tailscale-mcp 2026.3.16 → 2026.3.17

package/CHANGELOG.md

@@ -4,6 +4,28 @@ All notable changes to this project will be documented in this file.
 This project uses [Calendar Versioning](https://calver.org/) (`YYYY.MM.DD.TS`).
 
 
+## v2026.03.16.3
+
+- **Plugin API: extract `createServer()` factory for enterprise extensibility** (#37)
+  - Add `src/types.ts` with `ToolHandler`, `ToolMiddleware`, and `ToolResult` types
+  - Add `src/server.ts` with `createServer()` factory supporting optional middleware
+  - Refactor `src/index.ts` to use `createServer()` internally (zero behavior change)
+  - Add `exports` map to `package.json` for subpath imports (`/server`, `/types`, `/client/*`, `/utils/*`, `/transport`)
+  - Add design doc `docs/plans/003-plugin-api.md`
+  - 199 unit tests (was 188)
+
+## v2026.03.16.2
+
+- Add ADR-0024 reference to `.gitignore` and MCP Registry Tokens entry to CLAUDE.md security section (#35)
+
+## v2026.03.16.1
+
+- Register on official MCP Registry as `io.github.itunified-io/tailscale` (#12)
+- Add `server.json` metadata for MCP registry publishing
+- Add `mcpName` field to package.json for registry validation
+- Bump version to `2026.3.16`, publish `tailscale-mcp@2026.3.16` to npm
+- Add `.mcpregistry_*` to `.gitignore`
+
 ## v2026.03.15.5
 
 - Publish to npm as `tailscale-mcp`, add `.npmignore`, `bin` entry, expanded keywords (#12)

package/CLAUDE.md

@@ -86,6 +86,7 @@ docs/
 - **Error handling**: No credential leaks in error messages (Bearer token never appears in logs or errors)
 - **Credentials**: Never hardcoded, never logged, never in git
 - **Secret Redaction — MANDATORY**: When using `grep`, `cat`, `sed`, `awk`, shell scripts, or any tool that reads/displays file contents containing secrets (`.env`, credentials, API keys, tokens, passwords), **ALWAYS redact the secret values** in output. Never display raw secret values in terminal output, logs, conversation context, or commit messages.
+- **MCP Registry Tokens**: `.mcpregistry_*` files are gitignored (ADR-0024). Never commit registry auth tokens.
 - **Public Repo Documentation Policy — MANDATORY**: This is a **public repository**. All documentation, code examples, test data, and commit messages MUST use only generic placeholders:
   - Tailnet names: `your-tailnet-name`, `example.com`
   - Device IDs: `123456789`

package/dist/index.d.ts

@@ -1,2 +1,6 @@
+/**
+ * CLI entry point for mcp-tailscale.
+ * Uses createServer() factory and connects the appropriate transport.
+ */
 export {};
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/dist/index.js

@@ -1,65 +1,13 @@
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+/**
+ * CLI entry point for mcp-tailscale.
+ * Uses createServer() factory and connects the appropriate transport.
+ */
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { SSEServerTransport } from "@modelcontextprotocol/sdk/server/sse.js";
 import express from "express";
 import { validateTransportConfig, createAuthMiddleware } from "./transport.js";
-import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
-import { createClientFromEnv } from "./client/client-factory.js";
-import { deviceToolDefinitions, handleDeviceTool } from "./tools/devices.js";
-import { dnsToolDefinitions, handleDnsTool } from "./tools/dns.js";
-import { aclToolDefinitions, handleAclTool } from "./tools/acl.js";
-import { keyToolDefinitions, handleKeyTool } from "./tools/keys.js";
-import { tailnetToolDefinitions, handleTailnetTool } from "./tools/tailnet.js";
-import { diagnosticsToolDefinitions, handleDiagnosticsTool } from "./tools/diagnostics.js";
-import { userToolDefinitions, handleUserTool } from "./tools/users.js";
-import { webhookToolDefinitions, handleWebhookTool } from "./tools/webhooks.js";
-import { postureToolDefinitions, handlePostureTool } from "./tools/posture.js";
-const allToolDefinitions = [
-    ...deviceToolDefinitions,
-    ...dnsToolDefinitions,
-    ...aclToolDefinitions,
-    ...keyToolDefinitions,
-    ...tailnetToolDefinitions,
-    ...diagnosticsToolDefinitions,
-    ...userToolDefinitions,
-    ...webhookToolDefinitions,
-    ...postureToolDefinitions,
-];
-const toolHandlers = new Map();
-for (const def of deviceToolDefinitions)
-    toolHandlers.set(def.name, handleDeviceTool);
-for (const def of dnsToolDefinitions)
-    toolHandlers.set(def.name, handleDnsTool);
-for (const def of aclToolDefinitions)
-    toolHandlers.set(def.name, handleAclTool);
-for (const def of keyToolDefinitions)
-    toolHandlers.set(def.name, handleKeyTool);
-for (const def of tailnetToolDefinitions)
-    toolHandlers.set(def.name, handleTailnetTool);
-for (const def of diagnosticsToolDefinitions)
-    toolHandlers.set(def.name, handleDiagnosticsTool);
-for (const def of userToolDefinitions)
-    toolHandlers.set(def.name, handleUserTool);
-for (const def of webhookToolDefinitions)
-    toolHandlers.set(def.name, handleWebhookTool);
-for (const def of postureToolDefinitions)
-    toolHandlers.set(def.name, handlePostureTool);
-const server = new Server({ name: "mcp-tailscale", version: "2026.3.14" }, { capabilities: { tools: {} } });
-const client = createClientFromEnv();
-server.setRequestHandler(ListToolsRequestSchema, async () => ({
-    tools: allToolDefinitions,
-}));
-server.setRequestHandler(CallToolRequestSchema, async (request) => {
-    const { name, arguments: args } = request.params;
-    const handler = toolHandlers.get(name);
-    if (!handler) {
-        return {
-            content: [{ type: "text", text: `Unknown tool: ${name}` }],
-            isError: true,
-        };
-    }
-    return handler(name, (args ?? {}), client);
-});
+import { createServer } from "./server.js";
+const { server } = createServer();
 async function main() {
     const config = validateTransportConfig(process.env);
     if (config.mode === "stdio") {

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAC7E,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAG5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACpE,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAC/E,OAAO,EAAE,0BAA0B,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC3F,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAE/E,MAAM,kBAAkB,GAAY;IAClC,GAAG,qBAAqB;IACxB,GAAG,kBAAkB;IACrB,GAAG,kBAAkB;IACrB,GAAG,kBAAkB;IACrB,GAAG,sBAAsB;IACzB,GAAG,0BAA0B;IAC7B,GAAG,mBAAmB;IACtB,GAAG,sBAAsB;IACzB,GAAG,sBAAsB;CACJ,CAAC;AAExB,MAAM,YAAY,GAAG,IAAI,GAAG,EAGzB,CAAC;AAEJ,KAAK,MAAM,GAAG,IAAI,qBAAqB;IAAE,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;AACtF,KAAK,MAAM,GAAG,IAAI,kBAAkB;IAAE,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AAChF,KAAK,MAAM,GAAG,IAAI,kBAAkB;IAAE,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AAChF,KAAK,MAAM,GAAG,IAAI,kBAAkB;IAAE,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;AAChF,KAAK,MAAM,GAAG,IAAI,sBAAsB;IAAE,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;AACxF,KAAK,MAAM,GAAG,IAAI,0BAA0B;IAAE,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;AAChG,KAAK,MAAM,GAAG,IAAI,mBAAmB;IAAE,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;AAClF,KAAK,MAAM,GAAG,IAAI,sBAAsB;IAAE,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;AACxF,KAAK,MAAM,GAAG,IAAI,sBAAsB;IAAE,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;AAExF,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,WAAW,EAAE,EAC/C,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;AAEF,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;AAErC,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;IAC5D,KAAK,EAAE,kBAAkB;CAC1B,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;IAChE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IACjD,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAEvC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,iBAAiB,IAAI,EAAE,EAAE,CAAC;YACnE,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IAED,OAAO,OAAO,CAAC,IAAI,EAAE,CAAC,IAAI,IAAI,EAAE,CAA4B,EAAE,MAAM,CAAC,CAAC;AACxE,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,uBAAuB,CAAC,OAAO,CAAC,GAAyC,CAAC,CAAC;IAE1F,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAEhD,+DAA+D;QAC/D,MAAM,aAAa,GAAG,IAAI,GAAG,EAA8B,CAAC;QAE5D,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC3C,MAAM,SAAS,GAAG,IAAI,kBAAkB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAC3D,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YAElD,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACnB,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,CAAC,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YACjD,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,SAAmB,CAAC;YAChD,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YACD,MAAM,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACxC,OAAO,CAAC,KAAK,CAAC,+BAA+B,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;IAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAC7E,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,uBAAuB,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,MAAM,EAAE,MAAM,EAAE,GAAG,YAAY,EAAE,CAAC;AAElC,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,uBAAuB,CAAC,OAAO,CAAC,GAAyC,CAAC,CAAC;IAE1F,IAAI,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;QACtB,GAAG,CAAC,GAAG,CAAC,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QAEhD,+DAA+D;QAC/D,MAAM,aAAa,GAAG,IAAI,GAAG,EAA8B,CAAC;QAE5D,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YAC3C,MAAM,SAAS,GAAG,IAAI,kBAAkB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAC3D,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;YAElD,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACnB,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAC5C,CAAC,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,EAAE;YACjD,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,SAAmB,CAAC;YAChD,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;gBACzD,OAAO;YACT,CAAC;YACD,MAAM,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACxC,OAAO,CAAC,KAAK,CAAC,+BAA+B,MAAM,CAAC,IAAI,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,CAAC,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;IAChD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/server.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Server factory for mcp-tailscale.
+ * Creates an MCP server with all Tailscale tools registered.
+ * Supports optional middleware for enterprise extensions (audit, RBAC, etc.).
+ */
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import type { Tool } from "@modelcontextprotocol/sdk/types.js";
+import type { ITailscaleClient } from "./client/types.js";
+import type { ToolHandler, ToolMiddleware } from "./types.js";
+/**
+ * Options for creating an MCP Tailscale server.
+ */
+export interface CreateServerOptions {
+    /** Optional middleware to intercept all tool calls (for audit, RBAC, etc.) */
+    middleware?: ToolMiddleware;
+    /** Server name (default: "mcp-tailscale") */
+    name?: string;
+    /** Server version (default: "2026.3.16") */
+    version?: string;
+}
+/**
+ * Result from createServer().
+ */
+export interface CreateServerResult {
+    /** The MCP server instance, ready to connect a transport */
+    server: Server;
+    /** The Tailscale API client */
+    client: ITailscaleClient;
+    /** All 48 tool definitions */
+    allToolDefinitions: Tool[];
+    /** Map of tool name → handler function */
+    toolHandlers: Map<string, ToolHandler>;
+}
+/**
+ * Create an MCP server with all Tailscale tools registered.
+ *
+ * @example
+ * // Basic usage (identical to running `npx tailscale-mcp`)
+ * const { server } = createServer();
+ *
+ * @example
+ * // With enterprise middleware
+ * const { server } = createServer({
+ *   middleware: async (name, args, client, next) => {
+ *     console.log(`Tool called: ${name}`);
+ *     return next(name, args, client);
+ *   },
+ * });
+ */
+export declare function createServer(options?: CreateServerOptions): CreateServerResult;
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAKnE,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAC/D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE1D,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAwB9D;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAClC,8EAA8E;IAC9E,UAAU,CAAC,EAAE,cAAc,CAAC;IAC5B,6CAA6C;IAC7C,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,4DAA4D;IAC5D,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,MAAM,EAAE,gBAAgB,CAAC;IACzB,8BAA8B;IAC9B,kBAAkB,EAAE,IAAI,EAAE,CAAC;IAC3B,0CAA0C;IAC1C,YAAY,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;CACxC;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,YAAY,CAC1B,OAAO,CAAC,EAAE,mBAAmB,GAC5B,kBAAkB,CAgFpB"}

package/dist/server.js

@@ -0,0 +1,96 @@
+/**
+ * Server factory for mcp-tailscale.
+ * Creates an MCP server with all Tailscale tools registered.
+ * Supports optional middleware for enterprise extensions (audit, RBAC, etc.).
+ */
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { createClientFromEnv } from "./client/client-factory.js";
+import { deviceToolDefinitions, handleDeviceTool } from "./tools/devices.js";
+import { dnsToolDefinitions, handleDnsTool } from "./tools/dns.js";
+import { aclToolDefinitions, handleAclTool } from "./tools/acl.js";
+import { keyToolDefinitions, handleKeyTool } from "./tools/keys.js";
+import { tailnetToolDefinitions, handleTailnetTool, } from "./tools/tailnet.js";
+import { diagnosticsToolDefinitions, handleDiagnosticsTool, } from "./tools/diagnostics.js";
+import { userToolDefinitions, handleUserTool } from "./tools/users.js";
+import { webhookToolDefinitions, handleWebhookTool, } from "./tools/webhooks.js";
+import { postureToolDefinitions, handlePostureTool, } from "./tools/posture.js";
+/**
+ * Create an MCP server with all Tailscale tools registered.
+ *
+ * @example
+ * // Basic usage (identical to running `npx tailscale-mcp`)
+ * const { server } = createServer();
+ *
+ * @example
+ * // With enterprise middleware
+ * const { server } = createServer({
+ *   middleware: async (name, args, client, next) => {
+ *     console.log(`Tool called: ${name}`);
+ *     return next(name, args, client);
+ *   },
+ * });
+ */
+export function createServer(options) {
+    const { middleware, name = "mcp-tailscale", version = "2026.3.16", } = options ?? {};
+    // Assemble all tool definitions
+    const allToolDefinitions = [
+        ...deviceToolDefinitions,
+        ...dnsToolDefinitions,
+        ...aclToolDefinitions,
+        ...keyToolDefinitions,
+        ...tailnetToolDefinitions,
+        ...diagnosticsToolDefinitions,
+        ...userToolDefinitions,
+        ...webhookToolDefinitions,
+        ...postureToolDefinitions,
+    ];
+    // Build tool handler map
+    const toolHandlers = new Map();
+    for (const def of deviceToolDefinitions)
+        toolHandlers.set(def.name, handleDeviceTool);
+    for (const def of dnsToolDefinitions)
+        toolHandlers.set(def.name, handleDnsTool);
+    for (const def of aclToolDefinitions)
+        toolHandlers.set(def.name, handleAclTool);
+    for (const def of keyToolDefinitions)
+        toolHandlers.set(def.name, handleKeyTool);
+    for (const def of tailnetToolDefinitions)
+        toolHandlers.set(def.name, handleTailnetTool);
+    for (const def of diagnosticsToolDefinitions)
+        toolHandlers.set(def.name, handleDiagnosticsTool);
+    for (const def of userToolDefinitions)
+        toolHandlers.set(def.name, handleUserTool);
+    for (const def of webhookToolDefinitions)
+        toolHandlers.set(def.name, handleWebhookTool);
+    for (const def of postureToolDefinitions)
+        toolHandlers.set(def.name, handlePostureTool);
+    // Create Tailscale API client
+    const client = createClientFromEnv();
+    // Create MCP server
+    const server = new Server({ name, version }, { capabilities: { tools: {} } });
+    // Register ListTools handler
+    server.setRequestHandler(ListToolsRequestSchema, async () => ({
+        tools: allToolDefinitions,
+    }));
+    // Register CallTools handler (with optional middleware)
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        const { name: toolName, arguments: args } = request.params;
+        const handler = toolHandlers.get(toolName);
+        if (!handler) {
+            return {
+                content: [
+                    { type: "text", text: `Unknown tool: ${toolName}` },
+                ],
+                isError: true,
+            };
+        }
+        const typedArgs = (args ?? {});
+        if (middleware) {
+            return middleware(toolName, typedArgs, client, handler);
+        }
+        return handler(toolName, typedArgs, client);
+    });
+    return { server, client, allToolDefinitions, toolHandlers };
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAG5C,OAAO,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAGjE,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AACpE,OAAO,EACL,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,0BAA0B,EAC1B,qBAAqB,GACtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvE,OAAO,EACL,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,sBAAsB,EACtB,iBAAiB,GAClB,MAAM,oBAAoB,CAAC;AA4B5B;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,YAAY,CAC1B,OAA6B;IAE7B,MAAM,EACJ,UAAU,EACV,IAAI,GAAG,eAAe,EACtB,OAAO,GAAG,WAAW,GACtB,GAAG,OAAO,IAAI,EAAE,CAAC;IAElB,gCAAgC;IAChC,MAAM,kBAAkB,GAAW;QACjC,GAAG,qBAAqB;QACxB,GAAG,kBAAkB;QACrB,GAAG,kBAAkB;QACrB,GAAG,kBAAkB;QACrB,GAAG,sBAAsB;QACzB,GAAG,0BAA0B;QAC7B,GAAG,mBAAmB;QACtB,GAAG,sBAAsB;QACzB,GAAG,sBAAsB;KACL,CAAC;IAEvB,yBAAyB;IACzB,MAAM,YAAY,GAAG,IAAI,GAAG,EAAuB,CAAC;IAEpD,KAAK,MAAM,GAAG,IAAI,qBAAqB;QACrC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;IAC/C,KAAK,MAAM,GAAG,IAAI,kBAAkB;QAClC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,kBAAkB;QAClC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,kBAAkB;QAClC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,sBAAsB;QACtC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;IAChD,KAAK,MAAM,GAAG,IAAI,0BAA0B;QAC1C,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;IACpD,KAAK,MAAM,GAAG,IAAI,mBAAmB;QACnC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IAC7C,KAAK,MAAM,GAAG,IAAI,sBAAsB;QACtC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;IAChD,KAAK,MAAM,GAAG,IAAI,sBAAsB;QACtC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;IAEhD,8BAA8B;IAC9B,MAAM,MAAM,GAAG,mBAAmB,EAAE,CAAC;IAErC,oBAAoB;IACpB,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,OAAO,EAAE,EACjB,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,6BAA6B;IAC7B,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;QAC5D,KAAK,EAAE,kBAAkB;KAC1B,CAAC,CAAC,CAAC;IAEJ,wDAAwD;IACxD,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;QAC3D,MAAM,OAAO,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,OAAO,EAAE;oBACP,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,iBAAiB,QAAQ,EAAE,EAAE;iBAC7D;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAC;QAE1D,IAAI,UAAU,EAAE,CAAC;YACf,OAAO,UAAU,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,EAAE,YAAY,EAAE,CAAC;AAC9D,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Shared types for MCP tool handling and middleware.
+ * Used by the core server and enterprise extensions.
+ */
+import type { ITailscaleClient } from "./client/types.js";
+/**
+ * Result returned by a tool handler.
+ */
+export type ToolResult = {
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+    isError?: boolean;
+};
+/**
+ * Handler function for a single MCP tool.
+ * Receives the tool name, validated arguments, and Tailscale client.
+ */
+export type ToolHandler = (name: string, args: Record<string, unknown>, client: ITailscaleClient) => Promise<ToolResult>;
+/**
+ * Middleware that intercepts tool calls before/after execution.
+ * Call `next(name, args, client)` to continue to the actual handler.
+ * Enterprise uses this for audit logging, RBAC, policy enforcement, etc.
+ */
+export type ToolMiddleware = (name: string, args: Record<string, unknown>, client: ITailscaleClient, next: ToolHandler) => Promise<ToolResult>;
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAE1D;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,CACxB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,MAAM,EAAE,gBAAgB,KACrB,OAAO,CAAC,UAAU,CAAC,CAAC;AAEzB;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG,CAC3B,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,WAAW,KACd,OAAO,CAAC,UAAU,CAAC,CAAC"}

package/dist/types.js

@@ -0,0 +1,6 @@
+/**
+ * Shared types for MCP tool handling and middleware.
+ * Used by the core server and enterprise extensions.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}

package/package.json

@@ -1,10 +1,18 @@
 {
   "name": "tailscale-mcp",
   "mcpName": "io.github.itunified-io/tailscale",
-  "version": "2026.3.16",
+  "version": "2026.3.17",
   "description": "Secure MCP access for private infrastructure over Tailscale — 48 tools for devices, DNS, ACL, keys, users, webhooks, posture, and tailnet management via Tailscale API v2",
   "type": "module",
   "main": "dist/index.js",
+  "exports": {
+    ".": "./dist/index.js",
+    "./server": "./dist/server.js",
+    "./types": "./dist/types.js",
+    "./client/*": "./dist/client/*.js",
+    "./utils/*": "./dist/utils/*.js",
+    "./transport": "./dist/transport.js"
+  },
   "bin": {
     "mcp-tailscale": "dist/index.js"
   },

package/server.json

@@ -3,23 +3,20 @@
   "name": "io.github.itunified-io/tailscale",
   "title": "Tailscale MCP Server",
   "description": "Secure MCP access for private infrastructure over Tailscale — 48 tools across 9 domains",
+  "version": "2026.3.16",
   "repository": {
     "url": "https://github.com/itunified-io/mcp-tailscale",
     "source": "github"
   },
-  "version_detail": {
-    "version": "2026.3.15",
-    "release_date": "2026-03-15"
-  },
   "packages": [
     {
       "registryType": "npm",
       "identifier": "tailscale-mcp",
-      "version": "2026.3.15",
-      "runtime": "node",
-      "runtime_arguments": [],
-      "package_arguments": [],
-      "environment_variables": [
+      "version": "2026.3.16",
+      "runtimeHint": "npx",
+      "runtimeArguments": [],
+      "packageArguments": [],
+      "environmentVariables": [
         {
           "name": "TAILSCALE_API_KEY",
           "description": "Tailscale API key",

package/.mcpregistry_github_token

@@ -1 +0,0 @@
-ghu_7si3hZcRXM5oe8ZNBuynQHUWZa54CB4Jt0WS

package/.mcpregistry_registry_token

@@ -1 +0,0 @@
-{"token":"eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJtY3AtcmVnaXN0cnkiLCJleHAiOjE3NzM1NjU0MjksIm5iZiI6MTc3MzU2NTEyOSwiaWF0IjoxNzczNTY1MTI5LCJhdXRoX21ldGhvZCI6ImdpdGh1Yi1hdCIsImF1dGhfbWV0aG9kX3N1YiI6Iml0dW5pZmllZC1idWVjaGVsZWIiLCJwZXJtaXNzaW9ucyI6W3siYWN0aW9uIjoicHVibGlzaCIsInJlc291cmNlIjoiaW8uZ2l0aHViLml0dW5pZmllZC1idWVjaGVsZWIvKiJ9LHsiYWN0aW9uIjoicHVibGlzaCIsInJlc291cmNlIjoiaW8uZ2l0aHViLml0dW5pZmllZC8qIn0seyJhY3Rpb24iOiJwdWJsaXNoIiwicmVzb3VyY2UiOiJpby5naXRodWIuaXR1bmlmaWVkLWlvLyoifV19.h2qb1P7ArenWZNrHffxwHTLH5uujGs_GXTvBxE4nap-yIYRx_LL_OERCx5dLj4FtJfQ5w7Eblyv1udtxMl4cCg","expires_at":1773565429}