EXTENSIONS

Full OPNsense management via REST API — system status, interfaces, DNS, tunables, services, firmware/plugins, firewall states, DHCP leases, ARP table, Tailscale, WireGuard, and raw API passthrough. Replaces MCP server.

Eero mesh WiFi management via cloud API — network health, per-node status, per-client band/signal/channel diagnostics, speed tests, settings management, and raw API passthrough. Reverse-engineered from the eero mobile app API.

Azure infrastructure management via az CLI — 23 model types covering compute, networking, data, security, identity, monitoring, DNS, DevOps, and subscription-wide topology with Mermaid diagrams and cost estimation.

Tailnet health reporting — find devices running outdated Tailscale clients and alert via Slack

Inspect VPC networking resources that commonly generate hidden costs:

AWS cost audit workflow — identifies infrastructure waste by combining

Install Tailscale on remote VMs over SSH and sync tailnet machine inventory from tailscale status JSON into per-machine resources.

General-purpose SSH operations — exec, upload, wait for connection (https://github.com/keeb/swamp-ssh)

Configure nginx as a TCP/UDP stream proxy on a remote host over SSH, with bootstrap and per-service proxy configuration.

Peplink router management — WAN status, cellular signal diagnostics, band/carrier scanning, SpeedFusion Connect monitoring, Starlink dish control, and raw API passthrough. Works with any Peplink router running firmware 8.5+.

Scan listening ports with process, framework, project, uptime, and health enrichment — plus cleanup of orphaned listeners

Tailscale tailnet management — 10 model types covering devices, users, ACLs, DNS, auth keys, webhooks, settings, contacts, posture, and log config. 22 workflows for device inventory, user lifecycle, ACL audit, security audit, compliance, incident response, monitoring, and more. Fix: OAuth token cache now keys on credentials so different tailnets/OAuth clients no longer share tokens.