mcp-tailscale

Secure MCP access for private infrastructure over Tailscale

The Problem

AI agents need access to internal tools, services, and infrastructure — but exposing private systems to the internet creates unacceptable security risks. VPNs are complex, SSH tunnels are fragile, and API gateways add latency and maintenance overhead.

mcp-tailscale bridges this gap: a lightweight MCP server that gives AI agents secure, authenticated access to your Tailscale-connected infrastructure — without exposing anything to the public internet.

What It Does

mcp-tailscale is an MCP Gateway Runtime that connects AI agents (Claude, GPT, custom) to your private infrastructure through Tailscale's zero-trust network. It provides 48 tools across 9 domains for managing devices, DNS, ACL policies, auth keys, users, webhooks, posture integrations, and tailnet settings — all through the Tailscale API v2.

No SSH. No shell execution. API-only. 4 runtime dependencies.

Use Cases

DevOps Automation — Let AI agents manage device authorization, subnet routes, and ACL policies across your tailnet
DNS Management — Configure split DNS, global nameservers, and MagicDNS through natural language
Security Auditing — Automated ACL policy validation, posture compliance checks, and key rotation
Fleet Management — Monitor device status, manage tags, and onboard new devices at scale
Infrastructure as Conversation — Query and modify your private network configuration through AI-driven workflows

Quick Start

Install from npm

npm install -g tailscale-mcp

Or clone and build from source

git clone https://github.com/itunified-io/mcp-tailscale.git
cd mcp-tailscale
npm install
cp .env.example .env   # Edit with your Tailscale API key and tailnet name
npm run build
node dist/index.js     # stdio transport for MCP

Claude Code Integration

Add to .mcp.json in your project root:

{
  "mcpServers": {
    "tailscale": {
      "command": "node",
      "args": ["/path/to/mcp-tailscale/dist/index.js"],
      "env": {
        "TAILSCALE_API_KEY": "your-api-key-here",
        "TAILSCALE_TAILNET": "your-tailnet-name"
      },
      "comment": "Or use OAuth: TAILSCALE_OAUTH_CLIENT_ID + TAILSCALE_OAUTH_CLIENT_SECRET instead of TAILSCALE_API_KEY"
    }
  }
}

Features

48 tools across 9 domains:

Devices — List, get, delete, authorize, expire, rename devices; manage routes, tags, and posture attributes
DNS — Global nameservers, search paths, split DNS configuration, MagicDNS preferences
ACL — Get, set, preview, validate, and test ACL policies
Keys — List, get, create, and revoke auth keys
Tailnet — Settings (read/write), contacts, Tailnet Lock status
Users — List and get tailnet users with role/type filtering
Webhooks — Create, list, get, and delete webhook endpoints
Posture Integrations — List, get, create, and delete third-party posture provider integrations
Diagnostics — Tailnet status summary, API connectivity check, log streaming, DERP map

Authentication: API key or OAuth client credentials (auto-refresh)

Skills

Claude Code skills compose MCP tools into higher-level workflows. See .claude/skills/README.md for detailed documentation.

Skill	Slash Command	Description
tailscale-health	`/ts-health`	Tailnet health dashboard — devices, DNS, ACL, keys, connectivity
tailscale-live-test	`/ts-test`	Live integration test — read + safe writes with cleanup
tailscale-acl-management	—	ACL policy management — view, edit, validate, test, drift detection
tailscale-device-management	—	Device management — list, authorize, routes, tags, posture
tailscale-dns-management	—	DNS management — split DNS, nameservers, search paths, MagicDNS
tailscale-key-management	—	Auth key management — create, list, rotate, revoke
tailscale-onboarding	—	New device onboarding — auth key, authorize, tags, routes, verify

SSE Transport

By default, mcp-tailscale uses stdio transport. To enable HTTP/SSE:

export TAILSCALE_MCP_TRANSPORT=sse
export TAILSCALE_MCP_AUTH_TOKEN=your-secret-token
export TAILSCALE_MCP_PORT=3000      # optional, default: 3000
export TAILSCALE_MCP_HOST=localhost  # optional, default: localhost
node dist/index.js

All requests require Authorization: Bearer <token>. The server will not start without TAILSCALE_MCP_AUTH_TOKEN.

Configuration

Variable	Required	Default	Description
`TAILSCALE_API_KEY`	Yes*	—	Tailscale API key (from admin console > Settings > Keys)
`TAILSCALE_OAUTH_CLIENT_ID`	Yes*	—	OAuth client ID (from admin console > Settings > OAuth)
`TAILSCALE_OAUTH_CLIENT_SECRET`	Yes*	—	OAuth client secret
`TAILSCALE_TAILNET`	Yes	—	Tailnet name (e.g., `example.com` or your org name)
`TAILSCALE_API_URL`	No	`https://api.tailscale.com`	API base URL (override for testing)
`TAILSCALE_TIMEOUT`	No	`30000`	Request timeout in milliseconds

*Either TAILSCALE_API_KEY or both TAILSCALE_OAUTH_CLIENT_ID + TAILSCALE_OAUTH_CLIENT_SECRET must be set. OAuth takes priority when both are configured.

Authentication

API Key: Create at login.tailscale.com/admin/settings/keys. The key needs read/write access to the resources you want to manage.

OAuth Client Credentials: Create at login.tailscale.com/admin/settings/oauth. OAuth tokens auto-refresh before expiry. Recommended for automated/service integrations.

Tools

Devices (11 tools)

Tool	Description
`tailscale_device_list`	List all devices in the tailnet
`tailscale_device_get`	Get device details by ID
`tailscale_device_delete`	Delete a device (requires `confirm: true`)
`tailscale_device_authorize`	Authorize a pending device
`tailscale_device_routes_get`	Get advertised and enabled routes
`tailscale_device_routes_set`	Set enabled subnet routes
`tailscale_device_tags_set`	Set ACL tags on a device
`tailscale_device_posture_get`	Get custom posture attributes
`tailscale_device_posture_set`	Set a custom posture attribute
`tailscale_device_expire`	Expire a device key (requires `confirm: true`)
`tailscale_device_rename`	Set a custom display name for a device

DNS (8 tools)

Tool	Description
`tailscale_dns_nameservers_get`	Get global DNS nameservers
`tailscale_dns_nameservers_set`	Set global DNS nameservers
`tailscale_dns_searchpaths_get`	Get DNS search paths
`tailscale_dns_searchpaths_set`	Set DNS search paths
`tailscale_dns_splitdns_get`	Get split DNS configuration
`tailscale_dns_splitdns_set`	Update split DNS configuration (PATCH)
`tailscale_dns_preferences_get`	Get DNS preferences (MagicDNS)
`tailscale_dns_preferences_set`	Set DNS preferences

ACL (5 tools)

Tool	Description
`tailscale_acl_get`	Get the current ACL policy
`tailscale_acl_set`	Replace the ACL policy (requires `confirm: true`)
`tailscale_acl_preview`	Preview ACL policy for a user or IP
`tailscale_acl_validate`	Validate an ACL policy without applying
`tailscale_acl_test`	Run ACL tests defined in the policy

Keys (4 tools)

Tool	Description
`tailscale_key_list`	List all auth keys
`tailscale_key_get`	Get auth key details
`tailscale_key_create`	Create a new auth key
`tailscale_key_delete`	Delete an auth key (requires `confirm: true`)

Tailnet (5 tools)

Tool	Description
`tailscale_tailnet_settings_get`	Get tailnet settings
`tailscale_tailnet_settings_update`	Update tailnet settings (requires `confirm: true`)
`tailscale_tailnet_contacts_get`	Get tailnet contact emails
`tailscale_tailnet_contacts_set`	Update tailnet contacts (requires `confirm: true`)
`tailscale_tailnet_lock_status`	Get Tailnet Lock status

Users (2 tools)

Tool	Description
`tailscale_user_list`	List all users (filter by type/role)
`tailscale_user_get`	Get user details by ID

Webhooks (4 tools)

Tool	Description
`tailscale_webhook_list`	List all webhook endpoints
`tailscale_webhook_create`	Create a webhook endpoint
`tailscale_webhook_get`	Get webhook details by ID
`tailscale_webhook_delete`	Delete a webhook (requires `confirm: true`)

Posture Integrations (4 tools)

Tool	Description
`tailscale_posture_integration_list`	List all posture provider integrations
`tailscale_posture_integration_get`	Get posture integration details by ID
`tailscale_posture_integration_create`	Create a posture provider integration
`tailscale_posture_integration_delete`	Delete a posture integration (requires `confirm: true`)

Diagnostics (5 tools)

Tool	Description
`tailscale_status`	Tailnet status summary (device counts, online/offline)
`tailscale_api_verify`	Verify API connectivity and authentication
`tailscale_log_stream_get`	Get log streaming configuration
`tailscale_log_stream_set`	Set log streaming configuration (requires `confirm: true`)
`tailscale_derp_map`	Get DERP relay map

Architecture

See ARCHITECTURE.md for detailed architecture diagrams and component descriptions.

Roadmap

See ROADMAP.md for the product development roadmap.

Development

npm run build      # Compile TypeScript
npm test           # Run unit tests (vitest)
npm run typecheck  # Type check only (no emit)

See CONTRIBUTING.md for contribution guidelines. See docs/api-reference.md for the Tailscale API v2 endpoint mapping.

Open Source

mcp-tailscale is the community edition — a fully functional MCP Gateway Runtime under AGPL-3.0. Self-host it, contribute to it, build on it.

What you get with the open-source edition:

Complete Tailscale API v2 coverage (48 tools, 9 domains)
stdio and SSE transport
API key and OAuth authentication
Zod-validated inputs, structured error handling
Claude Code skills for common workflows
Full test suite (vitest)

Commercial

For organizations that need governance, compliance, and multi-tenant capabilities on top of the open-source runtime, we offer commercial editions with enterprise features.

Planned enterprise capabilities:

Role-based access control (RBAC)
OIDC/SAML single sign-on
Audit event logging
Policy engine for tool access control
Multi-tenant isolation
Commercial license (no AGPL obligations)
Priority support and SLA

See PRODUCT_PACKAGING.md for tier details.

License

This project is dual-licensed:

Open Source: GNU Affero General Public License v3.0 (AGPL-3.0) — free for open-source and non-commercial use
Commercial: Available for proprietary integrations — see COMMERCIAL_LICENSE.md

If you use mcp-tailscale in a proprietary product or SaaS offering, a commercial license is required. Support development by sponsoring us on GitHub.

Tailscale MCP Server

Quick Install