MCP Servers

ziti-mcp-server

Manage OpenZiti zero-trust networks — through natural language

README

</div>

🚀 Getting Started • 🕸️ Architecture • 🔐 Authentication • 🛠️ Supported Tools • 🔒 Security • 🩺 Troubleshooting • 📋 Debug Logs • 👨‍💻 Development

</div>

The Ziti MCP Server is sponsored by NetFoundry as part of its portfolio of solutions for secure workloads and agentic computing. NetFoundry is the creator of OpenZiti and zrok.

MCP (Model Context Protocol) is an open protocol introduced by Anthropic that standardizes how large language models communicate with external tools, resources or remote services.

The Ziti MCP Server integrates with LLMs and AI agents, allowing you to perform various Ziti network management operations using natural language. For instance, you could simply ask Claude Desktop to perform Ziti management operations:

List which identities exist
Tell me if there are any exposures in the network
Do you see potential misconfigurations?
Which identities have access to the Demo1 service?
Create a new Ziti identity named "Demo" and get its ID
Log into my prod Ziti network using UPDB
Switch to the staging network
etc.

<br/>

🚀 Getting Started

Prerequisites:

Claude Desktop or any other MCP Client
OpenZiti network
Go 1.24+ (only if building from source)

<br/>

Install

Download a pre-built binary

Pre-built binaries are available for macOS, Linux, and Windows (amd64 and arm64) on the releases page.

macOS (Apple Silicon)

curl -sL https://github.com/openziti/ziti-mcp-server/releases/latest/download/ziti-mcp-server_darwin_arm64.tar.gz | tar xz
sudo mv ziti-mcp-server /usr/local/bin/

macOS (Intel)

curl -sL https://github.com/openziti/ziti-mcp-server/releases/latest/download/ziti-mcp-server_darwin_amd64.tar.gz | tar xz
sudo mv ziti-mcp-server /usr/local/bin/

Linux (amd64)

curl -sL https://github.com/openziti/ziti-mcp-server/releases/latest/download/ziti-mcp-server_linux_amd64.tar.gz | tar xz
sudo mv ziti-mcp-server /usr/local/bin/

Linux (arm64)

curl -sL https://github.com/openziti/ziti-mcp-server/releases/latest/download/ziti-mcp-server_linux_arm64.tar.gz | tar xz
sudo mv ziti-mcp-server /usr/local/bin/

Windows

Download the appropriate .zip from the releases page and add the extracted ziti-mcp-server.exe to your PATH.

Build from source

go install github.com/openziti/ziti-mcp-server/cmd/ziti-mcp-server@latest

Register with your AI Client

Use install to register the Ziti MCP Server with your AI client. This only updates the client's configuration file — it does not authenticate. Use the runtime login tools or init for that.

# Register with Claude Desktop (default)
ziti-mcp-server install

# Register with a specific client
ziti-mcp-server install --client claude-code
ziti-mcp-server install --client cursor
ziti-mcp-server install --client windsurf
ziti-mcp-server install --client vscode
ziti-mcp-server install --client warp

# Register with read-only tools only
ziti-mcp-server install --read-only

# Register with specific tool patterns
ziti-mcp-server install --tools '*Identit*,list*'

After installing, restart your AI client and use the runtime login tools to authenticate (e.g., ask: "Log into my Ziti network at ctrl.example.com with username admin").

Start and Log In

The server can start with no prior configuration. The AI agent can log into networks at runtime using the built-in login tools:

ziti-mcp-server run

Then in your AI client, simply ask:

Log into my Ziti network at 192.168.1.100:1280 with username admin and password admin

For non-interactive or automated setups, use init to pre-configure credentials before starting:

ziti-mcp-server init \
  --auth-mode updb \
  --ziti-controller-host <your-controller-host> \
  --username <username> \
  --password <password> \
  --profile prod

See Authentication for all supported modes (UPDB, device auth, client credentials, identity file).

Manual Client Configuration

The install command handles client configuration automatically. If you need to configure an MCP client manually, add this to its configuration and restart:

{
  "mcpServers": {
    "ziti": {
      "command": "/path/to/ziti-mcp-server",
      "args": ["run"],
      "capabilities": ["tools"],
      "env": {
        "OPENZITI_MCP_DEBUG": "true"
      }
    }
  }
}

You can add --tools '<pattern>' and/or --read-only to the args array to control which tools are available. See Restricting Tool Access.

Verify your integration

Restart your MCP Client (Claude Desktop, Windsurf, Cursor, Warp, etc.) and ask it to help you manage your Ziti network.

🕸️ Architecture

The Ziti MCP Server implements the Model Context Protocol, allowing clients (like Claude) to:

Request a list of available Ziti tools
Call specific tools with parameters
Receive structured responses from the Ziti Management API

The server handles authentication, request validation, and secure communication with the Ziti Management API.

[!NOTE] The server operates as a local process that connects to Claude Desktop, enabling secure communication without exposing your Ziti credentials.

🔐 Authentication

The Ziti MCP Server uses the Ziti Management API and requires authentication to access your Ziti network.

Authentication Modes

The server supports four authentication modes:

UPDB Mode (Username/Password)

Use this mode for direct username/password authentication against the Ziti controller:

ziti-mcp-server init \
  --auth-mode updb \
  --ziti-controller-host <your-controller-host> \
  --username <username> \
  --password <password>

Or at runtime via the AI agent using the loginUpdb tool.

Device Auth Mode (Interactive Login)

Use this mode for interactive browser-based login. Recommended for development and user-facing scenarios:

ziti-mcp-server init \
  --auth-mode device-auth \
  --ziti-controller-host <your-controller-host> \
  --idp-domain <your-idp-domain> \
  --idp-client-id <your-client-id> \
  --idp-audience <your-audience>

Or at runtime via the loginDeviceAuth tool (returns a verification URL for the user, then completeLogin to finish).

Client Credentials Mode (Service Account)

Use this mode for service accounts and automation. Recommended for production environments:

[!NOTE] Keep the token lifetime as minimal as possible to reduce security risks. See more

ziti-mcp-server init \
  --auth-mode client-credentials \
  --ziti-controller-host <your-controller-host> \
  --idp-domain <your-idp-domain> \
  --idp-client-id <your-client-id> \
  --idp-client-secret <your-client-secret>

Identity File Mode (mTLS Certificate)

Use this mode for certificate-based authentication with a Ziti identity JSON file. No IdP configuration is needed:

ziti-mcp-server init \
  --auth-mode identity \
  --identity-file <path-to-identity.json>

The identity file is a standard Ziti identity JSON file containing ztAPI, id.cert, id.key, and id.ca fields. The certificate material is extracted and stored in the config file. The identity file may be deleted after a successful init (for additional security, if desired).

[!IMPORTANT]

When using CLI init, it needs to be run whenever:

You're setting up the MCP Server for the first time

You've logged out from a previous session

You want to switch to a different Ziti network

Your token has expired

Alternatively, use the runtime login tools (loginUpdb, etc.) to authenticate without restarting the server.

Multi-Profile Support

The server supports multiple named network profiles, allowing you to manage several Ziti networks simultaneously:

# Pre-configure two profiles
ziti-mcp-server init --auth-mode updb --profile prod ...
ziti-mcp-server init --auth-mode updb --profile staging ...

# Start with a specific profile active
ziti-mcp-server run --profile prod

At runtime, the AI agent can:

Log into additional networks using loginUpdb, loginIdentity, etc.
List all networks using listNetworks
Switch between networks using selectNetwork
Log out from a network using logout

Credentials are stored in ~/.config/ziti-mcp-server/config.json with 0600 permissions.

Session Management

To see information about your current authentication session:

ziti-mcp-server session
ziti-mcp-server session --profile prod

Logging Out

ziti-mcp-server logout
ziti-mcp-server logout --profile prod

Or at runtime via the AI agent using the logout tool.

🛠️ Supported MCP Tools

The Ziti MCP Server provides 201 Ziti API tools plus 8 meta-tools for managing your Ziti network through natural language. Tools are organized by resource type.

Tip: Use --read-only or --tools patterns to expose only the tools you need. See Restricting Tool Access.

Meta-Tools (Network Management)

These tools are always available regardless of --tools or --read-only filtering.

Tool	Description
`loginUpdb`	Connect using username/password authentication
`loginIdentity`	Connect using a Ziti identity JSON (mTLS certificate)
`loginClientCredentials`	Connect using OAuth2 client credentials
`loginDeviceAuth`	Start OAuth2 device auth flow (returns verification URL)
`completeLogin`	Complete a pending device-auth login after browser approval
`logout`	Disconnect from a Ziti network (clear profile credentials)
`listNetworks`	List all configured network profiles with connection status
`selectNetwork`	Switch the active network profile

Tool Categories

Category	Tools	Description
Identities	22	CRUD, relationships, lifecycle, posture, tracing
Services	12	CRUD and relationship queries
Edge Routers	11	CRUD, relationships, re-enrollment
Edge Router Policies	7	CRUD and relationship queries
Service Edge Router Policies	7	CRUD and relationship queries
Service Policies	8	CRUD and relationships (Dial/Bind)
Configs	6	CRUD and service relationships
Config Types	6	CRUD and config queries
Auth Policies	5	CRUD (primary/secondary auth settings)
Authenticators	5	CRUD (updb/cert)
Certificate Authorities	7	CRUD, JWT retrieval, verification
External JWT Signers	5	CRUD for external JWT signers
Posture Checks	8	CRUD, types, and role attributes
Routers	5	CRUD for fabric routers
Transit Routers	5	CRUD for transit routers
Terminators	5	CRUD for terminators
Enrollments	5	CRUD and refresh
Controller Settings	6	CRUD and effective value queries
Controllers & System Info	4	Version, capabilities, summary
Sessions & API Sessions	6	List, detail, delete
Identity Types	2	List and detail
Fabric (Routers, Services, …)	34	Fabric-layer CRUD, circuits, links, cluster, DB snapshots

See docs/tools.md for the full tool reference with detailed tables and example prompts.

Example Prompts

Show me all Ziti identities
Which identities have access to the Demo1 service?
Create a new identity called 'demo-admin' and make it an admin
List all edge routers and their status
Show me all Dial service policies
What version is the Ziti controller running?
Give me a summary of the network — how many identities, services, and routers exist?
Create a Bind policy for the 'my-api' service

🔒 Security

Restricting Tool Access

When configuring the Ziti MCP Server, limit tool access based on your specific needs:

# Enable only read-only operations
ziti-mcp-server run --read-only

# Alternative way to enable only read-only operations
ziti-mcp-server run --tools 'list*,get*'

# Limit to just identity-related tools
ziti-mcp-server run --tools '*Identit*'

# Limit to read-only identity-related tools
ziti-mcp-server run --tools '*Identit*' --read-only

# Run the server with all tools enabled
ziti-mcp-server run --tools '*'

[!IMPORTANT] When both --read-only and --tools flags are used together, the --read-only flag takes priority for security. Meta-tools (login, logout, listNetworks, selectNetwork) are always available regardless of filtering.

This approach offers several important benefits:

Enhanced Security: Limiting available tools reduces the potential attack surface.
Better Performance: Fewer tools means less context window usage for tool reasoning.
Resource-Based Access Control: Configure different instances with different tool sets.
Simplified Auditing: Easier to track which operations were performed.

Credential Storage

Credentials are stored in ~/.config/ziti-mcp-server/config.json with 0600 permissions
The config file is never world-readable
Authentication supports OAuth 2.0 device authorization, client credentials, mTLS certificates, and UPDB
Easy credential removal via logout command or tool

[!IMPORTANT] For security best practices, always log out when you're done with a session or switching between networks.

[!CAUTION] Always review the permissions requested during the authentication process to ensure they align with your security requirements.

Security Scanning

We recommend regularly scanning this server with community tools built to surface protocol-level risks:

mcpscan.ai — Web-based scanner for MCP endpoints
mcp-scan — CLI tool for evaluating server behavior

Reporting Issues

To provide feedback or report a bug, please raise an issue on our issue tracker.

🩺 Troubleshooting

Start troubleshooting by exploring all available commands and options:

ziti-mcp-server help

🚨 Common Issues

Authentication Failures
- Ensure you have the correct permissions in your Ziti network
- Try re-initializing with ziti-mcp-server init --auth-mode <mode> ...
- Or use the runtime login tools to re-authenticate
TLS Certificate Errors
- The server auto-fetches the controller's CA on login via the EST /cacerts endpoint
- If the CA fetch fails, add the controller CA to your system trust store
- Or re-login to trigger a fresh CA fetch
Client Can't Connect to the Server
- Restart your MCP client after configuration changes
- Check that the binary path in the client config is correct
Invalid Configuration Error
- This typically happens when no profile is active or credentials are missing
- Use listNetworks to check profile status
- Use a login tool or ziti-mcp-server init to authenticate

[!TIP] Most connection issues can be resolved by restarting both the server and your MCP client.

📋 Debug logs

Enable debug mode to view detailed logs:

export OPENZITI_MCP_DEBUG=true

Get detailed MCP Client logs from Claude Desktop:

# Follow logs in real-time
tail -n 20 -F ~/Library/Logs/Claude/mcp*.log

👨‍💻 Development

Building from Source

# Clone the repository
git clone https://github.com/openziti/ziti-mcp-server.git
cd ziti-mcp-server-go

# Build
go build ./cmd/ziti-mcp-server

# Run
./ziti-mcp-server run

Regenerating API Clients

The Ziti API clients in internal/gen/ are generated from OpenAPI specs using go-swagger:

make generate

Recommended Servers

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official

Featured

TypeScript

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official

Featured

Local

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official

Featured

TypeScript

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official

Featured

Python

E2B

Using MCP to run code via e2b.

Official

Featured

Neon Database

MCP server for interacting with Neon Management API and databases

Official

Featured

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official

Featured

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official

Featured