You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feature request: Official MCP server for Tailscale administration
Note
I used an AI assistant to help draft and polish this feature request so it would be clear and easy to read. I fully reviewed the text, agree with it, and am submitting it as my own request.
I’d like an official Tailscale MCP server that exposes scoped Tailscale administration tools to MCP-compatible chatbots and agents, including both local and cloud-hosted assistants.
Use case
I want to be able to ask a chatbot to inspect and help administer my tailnet through the Tailscale API, with explicit confirmation before any write operation. For example:
Read current ACL/policy file
Validate proposed ACL/policy changes
Preview policy effects before applying
Apply policy changes after user confirmation
List devices, users, tags, routes, DNS settings, and posture data
Help diagnose access issues by correlating ACLs, device state, tags, routes, and DNS
This would be especially useful for homelab users and small teams where the policy file can become complex, but where granting a general-purpose assistant broad credentials is risky.
Desired properties
Officially maintained by Tailscale
Supports OAuth clients / trust credentials rather than long-lived full API keys
Fine-grained scopes for read-only, policy-write, device-admin, DNS-admin, route-admin, etc.
Read-only mode by default
Write operations require explicit confirmation from the MCP client/user
Policy updates should use validate/preview endpoints before apply
Clear audit logging of tool calls and applied changes
Safe transport options for local use, Tailscale Serve, or Aperture
Compatible with common MCP clients such as Claude Desktop, Cursor, Codex, and local LLM frontends
There are already several community Tailscale MCP servers, which suggests demand exists, but an official server would be easier to trust for security-sensitive administration.
This seems aligned with Tailscale’s recent work around Aperture MCP proxying and identity-aware AI tooling, but focused specifically on administering Tailscale itself through well-scoped MCP tools.
This would be a big ask I'm sure, but it would realy be cool and helpful (if written with gaurdrails)
What are you trying to do?
Feature request: Official MCP server for Tailscale administration
Note
I used an AI assistant to help draft and polish this feature request so it would be clear and easy to read. I fully reviewed the text, agree with it, and am submitting it as my own request.
I’d like an official Tailscale MCP server that exposes scoped Tailscale administration tools to MCP-compatible chatbots and agents, including both local and cloud-hosted assistants.
Use case
I want to be able to ask a chatbot to inspect and help administer my tailnet through the Tailscale API, with explicit confirmation before any write operation. For example:
This would be especially useful for homelab users and small teams where the policy file can become complex, but where granting a general-purpose assistant broad credentials is risky.
Desired properties
There are already several community Tailscale MCP servers, which suggests demand exists, but an official server would be easier to trust for security-sensitive administration.
This seems aligned with Tailscale’s recent work around Aperture MCP proxying and identity-aware AI tooling, but focused specifically on administering Tailscale itself through well-scoped MCP tools.
This would be a big ask I'm sure, but it would realy be cool and helpful (if written with gaurdrails)
How should we solve this?
No response
What is the impact of not solving this?
No response
Anything else?
No response