npm - @yawlabs/tailscale-mcp - Versions diffs - 0.9.0 → 0.9.1 - Mend

@yawlabs/tailscale-mcp 0.9.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -158,7 +158,7 @@ Set to `1` or `true` to drop every tool without `readOnlyHint: true`. Stacks wit
 The server logs the active filter to stderr on startup:
 ```
-@yawlabs/tailscale-mcp v0.9.0 ready (19 tools, profile=core, readonly)
+@yawlabs/tailscale-mcp v0.9.1 ready (19 tools, profile=core, readonly)
 ```
 If you don't set any filter, startup prints a tip pointing you at the profiles.

package/dist/index.js CHANGED Viewed

@@ -31284,16 +31284,16 @@ var keyTools = [
   },
   {
     name: "tailscale_get_key",
-    description: "Get details for a specific auth key.",
+    description: "Get details for a specific key (auth key, OAuth client, or federated identity).",
     annotations: {
-      title: "Get auth key",
+      title: "Get key",
       readOnlyHint: true,
       destructiveHint: false,
       idempotentHint: true,
       openWorldHint: true
     },
     inputSchema: external_exports3.object({
-      keyId: external_exports3.string().describe("The auth key ID")
+      keyId: external_exports3.string().describe("The key ID (auth key, OAuth client, or federated identity)")
     }),
     handler: async (input) => {
       return apiGet(`/tailnet/${getTailnet()}/keys/${encPath(input.keyId)}`);
@@ -31376,16 +31376,16 @@ var keyTools = [
   },
   {
     name: "tailscale_delete_key",
-    description: "Delete an auth key. This is irreversible \u2014 devices already authenticated with this key are unaffected, but no new devices can use it.",
+    description: "Delete a key (auth key, OAuth client, or federated identity). This is irreversible. For auth keys, devices already authenticated are unaffected but no new devices can use it. For OAuth clients and federated identities, any integrations using them lose access immediately.",
     annotations: {
-      title: "Delete auth key",
+      title: "Delete key",
       readOnlyHint: false,
       destructiveHint: true,
       idempotentHint: true,
       openWorldHint: true
     },
     inputSchema: external_exports3.object({
-      keyId: external_exports3.string().describe("The auth key ID to delete")
+      keyId: external_exports3.string().describe("The key ID to delete (auth key, OAuth client, or federated identity)")
     }),
     handler: async (input) => {
       return apiDelete(`/tailnet/${getTailnet()}/keys/${encPath(input.keyId)}`);
@@ -31433,7 +31433,7 @@ var keyTools = [
 var logStreamingTools = [
   {
     name: "tailscale_list_log_stream_configs",
-    description: "List all log streaming configurations for your tailnet. Fetches both 'configuration' (audit) and 'network' (flow) log stream configs. Log streaming sends logs to external destinations like Axiom, Datadog, Splunk, Elasticsearch, S3, or GCS.",
+    description: "List all log streaming configurations for your tailnet. Fetches both 'configuration' (audit) and 'network' (flow) log stream configs. Log streaming sends logs to external destinations like Axiom, Datadog, Splunk, Elasticsearch, or S3.",
     annotations: {
       title: "List log stream configs",
       readOnlyHint: true,
@@ -31484,7 +31484,7 @@ var logStreamingTools = [
   },
   {
     name: "tailscale_set_log_stream_config",
-    description: "Set the log streaming configuration for a specific log type. Configures where logs are sent (e.g. Axiom, Datadog, Splunk, Elasticsearch, S3, GCS).",
+    description: "Set the log streaming configuration for a specific log type. Configures where logs are sent (e.g. Axiom, Datadog, Splunk, Elasticsearch, S3).\n\nPer-destination required fields:\n- splunk / elastic / panther / cribl / datadog / axiom: url + token (user optional)\n- s3: s3Bucket + s3Region + s3AuthenticationType, plus either (s3AccessKeyId + s3SecretAccessKey) for 'accesskey' auth or s3RoleArn for 'rolearn' auth. Call tailscale_create_aws_external_id first when using 'rolearn'.",
     annotations: {
       title: "Set log stream config",
       readOnlyHint: false,
@@ -31494,10 +31494,23 @@ var logStreamingTools = [
     },
     inputSchema: external_exports3.object({
       logType: external_exports3.enum(["configuration", "network"]).describe("The log type: 'configuration' for audit logs, 'network' for network flow logs"),
-      destinationType: external_exports3.enum(["splunk", "elastic", "panther", "cribl", "datadog", "axiom", "s3", "gcs"]).describe("The log streaming destination type"),
-      url: external_exports3.string().optional().describe("Destination URL (required for most destination types)"),
+      destinationType: external_exports3.enum(["splunk", "elastic", "panther", "cribl", "datadog", "axiom", "s3"]).describe("The log streaming destination type"),
+      url: external_exports3.string().optional().describe("Destination URL (required for non-s3 destinations)"),
       token: external_exports3.string().optional().describe("Authentication token or API key for the destination"),
-      user: external_exports3.string().optional().describe("Username for the destination (if required)")
+      user: external_exports3.string().optional().describe("Username for the destination (if required)"),
+      uploadPeriodMinutes: external_exports3.number().optional().describe("Minutes to wait between uploads (max 1440). Optional."),
+      compressionFormat: external_exports3.enum(["zstd", "gzip", "none"]).optional().describe("Compression algorithm for log uploads. Defaults to 'none'."),
+      s3Bucket: external_exports3.string().optional().describe("(s3 only) S3 bucket name. Required when destinationType is 's3'."),
+      s3Region: external_exports3.string().optional().describe("(s3 only) AWS region of the S3 bucket. Required when destinationType is 's3'."),
+      s3KeyPrefix: external_exports3.string().optional().describe("(s3 only) Optional prefix prepended to the auto-generated S3 object key."),
+      s3AuthenticationType: external_exports3.enum(["accesskey", "rolearn"]).optional().describe(
+        "(s3 only) Authentication mode. Required when destinationType is 's3'. Tailscale recommends 'rolearn'."
+      ),
+      s3AccessKeyId: external_exports3.string().optional().describe("(s3 only) AWS access key id. Required when s3AuthenticationType is 'accesskey'."),
+      s3SecretAccessKey: external_exports3.string().optional().describe("(s3 only) AWS secret access key. Required when s3AuthenticationType is 'accesskey'."),
+      s3RoleArn: external_exports3.string().optional().describe(
+        "(s3 only) IAM role ARN that Tailscale will assume. Required when s3AuthenticationType is 'rolearn'."
+      )
     }),
     handler: async (input) => {
       const { logType, ...body } = input;
@@ -32281,7 +32294,7 @@ var webhookTools = [
 ];
 // src/index.ts
-var version2 = true ? "0.9.0" : (await null).createRequire(import.meta.url)("../package.json").version;
+var version2 = true ? "0.9.1" : (await null).createRequire(import.meta.url)("../package.json").version;
 var subcommand = process.argv[2];
 if (subcommand === "deploy-acl") {
   const filePath = process.argv[3];

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@yawlabs/tailscale-mcp",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "description": "Tailscale MCP server for managing your tailnet from AI assistants",
   "license": "MIT",
   "author": "YawLabs <contact@yaw.sh>",