# ZeroTier MCP

> ZeroTier MCP lets your AI agent manage entire virtual networks, acting as an automated interface to ZeroTier Central and local nodes. You can list global networks, authorize specific members, check local node status, or manually join/leave project-specific VPNs—all without touching a dashboard. It's full network control for your agent.

## Overview
- **Category:** developer-tools
- **Price:** Free
- **Tags:** software-defined-networking, vpn, network-management, remote-access, infrastructure-as-code

## Description

This MCP connects your AI client directly to the operational side of ZeroTier. Think of it as giving your agent a command line view into your entire software-defined networking setup, bridging the gap between central management and local node operations.

Your agent can list all global networks and fetch detailed configurations from Central. It also handles immediate member authorization or de-authorization for nodes on private networks using their Member IDs. On the local machine side, you can check network status, join a specific virtual network, or discover known peers to troubleshoot connectivity issues in real time. Since Vinkius manages all credentials through a zero-trust proxy, your keys never sit on a disk; they only pass through for immediate use when communicating with ZeroTier Central.

The real power is chaining this MCP with other services—for instance, combining it with a messaging MCP to automatically notify a team member whenever `update_central_network_member` fails. You build automations that span multiple platforms using your agent.

## Tools

### list_central_network_members
Retrieves a list of every member currently associated with a specified ZeroTier Central network.

### get_central_network
Retrieves detailed configuration information for a specific ZeroTier Central network.

### list_central_networks
Lists all virtual networks managed under the primary ZeroTier Central account.

### update_central_network_member
Modifies the configuration or authorization status of a member in a ZeroTier Central network.

### list_controller_network_members
Retrieves a list of members on a network managed by a local controller instance.

### list_controller_networks
Lists all networks that are being programmatically managed by the local controller.

### update_controller_network_member
Authorizes or configures a specific member within a locally managed network.

### update_controller_network
Creates or modifies an entire network configuration on a local controller instance.

### join_local_network
Connects the local machine to a specified ZeroTier virtual network.

### leave_local_network
Disconnects the local node from its current ZeroTier virtual network.

### list_local_networks
Displays all virtual networks that the current local ZeroTier node is a member of.

### list_local_peers
Lists every known peer and available network path directly from the local machine's perspective.

### get_local_status
Gets the current operational status and version of the local ZeroTier node running on this machine.

## Prompt Examples

**Prompt:** 
```
List all my ZeroTier Central networks.
```

**Response:** 
```
I've retrieved your networks. You have 2 active networks: 'Home-Lab' (ID: 8056c2e21c000001) and 'Office-VPN' (ID: a0c1b2c3d4e5f6g7).
```

**Prompt:** 
```
Authorize member 10a2b3c4d5 on network 8056c2e21c000001.
```

**Response:** 
```
Member 10a2b3c4d5 has been successfully authorized on network 8056c2e21c000001. They can now access the virtual network.
```

**Prompt:** 
```
What is the status of my local ZeroTier node?
```

**Response:** 
```
Your local node (Address: 9e8d7c6b5a) is ONLINE running version 1.12.2. It is currently joined to 1 network.
```

## Capabilities

### View Network Hierarchy
List every ZeroTier Central network or all networks the local node is currently connected to.

### Manage Membership
Authorize, de-authorize, or update specific member configurations across central and local controller networks.

### Check Local Connectivity
Determine the current operational status, version, and network membership of the machine running your agent.

### Change Network State
Programmatically join or leave a specific virtual network from your terminal via the AI agent.

### Discover Peers
List all known connected peers and available network paths to debug connectivity issues instantly.

## Use Cases

### Onboarding a new team member to the VPN
The agent runs: 'Authorize user 10a2b3c4d5 on network X.' This calls `update_central_network_member` and confirms they have access, eliminating manual administrative tasks.

### Debugging a failed remote connection
The agent runs: 'What are the peers for my current node?' This executes `list_local_peers`, providing an immediate map of known paths and helping diagnose why connectivity is failing.

### Auditing all active projects
Instead of manually checking every ZeroTier dashboard, you ask the agent to run `list_central_networks` and get a full inventory list for compliance checks.

### Switching work environments mid-day
You tell your agent: 'I need to switch to the QA network.' It executes `leave_local_network` followed by `join_local_network`, handling state changes automatically.

## Benefits

- You get centralized oversight: Use `list_central_networks` and `get_central_network` to see the status of all global networks in one go. No more opening multiple dashboards just to check IDs.
- Local troubleshooting is instant: Instead of running manual CLI commands, ask your agent what's wrong. It can use `list_local_peers` to map out connectivity issues immediately.
- Membership control becomes effortless: Need to authorize a node? Simply call `update_central_network_member` through the agent instead of navigating complex web forms.
- Resilience in design: You don't need central connectivity for everything. Use local tools like `join_local_network` and `list_local_peers` when you only need to manage your physical node status.
- Cross-platform automation: The true value is chaining this MCP with a messaging service. When `update_controller_network_member` runs, the agent can automatically send a success notification via Slack.
- Reduced friction: By connecting through Vinkius's zero-trust proxy, your credentials are used only in transit and never stored on disk, keeping your key management clean.

## How It Works

The bottom line is that you manage global area networks from natural language commands, making manual API calls obsolete.

1. First, connect your preferred AI client by providing the ZeroTier Central API Token (and optionally a local authtoken).
2. Next, instruct your agent to perform an action, like listing all networks or authorizing a member ID.
3. Finally, the MCP executes the command and returns structured data detailing network status or confirmation of the change.

## Frequently Asked Questions

**How do I check if my node is connected using get_local_status?**
The `get_local_status` tool gives you the current operational status, version number, and tells you exactly how many networks your local node is joined to. It's a quick health check.

**Can I list all my ZeroTier Central networks using list_central_networks?**
Yes, `list_central_networks` retrieves an inventory of every network ID and name managed under your main central account. It's the first step in auditing.

**What is the difference between list_local_peers and list_local_networks?**
`list_local_networks` tells you *which* virtual networks your node belongs to. `list_local_peers` lists the actual, known peer addresses and paths for troubleshooting connectivity.

**How do I manually authorize a member using update_central_network_member?**
You provide the target network ID and the Member ID you want to authorize. The tool attempts to modify the configuration, giving instant confirmation or an error code.

**How do I manage my connection state using `join_local_network` or `leave_local_network`?**
These tools handle the active joining or leaving of networks. Use `join_local_network` when you need to connect your node to a new virtual network ID, and use `leave_local_network` if you want to disconnect entirely.

**What information can I get about a specific network using `get_central_network`?**
This tool retrieves the full configuration details for one ZeroTier Central network. It’s useful when you know the ID and need to inspect the exact settings without listing all networks first.

**When should I use `list_controller_networks` versus listing central networks?**
The difference is scope: `list_central_networks` shows your global ZeroTier Central infrastructure. By contrast, `list_controller_networks` only lists the local network definitions managed by a dedicated controller attached to your machine.

**If I run into issues listing members using `list_central_network_members`, what should I check?**
First, verify the Network ID is correct. If the ID is valid but no members exist, the tool will return an empty list or a count of zero. Always ensure your API token has read access to that specific network.

**Can I authorize a new device to join my network using the AI?**
Yes. You can use the `update_central_network_member` tool. Just provide the Network ID and the Member ID, and set the authorized parameter to true.

**How do I check if my local ZeroTier service is running correctly?**
Ask the agent to run `get_local_status`. It will return your node's address, version, and online status directly from the local service.

**Can I see which peers my node is currently connected to?**
Yes, the `list_local_peers` tool retrieves all known peers and their connection paths from your local ZeroTier node.