILNET": "-"
      }
    }
  }
}

API key

{
  "mcpServers": {
    "tailscale": {
      "command": "npx",
      "args": ["-y", "@hexsleeves/tailscale-mcp-server"],
      "env": {
        "TAILSCALE_API_KEY": "tskey-api-...",
        "TAILSCALE_TAILNET": "-"
      }
    }
  }
}

Enable write/admin tools

Add TAILSCALE_ALLOWED_TOOL_RISK to the env block:

"TAILSCALE_ALLOWED_TOOL_RISK": "write"

Set to "admin" to unlock destructive operations (delete, deauthorize, connect/disconnect, key mutation).

Docker Hub

{
  "mcpServers": {
    "tailscale": {
      "command": "docker",
      "args": [
        "run", "--rm", "-i",
        "-e", "TAILSCALE_API_KEY=tskey-api-...",
        "-e", "TAILSCALE_TAILNET=your-tailnet",
        "hexsleeves/tailscale-mcp-server:latest"
      ]
    }
  }
}

Claude Code (CLI)

claude mcp add tailscale \
  -e TAILSCALE_API_KEY=tskey-api-... \
  -e TAILSCALE_TAILNET=- \
  -- npx -y @hexsleeves/tailscale-mcp-server

With write access:

claude mcp add tailscale \
  -e TAILSCALE_API_KEY=tskey-api-... \
  -e TAILSCALE_TAILNET=- \
  -e TAILSCALE_ALLOWED_TOOL_RISK=write \
  -- npx -y @hexsleeves/tailscale-mcp-server

Cursor

Add to .cursor/mcp.json (project) or ~/.cursor/mcp.json (global):

{
  "mcpServers": {
    "tailscale": {
      "command": "npx",
      "args": ["-y", "@hexsleeves/tailscale-mcp-server"],
      "env": {
        "TAILSCALE_API_KEY": "tskey-api-...",
        "TAILSCALE_TAILNET": "-"
      }
    }
  }
}

Tool Reference

Devices

ToolDescriptionMin risk
list_devicesList all devices in the configured tailnetread
device_actionAuthorize or expire a device key (write); deauthorize or delete (admin)write / admin
manage_routesEnable or disable advertised routes for a devicewrite

Network

ToolDescriptionMin risk
get_network_statusGet current Tailscale network status via local CLIread
connect_networkConnect this host to Tailscale with optional CLI flagsadmin
disconnect_networkDisconnect this host from Tailscaleadmin
ping_peerPing a Tailscale peer through the local CLIread
get_versionGet local Tailscale CLI version informationread

Administration

ToolDescriptionMin risk
get_tailnet_infoGet detailed information about the configured tailnetread
manage_file_sharingRead (read) or update (write) tailnet file sharing settingsread / write
manage_exit_nodesList exit nodes (read); set, clear, advertise, or stop advertising (admin)read / admin
manage_webhooksList webhooks (read); create, delete, or test webhooks (write)read / write
manage_device_tagsRead (read) or update (write) tags for a deviceread / write
get_version_infoReturn server version identifierread

ACL and Policy

ToolDescriptionMin risk
manage_aclRead (read), validate, or update (write) the tailnet ACL policyread / write
manage_dnsRead (read) or update (write) Tailscale DNS settingsread / write
manage_keysList auth keys (read); create or delete (admin)read / admin
manage_policy_fileRead (read) or update (write) the tailnet policy fileread / write
manage_network_lockNetwork lock status (read) and mutation operations (admin)read / admin

Resources and Prompts

Resources (read-only)

URIDescription
tailscale://tailnet/summaryHigh-level tailnet summary
tailscale://devicesAll devices in the tailnet
tailscale://devices/{deviceId}Detail for a single device
tailscale://acl/currentCurrent ACL policy

Prompts

NameDescription
diagnose_tailnet_connectivityGuided diagnostic for connectivity issues
review_acl_changeStructured review workflow for ACL policy changes

Configuration

VariableDefaultDescription
TAILSCALE_OAUTH_CLIENT_IDOAuth client ID (preferred auth method)
TAILSCALE_OAUTH_CLIENT_SECRETOAuth client secret (required with CLIENT_ID)
TAILSCALE_API_KEYLegacy API key fallback
TAILSCALE_TAILNET-Tailnet name or - shorthand for the default tailnet
TAILSCALE_API_BASE_URLhttps://api.tailscale.comTailscale API base URL (https required except for localhost)
TAILSCALE_ALLOWED_TOOL_RISKreadMaximum allowed tool risk: read, write, or admin
TAILSCALE_CLI_PATHtailscalePath to the local Tailscale CLI binary
MCP_TRANSPORTstdioTransport mode: stdio or http
MCP_HTTP_BIND_HOST127.0.0.1Host to bind in HTTP mode
MCP_HTTP_PORT3000Port to bind in HTTP mode
MCP_HTTP_BEARER_TOKENRequired for HTTP mode (minimum 32 characters)
MCP_ALLOWED_HOSTSComma-separated additional allowed HTTP Host header values
LOG_LEVELinfoLog verbosity: debug, info, warn, or error
MCP_SERVER_LOG_FILEOptional file path for log output

Risk levels

  • read — list devices, inspect status, read resources, run diagnostics.
  • write — update ACLs, DNS, routes, policy files, webhooks, tags, and other mutating settings.
  • admin — destructive or host-affecting operations: delete, deauthorize, connect, disconnect, auth key mutation, file sharing changes, exit node control.

HTTP Transport

HTTP mode is intended for private tailnet access. It requires MCP_HTTP_BEARER_TOKEN and binds to 127.0.0.1 by default.

export MCP_TRANSPORT=http
export MCP_HTTP_BEARER_TOKEN="$(openssl rand -base64 32)"
export TAILSCALE_OAUTH_CLIENT_ID="your-client-id"
export TAILSCALE_OAUTH_CLIENT_SECRET="your-client-secret"
export TAILSCALE_TAILNET="-"

npx -y @hexsleeves/tailscale-mcp-server --http --host 127.0.0.1 --port 3000

Expose privately with Tailscale Serve (recommended for tailnet deployments):

tailscale serve --bg 443 localhost:3000

Do not use Tailscale Funnel for normal MCP operation. Funnel makes the endpoint publicly reachable on the internet.

A GET /health endpoint returns 200 OK when the server is running.

For full Docker sidecar deployment instructions, see docs/docker.md.


Docker

Run with Docker Hub image

docker run --rm \
  -e TAILSCALE_API_KEY="tskey-api-..." \
  -e TAILSCALE_TAILNET="-" \
  -p 127.0.0.1:3000:3000 \
  hexsleeves/tailscale-mcp-server:latest

Run with GHCR image

docker run --rm \
  -e TAILSCALE_API_KEY="tskey-api-..." \
  -e TAILSCALE_TAILNET="-" \
  -p 127.0.0.1:3000:3000 \
  ghcr.io/hexsleeves/tailscale-mcp-server:latest

Build locally

docker build -t tailscale-mcp-server .

For sidecar deployment with Tailscale Serve, see docs/docker.md.


Example Prompts

Once the server is connected to your MCP client, try these:

  • "List my Tailscale devices and show which ones are offline."
  • "What is the current Tailscale network status on this machine?"
  • "Diagnose connectivity to my NAS at 100.64.0.5."
  • "Show me the current ACL policy for my tailnet."
  • "Review this ACL change before I apply it." (attach the new policy)
  • "What DNS nameservers is my tailnet using?"
  • "List all active webhooks in my tailnet."

Development

# Install dependencies (Bun required for development)
bun install

# Type check
bun run typecheck

# Run tests
bun test

# Lint and format
bun run check

# Build
bun run build

# Full verification (typecheck + lint + test + build)
bun run qa:full

# Security audit
bun audit

See CONTRIBUTING.md for the full development workflow, commit conventions, and release process.


Contributing

Contributions are welcome. Please read CONTRIBUTING.md before opening a pull request.