Skip to content
Last updated July 2, 2026

MCP Tailnet Manager

MCP Tailnet Manager is a desktop app that opens a local MCP bridge for any of your servers, so an AI coding agent — Claude Code, Codex, Cursor, Windsurf, OpenCode — can work on the host directly over SSH. No cloud round-trip, no HostAtlas agent on the server, no third party sees your commands or files.

Built with Tauri 2 + React 19 + Rust, mirroring the SSH Client stack.

  1. Keep a local server list — add hosts by IP or hostname, or discover them via Tailscale if it’s installed locally
  2. Open an MCP server for a chosen host — the app tests the SSH connection with your local key, starts a local MCP bridge process, and registers the allowed tools / paths / commands for that host
  3. Point your agent at the local endpoint — commands run on the remote over your direct SSH connection

Download the installer for your platform from the GitHub Releases page or from install.hostatlas.app:

PlatformFile
macOS (Apple Silicon).dmg bundle at install.hostatlas.app/mcp-tailnet/latest/
macOS (Intel).dmg bundle
Linux (x86_64).deb or .AppImage
Windows (x86_64).msi installer

Each release also ships a standalone mcp-tailnet bridge binary per platform — that’s the process AI agents launch to actually talk to a host (see below).

The top-level https://install.hostatlas.app/mcp-tailnet/version.json carries the full list under binaries[] (filename, size, sha256, url) and both folders publish a files.json sidecar for checksum verification.

The app never touches key material. It does not generate, store, deploy, or sync SSH keys, passphrases, or passwords. It uses the SSH keys already installed locally:

  • ~/.ssh — private keys
  • ssh-agent — running key agent
  • ~/.ssh/config — host-specific settings
  • ~/.ssh/known_hosts — host-key verification

If the local ssh command works for a host, so does the app. With Tailscale, connect over the tailnet IP or hostname just like you would with any other SSH client.

mcp-tailnet is a standalone binary that speaks the MCP protocol (JSON-RPC 2.0 over stdio) and proxies every tool call to a remote host over direct SSH — using the system ssh binary with a shared ControlMaster connection for speed.

An AI agent launches it on demand:

Terminal window
mcp-tailnet serve --server <host>
ToolDescription
list_directoryList a directory on the remote host
read_fileRead a file’s contents
write_fileWrite a file (subject to require_approval gate)
search_filesSearch recursively for a pattern in files
execute_commandRun a shell command (whitelist-enforced)
git_statusGet git status output from a repository on the host

Enforcement (in the bridge itself, not in the app)

Section titled “Enforcement (in the bridge itself, not in the app)”
  • Global forbidden denylistrm -rf /, mkfs, shutdown, and other catastrophic commands are always blocked, no override
  • allowed_paths — file operations must stay within the configured directories
  • allowed_commandsexecute_command is checked against the per-host whitelist
  • require_approval — blocks write_file calls until the user approves them, when set

Enforcement lives in the bridge process, not in the app UI. Killing the app doesn’t unlock the bridge, and the bridge is what your AI agent actually talks to.

Every release publishes mcp-tailnet-<os>-<arch> alongside the app bundle. Put it somewhere your AI agent can find it:

Terminal window
# macOS / Linux — from install.hostatlas.app
sudo curl -fsSL https://install.hostatlas.app/mcp-tailnet/latest/mcp-tailnet-$(uname -s | tr A-Z a-z)-$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') \
-o /usr/local/bin/mcp-tailnet && sudo chmod +x /usr/local/bin/mcp-tailnet

The Agents tab in the app gives you the exact config snippet per client — Claude Code, Codex, Cursor, Windsurf, or OpenCode — with the right path and args pre-filled.

Standalone-only for v1. You add servers, connect, open the MCP bridge, and talk through it. HostAtlas login and server-list sync are deferred to a later release (which will move to Akyros ID SSO). The app UI shows a “Standalone” state until then.

The MCP bridge speaks the protocol and executes tools over SSH today. Audit-log capture from live tool calls is the next piece on the roadmap.

  • macOS 11+, Windows 10+, or a modern Linux distribution with WebKitGTK 4.1
  • The system ssh command available on your PATH
  • (Optional) Tailscale locally installed if you want the tailnet-discovery feature
  • SSH Client — the human-facing sibling app; same stack, terminal-first
  • MCP Server — exposes the HostAtlas platform API (not per-host SSH access) to your AI agent
Was this page helpful?