MCP Tailnet Manager
MCP Tailnet Manager is a desktop app that opens a local MCP bridge for any of your servers, so an AI coding agent — Claude Code, Codex, Cursor, Windsurf, OpenCode — can work on the host directly over SSH. No cloud round-trip, no HostAtlas agent on the server, no third party sees your commands or files.
Built with Tauri 2 + React 19 + Rust, mirroring the SSH Client stack.
What it does
Section titled “What it does”- Keep a local server list — add hosts by IP or hostname, or discover them via Tailscale if it’s installed locally
- Open an MCP server for a chosen host — the app tests the SSH connection with your local key, starts a local MCP bridge process, and registers the allowed tools / paths / commands for that host
- Point your agent at the local endpoint — commands run on the remote over your direct SSH connection
Install
Section titled “Install”Download the installer for your platform from the GitHub Releases page or from install.hostatlas.app:
| Platform | File |
|---|---|
| macOS (Apple Silicon) | .dmg bundle at install.hostatlas.app/mcp-tailnet/latest/ |
| macOS (Intel) | .dmg bundle |
| Linux (x86_64) | .deb or .AppImage |
| Windows (x86_64) | .msi installer |
Each release also ships a standalone mcp-tailnet bridge binary per platform — that’s the process AI agents launch to actually talk to a host (see below).
The top-level https://install.hostatlas.app/mcp-tailnet/version.json carries the full list under binaries[] (filename, size, sha256, url) and both folders publish a files.json sidecar for checksum verification.
Secure by design
Section titled “Secure by design”The app never touches key material. It does not generate, store, deploy, or sync SSH keys, passphrases, or passwords. It uses the SSH keys already installed locally:
~/.ssh— private keysssh-agent— running key agent~/.ssh/config— host-specific settings~/.ssh/known_hosts— host-key verification
If the local ssh command works for a host, so does the app. With Tailscale, connect over the tailnet IP or hostname just like you would with any other SSH client.
The MCP bridge (mcp-tailnet)
Section titled “The MCP bridge (mcp-tailnet)”mcp-tailnet is a standalone binary that speaks the MCP protocol (JSON-RPC 2.0 over stdio) and proxies every tool call to a remote host over direct SSH — using the system ssh binary with a shared ControlMaster connection for speed.
An AI agent launches it on demand:
mcp-tailnet serve --server <host>Available tools
Section titled “Available tools”| Tool | Description |
|---|---|
list_directory | List a directory on the remote host |
read_file | Read a file’s contents |
write_file | Write a file (subject to require_approval gate) |
search_files | Search recursively for a pattern in files |
execute_command | Run a shell command (whitelist-enforced) |
git_status | Get git status output from a repository on the host |
Enforcement (in the bridge itself, not in the app)
Section titled “Enforcement (in the bridge itself, not in the app)”- Global forbidden denylist —
rm -rf /,mkfs,shutdown, and other catastrophic commands are always blocked, no override allowed_paths— file operations must stay within the configured directoriesallowed_commands—execute_commandis checked against the per-host whitelistrequire_approval— blockswrite_filecalls until the user approves them, when set
Enforcement lives in the bridge process, not in the app UI. Killing the app doesn’t unlock the bridge, and the bridge is what your AI agent actually talks to.
Put the bridge on your PATH
Section titled “Put the bridge on your PATH”Every release publishes mcp-tailnet-<os>-<arch> alongside the app bundle. Put it somewhere your AI agent can find it:
# macOS / Linux — from install.hostatlas.appsudo curl -fsSL https://install.hostatlas.app/mcp-tailnet/latest/mcp-tailnet-$(uname -s | tr A-Z a-z)-$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/') \ -o /usr/local/bin/mcp-tailnet && sudo chmod +x /usr/local/bin/mcp-tailnetThe Agents tab in the app gives you the exact config snippet per client — Claude Code, Codex, Cursor, Windsurf, or OpenCode — with the right path and args pre-filled.
Status
Section titled “Status”Standalone-only for v1. You add servers, connect, open the MCP bridge, and talk through it. HostAtlas login and server-list sync are deferred to a later release (which will move to Akyros ID SSO). The app UI shows a “Standalone” state until then.
The MCP bridge speaks the protocol and executes tools over SSH today. Audit-log capture from live tool calls is the next piece on the roadmap.
Requirements
Section titled “Requirements”- macOS 11+, Windows 10+, or a modern Linux distribution with WebKitGTK 4.1
- The system
sshcommand available on yourPATH - (Optional) Tailscale locally installed if you want the tailnet-discovery feature
Related
Section titled “Related”- SSH Client — the human-facing sibling app; same stack, terminal-first
- MCP Server — exposes the HostAtlas platform API (not per-host SSH access) to your AI agent