# zrok (Open-Source Tunnel) MCP

> zrok (Open-Source Tunnel) manages secure network tunnels, letting you expose local development services—like web servers or databases—to the outside world. It handles everything from creating public shares to managing entire isolated environments, so your AI agent can act like a remote DevOps engineer for your machine.

## Overview
- **Category:** developer-tools
- **Price:** Free
- **Tags:** tunneling, reverse-proxy, open-source, network-security, remote-access

## Description

Need to show a client your local staging environment? You don't have to mess with firewalls and complex VPNs anymore. This MCP lets you use natural language to build secure connections from your laptop or development box right out of the gate. Your AI agent handles the entire network plumbing, creating temporary shares for HTTP sites, TCP ports, or UDP streams on demand. It manages multiple isolated environments, letting you keep production services separate from dev testing without ever needing manual command-line work. Because credentials pass through a zero-trust proxy in Vinkius, your keys are only used when needed; they never sit on disk. You just tell your agent what to expose—whether it's listing all active tunnels or deleting an old share—and the connection happens securely.

## Tools

### get_account
Retrieves your account status, usage limits, and billing information.

### create_share
Creates a new tunnel share that can be set as either publicly or privately accessible.

### delete_share
Closes and removes an existing public or private resource share.

### disable_environment
Takes a registered environment offline, preventing any new shares from being created within it.

### enable_environment
Activates an existing development environment and makes its resources available for tunneling.

### get_share
Fetches all the current details for one specific, active share or tunnel.

### list_environments
Returns a list of every environment currently registered with your zrok account.

### list_shares
Provides an overview of all active and running network shares across all environments.

### login_account
Authenticates your credentials and obtains a necessary token to connect services.

### register_account
Sets up a brand new zrok account profile for initial use on the platform.

## Prompt Examples

**Prompt:** 
```
List all the environments enabled on my zrok account.
```

**Response:** 
```
I've retrieved your environments. You have 2 active environments: 'MacBook-Pro-Local' (Token: env_abc123) and 'Ubuntu-Server-Prod' (Token: env_xyz789).
```

**Prompt:** 
```
Create a public proxy share for my local port 8000.
```

**Response:** 
```
Creating share... Done! Your local service at http://localhost:8000 is now publicly accessible at https://random-name.share.zrok.io. The share token is 'sh_98765'.
```

**Prompt:** 
```
Check my zrok account status and limits.
```

**Response:** 
```
Fetching account details... Your account is active. You are currently using 3 out of 10 allowed environments and 5 out of 20 allowed shares. Your data transfer for this period is at 15%.
```

## Capabilities

### List Active Environments
Checks which virtual environments are currently registered and available for tunneling.

### Enable Environment
Activates a new development environment, making your local machine visible to the zrok controller.

### Create Public Shares
Generates an immediate, temporary public URL for any specific local port (HTTP/TCP/UDP).

### Get Share Details
Retrieves the current status, public URL, and specific configuration of a live tunnel.

### Delete Tunnel Shares
Closes down an active share or tunnel immediately when testing is done.

## Use Cases

### Debugging API Endpoints
A developer needs to test their new user registration API running on localhost:3000. Instead of configuring a VPN for the QA team, they ask their agent to use `create_share` for port 3000. The AI provides a temporary public URL that the QA team can use immediately.

### Migrating Staging Services
A DevOps engineer needs to validate connectivity between two isolated staging databases (one on VM A, one on container B). They first run `list_environments` and then instruct the agent to create shares for both ports, confirming full cross-platform access before migration.

### Handling Temporary Webhooks
A service requires a webhook endpoint but only runs locally on port 80. The engineer uses `create_share` to generate a public link for that single hour, ensuring the endpoint is available just long enough for the integration test.

### Cleaning Up Test Infrastructure
After a massive testing cycle involving multiple services and environments, the engineer calls `list_shares` to confirm all tunnels are visible, then systematically uses `delete_share` on every entry. This prevents accidental public exposure.

## Benefits

- Avoid manual firewall configuration. With `create_share`, your agent can instantly expose a local dev web server without you touching the OS settings or network rules.
- Maintain clean environments easily. You can use `list_environments` to see what's active, and then `disable_environment` if a project phase is finished, preventing accidental access.
- Get instant visibility into your setup. Running `list_shares` shows you every tunnel currently live—you don't have to SSH into multiple machines just to check status.
- Secure credential handling: Credentials pass through a zero-trust proxy in Vinkius, meaning the keys are only used during the call and never stored on disk. You get powerful access with minimal risk.
- Control your resources completely. When a share is done, calling `delete_share` immediately tears down the public endpoint, preventing resource leakage or forgotten tunnels.

## How It Works

The bottom line is you manage network exposure using simple conversation instead of complex shell commands.

1. First, you authenticate your account with the MCP to get a secure token.
2. Next, tell the agent which environment needs access and use it to create a temporary share for your local service.
3. Finally, once testing is complete, instruct the agent to delete the share, closing the public tunnel entirely.

## Frequently Asked Questions

**How do I create a public tunnel for my local web server?**
Use the `create_share` tool. Specify the `backend` (e.g., http://localhost:8080), set `share_mode` to 'public', and `backend_mode` to 'proxy'. The agent will return the public URL.

**Can I see all my currently active tunnels across all environments?**
Yes! Run the `list_shares` tool. It will retrieve a list of all active shares associated with your account, including their tokens and backend configurations.

**How do I stop an environment from being active in zrok?**
You can use the `disable_environment` tool. This will remove the environment registration from the zrok controller, effectively disconnecting that machine or container.

**How do I get started with my zrok account using `register_account`?**
You use `register_account` to establish your initial presence on the platform. This process handles creating the necessary credentials and links your local machine to the zrok controller so you can start managing environments.

**What information does `get_account` provide about my usage limits?**
`get_account` gives you a full overview of your quota. You'll see exactly how many environments and shares you've used against your allowed limits, plus any current data transfer statistics.

**If I need to inspect details about one tunnel, how do I use `get_share`?**
`get_share` retrieves the specific parameters for an existing share. It confirms if the service is running and provides its exact public endpoint URL along with the protocol type (HTTP/TCP/UDP).

**How do I start using an environment with `enable_environment`?**
`enable_environment` activates a machine or container that has already been registered. This moves the environment from a dormant state to fully operational, allowing you to create new shares on it.

**What happens when I run `delete_share`?**
`delete_share` instantly takes a public tunnel offline and revokes all external access. This is critical for cleaning up resources or securing services that are no longer needed immediately.