npm - @yawlabs/tailscale-mcp - Versions diffs - 0.1.6 → 0.2.1 - Mend

@yawlabs/tailscale-mcp 0.1.6 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/README.md +104 -14
package/dist/api.js +2 -2
package/dist/api.js.map +1 -1
package/dist/index.js +59 -8
package/dist/index.js.map +1 -1
package/dist/tools/acl.d.ts +28 -0
package/dist/tools/acl.js +33 -4
package/dist/tools/acl.js.map +1 -1
package/dist/tools/audit.d.ts +14 -0
package/dist/tools/audit.js +19 -15
package/dist/tools/audit.js.map +1 -1
package/dist/tools/devices.d.ts +91 -0
package/dist/tools/devices.js +102 -4
package/dist/tools/devices.js.map +1 -1
package/dist/tools/dns.d.ts +56 -0
package/dist/tools/dns.js +57 -1
package/dist/tools/dns.js.map +1 -1
package/dist/tools/invites.d.ts +56 -0
package/dist/tools/invites.js +59 -9
package/dist/tools/invites.js.map +1 -1
package/dist/tools/keys.d.ts +28 -0
package/dist/tools/keys.js +29 -1
package/dist/tools/keys.js.map +1 -1
package/dist/tools/log-streaming.d.ts +90 -0
package/dist/tools/log-streaming.js +89 -0
package/dist/tools/log-streaming.js.map +1 -0
package/dist/tools/network-lock.d.ts +7 -0
package/dist/tools/network-lock.js +7 -0
package/dist/tools/network-lock.js.map +1 -1
package/dist/tools/oauth-clients.d.ts +118 -0
package/dist/tools/oauth-clients.js +102 -0
package/dist/tools/oauth-clients.js.map +1 -0
package/dist/tools/posture.d.ts +35 -0
package/dist/tools/posture.js +36 -1
package/dist/tools/posture.js.map +1 -1
package/dist/tools/services.d.ts +124 -0
package/dist/tools/services.js +106 -0
package/dist/tools/services.js.map +1 -0
package/dist/tools/status.d.ts +7 -0
package/dist/tools/status.js +7 -0
package/dist/tools/status.js.map +1 -1
package/dist/tools/tailnet.d.ts +28 -0
package/dist/tools/tailnet.js +28 -0
package/dist/tools/tailnet.js.map +1 -1
package/dist/tools/users.d.ts +42 -0
package/dist/tools/users.js +45 -2
package/dist/tools/users.js.map +1 -1
package/dist/tools/webhooks.d.ts +42 -0
package/dist/tools/webhooks.js +43 -1
package/dist/tools/webhooks.js.map +1 -1
package/dist/tools/workload-identity.d.ts +118 -0
package/dist/tools/workload-identity.js +105 -0
package/dist/tools/workload-identity.js.map +1 -0
package/package.json +6 -2

package/dist/tools/workload-identity.js ADDED Viewed

@@ -0,0 +1,105 @@
+import { z } from "zod";
+import { apiDelete, apiGet, apiPatch, apiPost, encPath, getTailnet } from "../api.js";
+export const workloadIdentityTools = [
+    {
+        name: "tailscale_list_workload_identities",
+        description: "List all federated workload identity providers configured for your tailnet. Workload identities allow CI/CD pipelines and automated systems to authenticate using OIDC federation.",
+        annotations: {
+            title: "List workload identities",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: true,
+        },
+        inputSchema: z.object({}),
+        handler: async () => {
+            return apiGet(`/tailnet/${getTailnet()}/workload-identity/providers`);
+        },
+    },
+    {
+        name: "tailscale_get_workload_identity",
+        description: "Get details for a specific workload identity provider.",
+        annotations: {
+            title: "Get workload identity",
+            readOnlyHint: true,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: true,
+        },
+        inputSchema: z.object({
+            providerId: z.string().describe("The workload identity provider ID"),
+        }),
+        handler: async (input) => {
+            return apiGet(`/tailnet/${getTailnet()}/workload-identity/providers/${encPath(input.providerId)}`);
+        },
+    },
+    {
+        name: "tailscale_create_workload_identity",
+        description: "Create a new workload identity provider for OIDC federation. Enables CI/CD systems (GitHub Actions, GitLab CI, etc.) to authenticate to your tailnet without static credentials.",
+        annotations: {
+            title: "Create workload identity",
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: false,
+            openWorldHint: true,
+        },
+        inputSchema: z.object({
+            name: z.string().describe("A human-readable name for this provider"),
+            issuerUrl: z
+                .string()
+                .describe("The OIDC issuer URL (e.g. 'https://token.actions.githubusercontent.com' for GitHub Actions)"),
+            audience: z.string().optional().describe("Expected audience claim in the OIDC token"),
+            claimMappings: z
+                .record(z.string(), z.string())
+                .optional()
+                .describe("Map of Tailscale attributes to OIDC token claims (e.g. { 'tag': 'repository' })"),
+        }),
+        handler: async (input) => {
+            return apiPost(`/tailnet/${getTailnet()}/workload-identity/providers`, input);
+        },
+    },
+    {
+        name: "tailscale_update_workload_identity",
+        description: "Update an existing workload identity provider's configuration.",
+        annotations: {
+            title: "Update workload identity",
+            readOnlyHint: false,
+            destructiveHint: false,
+            idempotentHint: true,
+            openWorldHint: true,
+        },
+        inputSchema: z.object({
+            providerId: z.string().describe("The workload identity provider ID to update"),
+            name: z.string().optional().describe("Updated human-readable name"),
+            audience: z.string().optional().describe("Updated expected audience claim"),
+            claimMappings: z.record(z.string(), z.string()).optional().describe("Updated claim mappings"),
+        }),
+        handler: async (input) => {
+            const { providerId, ...body } = input;
+            const cleanBody = {};
+            for (const [key, value] of Object.entries(body)) {
+                if (value !== undefined)
+                    cleanBody[key] = value;
+            }
+            return apiPatch(`/tailnet/${getTailnet()}/workload-identity/providers/${encPath(providerId)}`, cleanBody);
+        },
+    },
+    {
+        name: "tailscale_delete_workload_identity",
+        description: "Delete a workload identity provider. This is irreversible — any CI/CD pipelines using this provider will lose access.",
+        annotations: {
+            title: "Delete workload identity",
+            readOnlyHint: false,
+            destructiveHint: true,
+            idempotentHint: true,
+            openWorldHint: true,
+        },
+        inputSchema: z.object({
+            providerId: z.string().describe("The workload identity provider ID to delete"),
+        }),
+        handler: async (input) => {
+            return apiDelete(`/tailnet/${getTailnet()}/workload-identity/providers/${encPath(input.providerId)}`);
+        },
+    },
+];
+//# sourceMappingURL=workload-identity.js.map

package/dist/tools/workload-identity.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"workload-identity.js","sourceRoot":"","sources":["../../src/tools/workload-identity.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEtF,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC;QACE,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EACT,oLAAoL;QACtL,WAAW,EAAE;YACX,KAAK,EAAE,0BAA0B;YACjC,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,KAAK,IAAI,EAAE;YAClB,OAAO,MAAM,CAAC,YAAY,UAAU,EAAE,8BAA8B,CAAC,CAAC;QACxE,CAAC;KACF;IACD;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,wDAAwD;QACrE,WAAW,EAAE;YACX,KAAK,EAAE,uBAAuB;YAC9B,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,mCAAmC,CAAC;SACrE,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,KAA6B,EAAE,EAAE;YAC/C,OAAO,MAAM,CAAC,YAAY,UAAU,EAAE,gCAAgC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QACrG,CAAC;KACF;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EACT,kLAAkL;QACpL,WAAW,EAAE;YACX,KAAK,EAAE,0BAA0B;YACjC,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,KAAK;YACrB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,yCAAyC,CAAC;YACpE,SAAS,EAAE,CAAC;iBACT,MAAM,EAAE;iBACR,QAAQ,CAAC,6FAA6F,CAAC;YAC1G,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,2CAA2C,CAAC;YACrF,aAAa,EAAE,CAAC;iBACb,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;iBAC9B,QAAQ,EAAE;iBACV,QAAQ,CAAC,iFAAiF,CAAC;SAC/F,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,KAKf,EAAE,EAAE;YACH,OAAO,OAAO,CAAC,YAAY,UAAU,EAAE,8BAA8B,EAAE,KAAK,CAAC,CAAC;QAChF,CAAC;KACF;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,gEAAgE;QAC7E,WAAW,EAAE;YACX,KAAK,EAAE,0BAA0B;YACjC,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,KAAK;YACtB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;YAC9E,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6BAA6B,CAAC;YACnE,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,iCAAiC,CAAC;YAC3E,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;SAC9F,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,KAKf,EAAE,EAAE;YACH,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,EAAE,GAAG,KAAK,CAAC;YACtC,MAAM,SAAS,GAA4B,EAAE,CAAC;YAC9C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChD,IAAI,KAAK,KAAK,SAAS;oBAAE,SAAS,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YAClD,CAAC;YACD,OAAO,QAAQ,CAAC,YAAY,UAAU,EAAE,gCAAgC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC5G,CAAC;KACF;IACD;QACE,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EACT,uHAAuH;QACzH,WAAW,EAAE;YACX,KAAK,EAAE,0BAA0B;YACjC,YAAY,EAAE,KAAK;YACnB,eAAe,EAAE,IAAI;YACrB,cAAc,EAAE,IAAI;YACpB,aAAa,EAAE,IAAI;SACpB;QACD,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC;YACpB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;SAC/E,CAAC;QACF,OAAO,EAAE,KAAK,EAAE,KAA6B,EAAE,EAAE;YAC/C,OAAO,SAAS,CAAC,YAAY,UAAU,EAAE,gCAAgC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QACxG,CAAC;KACF;CACO,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@yawlabs/tailscale-mcp",
-  "version": "0.1.6",
+  "version": "0.2.1",
   "description": "Tailscale MCP server for managing your tailnet from AI assistants",
   "license": "MIT",
   "author": "YawLabs <contact@yaw.sh>",
@@ -30,13 +30,17 @@
     "dev": "tsc --watch",
     "start": "node dist/index.js",
     "test": "node --test dist/**/*.test.js",
+    "test:ci": "npm run build && npm test",
+    "lint": "biome check src/",
+    "lint:fix": "biome check --write src/",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.12.1",
+    "@modelcontextprotocol/sdk": "^1.29.0",
     "zod": "^3.24.4"
   },
   "devDependencies": {
+    "@biomejs/biome": "^1.9.4",
     "@types/node": "^22.15.2",
     "typescript": "^5.8.3"
   },