tailscale-blade-mcp
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| TAILSCALE_API_KEY | Yes | Tailscale API access token (tskey-api-...) or OAuth Bearer token. | |
| TAILSCALE_MCP_API_TOKEN | No | Optional Bearer token for HTTP transport authentication. | |
| TAILSCALE_WRITE_ENABLED | No | Set to 'true' to enable write operations. | false |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
| logging | {} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| extensions | {
"io.modelcontextprotocol/ui": {}
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| ts_infoA | Health check: device counts, online/offline, key expiry warnings, updates, tailnet settings, write gate. |
| ts_devicesA | List all devices: hostname, OS, IP, online/offline, key expiry, tags, update status. Optional |
| ts_deviceA | Full detail for a single device: addresses, OS, client version, key status, tags, user. Single-record fetch — server-side filter is |
| ts_device_routesA | Routes for a device: advertised subnets, approved/unapproved status. Emits a DD-338 |
| ts_dnsB | DNS configuration: nameservers, MagicDNS status, search paths, split DNS rules. |
| ts_aclA | ACL policy summary: groups, rules, SSH rules, tag owners. Shows who can talk to whom. |
| ts_acl_validateA | Validate an ACL policy without applying it. Returns errors or 'passed'. |
| ts_acl_setA | Apply (POST) a full ACL policy to the tailnet. Requires TAILSCALE_WRITE_ENABLED=true. Always validates the policy first and refuses to apply on validation failure.
By default uses optimistic concurrency: the current ETag is sent as |
| ts_keysA | List auth keys: ID, description, reusable/ephemeral/preauth flags, tags, expiry. Optional |
| ts_usersA | List users: name, login, role, status, device count, online/last seen. Sorted by case-folded loginName ascending (numeric id tie-break). |
| ts_webhooksA | List configured webhooks: endpoint URL, event subscriptions, created date. Sorted by endpointId ascending. |
| ts_audit_logA | Configuration audit log: who changed what, when. Recent entries first. Optional |
| ts_authorize_deviceA | Authorize or deauthorize a device. Requires TAILSCALE_WRITE_ENABLED=true. |
| ts_set_tagsA | Set ACL tags on a device. Replaces existing tags. Requires TAILSCALE_WRITE_ENABLED=true. |
| ts_expire_deviceA | Force key expiry on a device — it must re-authenticate. Requires TAILSCALE_WRITE_ENABLED=true. |
| ts_approve_routesA | Approve subnet routes on a device. Requires TAILSCALE_WRITE_ENABLED=true. Default (
|
| ts_create_keyA | Create a new auth key. Requires TAILSCALE_WRITE_ENABLED=true. |
| ts_delete_keyA | Revoke an auth key. Requires TAILSCALE_WRITE_ENABLED=true and confirm=true. |
| ts_delete_deviceA | Delete a device from the tailnet. Requires TAILSCALE_WRITE_ENABLED=true and confirm=true. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Groupthink-dev/tailscale-blade-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server