Tailscale MCP Server

Overview Inspect Schema Related Servers Score Discussions

manage_network_lock

Control Tailscale network lock operations to manage key authority, enabling or disabling security features, and adding or removing authorized keys via the MCP server.

Instructions

Manage Tailscale network lock (key authority) for enhanced security

Input Schema

TableJSON Schema

Name	Required	Description
`keyId`	No	Key ID for remove operations
`operation`	Yes	Network lock operation to perform
`publicKey`	No	Public key for add/remove operations

Implementation Reference

src/tools/acl-tools.ts:403-457 (handler)
The handler function that implements the logic for the manage_network_lock tool. It handles network lock operations (status, enable, disable) by calling Tailscale API methods and returns success or error responses.
async function manageNetworkLock( args: z.infer<typeof NetworkLockSchema>, context: ToolContext, ): Promise<CallToolResult> { try { logger.debug("Managing network lock:", args); switch (args.operation) { case "status": { const result = await context.api.getNetworkLockStatus(); if (!result.success) { return returnToolError(result.error); } const status = result.data; return returnToolSuccess( `Network Lock Status: - Enabled: ${status?.enabled ? "Yes" : "No"} - Node Key: ${status?.nodeKey || "Not available"} - Trusted Keys: ${status?.trustedKeys?.length || 0}`, ); } case "enable": { const result = await context.api.enableNetworkLock(); if (!result.success) { return returnToolError(result.error); } return returnToolSuccess( `Network lock enabled successfully. Key: ${ result.data?.key || "Generated" }`, ); } case "disable": { const result = await context.api.disableNetworkLock(); if (!result.success) { return returnToolError(result.error); } return returnToolSuccess("Network lock disabled successfully"); } default: return returnToolError( "Invalid network lock operation. Use: status, enable, disable, add_key, remove_key, or list_keys", ); } } catch (error) { logger.error("Error managing network lock:", error); return returnToolError(error); } }
src/tools/acl-tools.ts:95-104 (schema)
Zod input schema defining the parameters for the manage_network_lock tool, including operation type and optional keys.
const NetworkLockSchema = z.object({ operation: z .enum(["status", "enable", "disable", "add_key", "remove_key", "list_keys"]) .describe("Network lock operation to perform"), publicKey: z .string() .optional() .describe("Public key for add/remove operations"), keyId: z.string().optional().describe("Key ID for remove operations"), });
src/tools/acl-tools.ts:536-542 (registration)
Registration of the manage_network_lock tool within the aclTools ToolModule, specifying name, description, inputSchema, and handler.
{ name: "manage_network_lock", description: "Manage Tailscale network lock (key authority) for enhanced security", inputSchema: NetworkLockSchema, handler: manageNetworkLock, },

This server cannot be installed

Other Tools

Related Tools

manage_keys
@HexSleeves/tailscale-mcp
device_action
@HexSleeves/tailscale-mcp
manage_acl
@HexSleeves/tailscale-mcp
manage_device_tags
@HexSleeves/tailscale-mcp
get_tailnet_info
@HexSleeves/tailscale-mcp
manage_policy_file
@HexSleeves/tailscale-mcp

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/HexSleeves/tailscale-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server