Can I use Tailscale as a CLI?

Yes. KosmoKrator exposes a Tailscale CLI through kosmo integrations:call and the provider shortcut command. Commands can return JSON for scripts, CI, and coding agents.

Can I expose Tailscale through MCP?

Yes. The KosmoKrator MCP gateway can expose selected Tailscale tools to clients such as Claude Code, Cursor, Codex, and other MCP-compatible tools.

Where are Tailscale credentials stored?

Tailscale credentials are configured in KosmoKrator's local integration settings and reused by CLI, Lua, and MCP gateway surfaces.

Can I deny write access for Tailscale MCP tools?

Yes. Start the gateway with --write=deny for read-only clients, or use ask/allow only for trusted workspaces.

productivity

Tailscale MCP Gateway for AI Agents

Expose Tailscale tools to Claude Code, Cursor, Codex, and other MCP clients through the local KosmoKrator MCP gateway.

Tailscale MCP Gateway

Expose Tailscale to MCP clients with `kosmokrator mcp:serve --integration=tailscale`.

If the client has never used KosmoKrator before, install it first, then register this integration as a stdio MCP server.

Install KosmoKrator

curl -fsSL https://raw.githubusercontent.com/OpenCompanyApp/kosmokrator/main/install.sh | bash

Install gateway entry

kosmokrator mcp:gateway:install --integration=tailscale --write=deny --json

MCP configuration

{
  "mcpServers": {
    "kosmokrator-tailscale": {
      "type": "stdio",
      "command": "kosmo",
      "args": [
        "mcp:serve",
        "--integration=tailscale",
        "--write=deny"
      ]
    }
  }
}

Serve manually

kosmokrator mcp:serve --integration=tailscale --write=deny

Client Notes

Use one scoped MCP gateway entry, then adapt the config location to the client or framework.

Claude Code Connect local KosmoKrator integrations to Claude Code through one scoped MCP gateway entry. Claude Code can launch the local kosmo binary directly from the project MCP config.

Cursor Expose selected local integrations to Cursor through KosmoKrator without configuring each service as its own MCP server. Use the same KosmoKrator install and integration credentials that power terminal and headless runs.

Codex Use KosmoKrator as a local MCP proxy for Codex so coding sessions can reach selected integrations with explicit write policy. Keep write access denied or ask-based unless the workspace is trusted.

OpenAI Agents SDK Attach KosmoKrator integration tools to OpenAI Agents SDK workflows through a local MCP gateway. Use headless JSON commands for CI-style execution and MCP for agent tool discovery.

Claude Agent SDK Give Claude Agent SDK workflows access to KosmoKrator integrations through a local MCP server. Use a narrow integration list so the agent does not load unrelated tools.

Vercel AI SDK Use KosmoKrator as a local integration gateway for Vercel AI SDK agents and scripts. Prefer CLI JSON calls when a workflow only needs one deterministic integration operation.

LangChain Bridge LangChain agents to local KosmoKrator integration tools through MCP or headless CLI calls. Keep the gateway scoped to the integration and operation class needed by the chain.

LangGraph Run KosmoKrator integration calls from LangGraph nodes while preserving local credentials and permissions. Headless CLI calls fit repeatable graph edges; MCP fits exploratory agent nodes.

CrewAI Expose KosmoKrator integrations to CrewAI workers as scoped local tools. Use per-worker integration scopes to avoid giving every worker every tool.

Generic MCP Clients Connect any stdio-compatible MCP client to local KosmoKrator integration tools. Start with read-only write policy and expand only for trusted projects.

MCP Tool Names

KosmoKrator exposes integration tools through the gateway with stable names.

MCP tool	Source function	Type
`integration__tailscale__tailscale_list_tailnet_devices`	`tailscale.tailscale_list_tailnet_devices`	Read `read`
`integration__tailscale__tailscale_batch_update_custom_device_posture_attributes`	`tailscale.tailscale_batch_update_custom_device_posture_attributes`	Write `write`
`integration__tailscale__tailscale_get_device`	`tailscale.tailscale_get_device`	Read `read`
`integration__tailscale__tailscale_delete_device`	`tailscale.tailscale_delete_device`	Write `write`
`integration__tailscale__tailscale_expire_device_key`	`tailscale.tailscale_expire_device_key`	Write `write`
`integration__tailscale__tailscale_list_device_routes`	`tailscale.tailscale_list_device_routes`	Read `read`
`integration__tailscale__tailscale_set_device_routes`	`tailscale.tailscale_set_device_routes`	Write `write`
`integration__tailscale__tailscale_authorize_device`	`tailscale.tailscale_authorize_device`	Write `write`
`integration__tailscale__tailscale_set_device_name`	`tailscale.tailscale_set_device_name`	Write `write`
`integration__tailscale__tailscale_set_device_tags`	`tailscale.tailscale_set_device_tags`	Write `write`
`integration__tailscale__tailscale_update_device_key`	`tailscale.tailscale_update_device_key`	Write `write`
`integration__tailscale__tailscale_set_device_ip`	`tailscale.tailscale_set_device_ip`	Write `write`
`integration__tailscale__tailscale_get_device_posture_attributes`	`tailscale.tailscale_get_device_posture_attributes`	Read `read`
`integration__tailscale__tailscale_set_custom_device_posture_attributes`	`tailscale.tailscale_set_custom_device_posture_attributes`	Write `write`
`integration__tailscale__tailscale_delete_custom_device_posture_attributes`	`tailscale.tailscale_delete_custom_device_posture_attributes`	Write `write`
`integration__tailscale__tailscale_list_device_invites`	`tailscale.tailscale_list_device_invites`	Read `read`
`integration__tailscale__tailscale_create_device_invites`	`tailscale.tailscale_create_device_invites`	Write `write`
`integration__tailscale__tailscale_list_user_invites`	`tailscale.tailscale_list_user_invites`	Read `read`
`integration__tailscale__tailscale_create_user_invites`	`tailscale.tailscale_create_user_invites`	Write `write`
`integration__tailscale__tailscale_get_user_invite`	`tailscale.tailscale_get_user_invite`	Read `read`
`integration__tailscale__tailscale_delete_user_invite`	`tailscale.tailscale_delete_user_invite`	Write `write`
`integration__tailscale__tailscale_resend_user_invite`	`tailscale.tailscale_resend_user_invite`	Write `write`
`integration__tailscale__tailscale_get_device_invite`	`tailscale.tailscale_get_device_invite`	Read `read`
`integration__tailscale__tailscale_delete_device_invite`	`tailscale.tailscale_delete_device_invite`	Write `write`
`integration__tailscale__tailscale_resend_device_invite`	`tailscale.tailscale_resend_device_invite`	Write `write`
`integration__tailscale__tailscale_accept_device_invite`	`tailscale.tailscale_accept_device_invite`	Write `write`
`integration__tailscale__tailscale_list_configuration_audit_logs`	`tailscale.tailscale_list_configuration_audit_logs`	Read `read`
`integration__tailscale__tailscale_list_network_flow_logs`	`tailscale.tailscale_list_network_flow_logs`	Read `read`
`integration__tailscale__tailscale_get_log_streaming_status`	`tailscale.tailscale_get_log_streaming_status`	Read `read`
`integration__tailscale__tailscale_get_log_streaming_configuration`	`tailscale.tailscale_get_log_streaming_configuration`	Read `read`
`integration__tailscale__tailscale_set_log_streaming_configuration`	`tailscale.tailscale_set_log_streaming_configuration`	Write `write`
`integration__tailscale__tailscale_disable_log_streaming`	`tailscale.tailscale_disable_log_streaming`	Write `write`
`integration__tailscale__tailscale_get_aws_external_id`	`tailscale.tailscale_get_aws_external_id`	Write `write`
`integration__tailscale__tailscale_validate_aws_external_id`	`tailscale.tailscale_validate_aws_external_id`	Write `write`
`integration__tailscale__tailscale_list_dns_nameservers`	`tailscale.tailscale_list_dns_nameservers`	Read `read`
`integration__tailscale__tailscale_set_dns_nameservers`	`tailscale.tailscale_set_dns_nameservers`	Write `write`
`integration__tailscale__tailscale_get_dns_preferences`	`tailscale.tailscale_get_dns_preferences`	Read `read`
`integration__tailscale__tailscale_set_dns_preferences`	`tailscale.tailscale_set_dns_preferences`	Write `write`
`integration__tailscale__tailscale_list_dns_search_paths`	`tailscale.tailscale_list_dns_search_paths`	Read `read`
`integration__tailscale__tailscale_set_dns_search_paths`	`tailscale.tailscale_set_dns_search_paths`	Write `write`
`integration__tailscale__tailscale_get_split_dns`	`tailscale.tailscale_get_split_dns`	Read `read`
`integration__tailscale__tailscale_set_split_dns`	`tailscale.tailscale_set_split_dns`	Write `write`
`integration__tailscale__tailscale_update_split_dns`	`tailscale.tailscale_update_split_dns`	Write `write`
`integration__tailscale__tailscale_get_dns_configuration`	`tailscale.tailscale_get_dns_configuration`	Read `read`
`integration__tailscale__tailscale_set_dns_configuration`	`tailscale.tailscale_set_dns_configuration`	Write `write`
`integration__tailscale__tailscale_list_tailnet_keys`	`tailscale.tailscale_list_tailnet_keys`	Read `read`
`integration__tailscale__tailscale_create_key`	`tailscale.tailscale_create_key`	Write `write`
`integration__tailscale__tailscale_get_key`	`tailscale.tailscale_get_key`	Read `read`
`integration__tailscale__tailscale_set_key`	`tailscale.tailscale_set_key`	Write `write`
`integration__tailscale__tailscale_delete_key`	`tailscale.tailscale_delete_key`	Write `write`
`integration__tailscale__tailscale_get_policy_file`	`tailscale.tailscale_get_policy_file`	Read `read`
`integration__tailscale__tailscale_set_policy_file`	`tailscale.tailscale_set_policy_file`	Write `write`
`integration__tailscale__tailscale_preview_rule_matches`	`tailscale.tailscale_preview_rule_matches`	Write `write`
`integration__tailscale__tailscale_validate_and_test_policy_file`	`tailscale.tailscale_validate_and_test_policy_file`	Write `write`
`integration__tailscale__tailscale_get_posture_integrations`	`tailscale.tailscale_get_posture_integrations`	Read `read`
`integration__tailscale__tailscale_create_posture_integration`	`tailscale.tailscale_create_posture_integration`	Write `write`
`integration__tailscale__tailscale_get_posture_integration`	`tailscale.tailscale_get_posture_integration`	Read `read`
`integration__tailscale__tailscale_update_posture_integration`	`tailscale.tailscale_update_posture_integration`	Write `write`
`integration__tailscale__tailscale_delete_posture_integration`	`tailscale.tailscale_delete_posture_integration`	Write `write`
`integration__tailscale__tailscale_list_users`	`tailscale.tailscale_list_users`	Read `read`
`integration__tailscale__tailscale_get_user`	`tailscale.tailscale_get_user`	Read `read`
`integration__tailscale__tailscale_update_user_role`	`tailscale.tailscale_update_user_role`	Write `write`
`integration__tailscale__tailscale_approve_user`	`tailscale.tailscale_approve_user`	Write `write`
`integration__tailscale__tailscale_suspend_user`	`tailscale.tailscale_suspend_user`	Write `write`
`integration__tailscale__tailscale_restore_user`	`tailscale.tailscale_restore_user`	Write `write`
`integration__tailscale__tailscale_delete_user`	`tailscale.tailscale_delete_user`	Write `write`
`integration__tailscale__tailscale_get_contacts`	`tailscale.tailscale_get_contacts`	Read `read`
`integration__tailscale__tailscale_update_contact`	`tailscale.tailscale_update_contact`	Write `write`
`integration__tailscale__tailscale_resend_contact_verification_email`	`tailscale.tailscale_resend_contact_verification_email`	Write `write`
`integration__tailscale__tailscale_list_webhooks`	`tailscale.tailscale_list_webhooks`	Read `read`
`integration__tailscale__tailscale_create_webhook`	`tailscale.tailscale_create_webhook`	Write `write`
`integration__tailscale__tailscale_get_webhook`	`tailscale.tailscale_get_webhook`	Read `read`
`integration__tailscale__tailscale_update_webhook`	`tailscale.tailscale_update_webhook`	Write `write`
`integration__tailscale__tailscale_delete_webhook`	`tailscale.tailscale_delete_webhook`	Write `write`
`integration__tailscale__tailscale_test_webhook`	`tailscale.tailscale_test_webhook`	Write `write`
`integration__tailscale__tailscale_rotate_webhook_secret`	`tailscale.tailscale_rotate_webhook_secret`	Write `write`
`integration__tailscale__tailscale_get_tailnet_settings`	`tailscale.tailscale_get_tailnet_settings`	Read `read`
`integration__tailscale__tailscale_update_tailnet_settings`	`tailscale.tailscale_update_tailnet_settings`	Write `write`
`integration__tailscale__tailscale_list_services`	`tailscale.tailscale_list_services`	Read `read`
`integration__tailscale__tailscale_get_service`	`tailscale.tailscale_get_service`	Read `read`
`integration__tailscale__tailscale_update_service`	`tailscale.tailscale_update_service`	Write `write`
`integration__tailscale__tailscale_delete_service`	`tailscale.tailscale_delete_service`	Write `write`
`integration__tailscale__tailscale_list_service_hosts`	`tailscale.tailscale_list_service_hosts`	Read `read`
`integration__tailscale__tailscale_get_service_device_approval`	`tailscale.tailscale_get_service_device_approval`	Read `read`
`integration__tailscale__tailscale_update_service_device_approval`	`tailscale.tailscale_update_service_device_approval`	Write `write`

Write Access

Start with --write=deny for read-only MCP clients. Use --write=ask or --write=allow only when the client and workspace are trusted.