NetStacks for VS Code

Overview

NetStacks for VS Code is the published Marketplace extension NetStacks.netstacks-vsce. It brings the full NetStacks network-engineering workflow — SSH/Telnet terminals, NetBox inventory, topology discovery, hover enrichment, an AI chat participant, and a Model Context Protocol (MCP) server — directly into your editor, with no separate desktop app required.

The extension ships its own NetStacks agent sidecar (the same Rust agent that powers the desktop Terminal) and runs it on an isolated data directory, so it is fully standalone. Saved sessions, the credential vault, NetBox sources, and topologies all live in the agent — VS Code is just the front end.

• Activity-bar views — AI Chat, Sessions, Topologies, and Status, in a dedicated NetStacks container.
• SSH & Telnet in the editor — each session opens as an editor-tab webview powered by xterm.js (WebGL renderer, search, web links).
• NetBox tree — browse inventory with lazy device loading and connect with one click.
• Credential vault — master-password unlock (plus optional Touch ID on macOS) gates every SSH connection and AI tool call.
• 17-tool MCP server — expose sessions, NetBox, SNMP, and DNS/WHOIS/ASN lookups to Claude Code, Cursor, Cline, and Continue.

Install

Install from the Visual Studio Marketplace, the Extensions view, or the command line.

From the Extensions view

1. Open the Extensions view (Ctrl/Cmd+Shift+X).
2. Search for NetStacks (publisher NetStacks, id NetStacks.netstacks-vsce).
3. Click Install, then reload if prompted.

From the command line

code --install-extension NetStacks.netstacks-vsce

After install, the NetStacks icon appears in the activity bar. On activation the extension starts its bundled agent, closes the right Auxiliary Bar, and focuses the Sessions view for a clean working surface (toggle this with Ctrl/Cmd+K Ctrl/Cmd+/).

The Activity Bar

NetStacks contributes a dedicated activity-bar container with four views:

AI Chat

A webview side panel for the @netstacks assistant. Shown when netstacks.ai.panel is enabled (the default). See AI Chat & @netstacks.

Sessions

Your saved SSH/Telnet sessions and folder hierarchy. Open, create, search, duplicate, clone tabs, and bulk-manage sessions here.

Topologies

NetBox sources and AI-generated topology diagrams. The view id is netstacks.netbox; it hosts both the NetBox inventory tree and discovered topologies.

Status

Agent and vault status, including the lock state and a quick path to unlock.

Sessions, Folders & Terminals

The Sessions view is the heart of the extension. Its title bar carries inline actions for Search, Open Local Terminal, New Session, New Folder, Refresh, and Settings. When the vault is locked or empty, a welcome panel offers Unlock Vault and New Session.

Connecting

Double-click a session (or use NetStacks: Open Session…) to launch it. The session opens as an editor-tab webview — a real xterm.js terminal with WebGL rendering, search, and clickable web links. The active terminal's editor title bar adds Change Terminal Theme… and Session Settings….

Hover enrichment

Hovering a MAC or IPv4 address in terminal output shows OUI (vendor) and PTR (reverse-DNS) tooltips, plus NetBox and Crawler data when those sources are configured. Toggle the sources individually with the netstacks.enrichment.sources.* settings.

Bulk operations

Right-click sessions to open several at once, move them to a folder, or set a credential profile across the selection:

• Open Selected Sessions — netstacks.session.bulkOpen
• Move Selected to Folder… — netstacks.session.bulkMoveToFolder
• Set Credential Profile… — netstacks.session.bulkSetProfile

Session logging & recording

Each session can write an ANSI-stripped .log audit trail and an asciicast .cast recording. Start and stop these from the command palette, or auto-start them on connect:

// settings.json — auto-start logging + recording on every connect
"netstacks.sessionLogs.startOnConnect": "log+rec"

// Files land under:
//   <root>/<session-name>/<YYYY-MM-DD>/<HH-MM-SS>.{log,cast}
// where <root> defaults to ${globalStorage}/session-logs/
// (override with "netstacks.sessionLogs.path")

Topologies & NetBox

The Topologies view (netstacks.netbox) manages NetBox sources and AI-authored network diagrams. Its title bar offers Discover Topology (SNMP / LLDP / CDP)… and Refresh Topologies.

NetBox sources

• Add NetBox Source… — netstacks.netbox.addSource. Enter the NetBox URL and an API token; the token is stored in the vault.
• Test Source and Sync to Sessions validate connectivity and turn discovered devices into saved sessions.
• Connect opens an SSH/Telnet session straight from a NetBox device node.

Topology discovery & AI enrichment

Discover Topology walks the network over SNMP plus LLDP/CDP and produces a draw.io diagram. Right-click a discovered topology for Enrich with AI, Re-discover, Open Audit JSON, and Reveal Diagram File. AI-generated .drawio files default to ${globalStorage}/topologies/ — override the folder with netstacks.topology.path.

Pick which model authors diagrams with NetStacks: Pick AI Model for Topology Enrichment… or the netstacks.ai.topologyModel setting.

Status & Vault

The credential vault protects every SSH connection and AI tool call. It must be unlocked before sessions can connect or the AI can execute commands.

Unlocking

• Unlock Vault — netstacks.vault.unlock (prompts for the master password).
• Lock Vault — netstacks.vault.lock.
• Set Master Password — netstacks.vault.setPassword.

Touch ID (macOS)

On macOS you can enable biometric unlock with Enable Touch ID Unlock. Control auto-unlock at startup via netstacks.vault.autoUnlockOnStart:

// settings.json
// "off"         — never auto-prompt; unlock on demand only
// "touchIdOnly" — auto-trigger Touch ID at startup IF enabled (default)
// "always"      — always prompt: Touch ID if enabled, else password
"netstacks.vault.autoUnlockOnStart": "touchIdOnly"

AI Chat & @netstacks

NetStacks registers a chat participant, @netstacks, and a set of language-model tools that VS Code's chat (Copilot Chat) and the built-in AI side panel can call. The participant specializes in network operations: sessions, NetBox, SNMP, and lookups.

Ways to ask

• AI Chat side panel — the webview view in the activity bar (gated by netstacks.ai.panel).
• @netstacks in Copilot Chat — type @netstacks in the VS Code chat input.
• Ask AI — Ctrl/Cmd+Shift+I from an editor or terminal, or the ✦ context button inside a session.
• Right-click in a terminal — Ask NetStacks AI About This Session or …About Selection.

What the AI can do

The language-model tools let the assistant list and inspect sessions, query NetBox (devices, IPs, sites, roles), run SNMP GET/WALK and read interface stats, perform OUI/DNS/WHOIS/ASN lookups, execute commands on a saved SSH session, read recent session output, render inline network diagrams, and open generated scripts or configs in a new editor tab. Mutating SSH commands and discovery batches require explicit confirmation; read-only commands auto-approve. Every command-running tool is vault-gated.

Choosing a model

// settings.json — model is "vendor:family"
"netstacks.ai.defaultModel": "claude-code:claude-sonnet-4-6",
"netstacks.ai.chatModel": "",        // override for the side panel
"netstacks.ai.topologyModel": "",    // override for diagram authoring
"netstacks.ai.maxToolRounds": 20      // tool-call rounds per turn

The MCP Server

The bundled agent serves a Model Context Protocol (MCP) endpoint over Streamable-HTTP, exposing 17 tools — session management, NetBox queries, SNMP operations, DNS/WHOIS/ASN lookups, and contextual information about your active terminal session — to any MCP-capable client (Claude Code, Cursor, Cline, Continue.dev).

The endpoint is loopback-only plain HTTP on 127.0.0.1, port 47826 by default (distinct from the desktop Terminal agent's 47824 so both can run at once). Plain HTTP is used because most MCP SDKs reject the agent's self-signed TLS cert; the same bearer token still gates every request.

# Endpoint shape (your token + port shown in the setup panel)
URL:    http://127.0.0.1:47826/mcp
Header: Authorization: Bearer <agent-token>

Run NetStacks: MCP Setup… (netstacks.mcp.showSetup) to open a panel with your live URL, token, and copy-paste config for each client. The token persists in your NetStacks data dir, so you configure once.

Claude Code

The MCP Setup panel generates a ready-to-run claude mcp add command. It registers the server as netstacks-vsce (not plain netstacks) so it never collides with the desktop app's own registration:

claude mcp add --scope user --transport http netstacks-vsce \
  http://127.0.0.1:47826/mcp \
  --header "Authorization: Bearer <agent-token>"

Use --scope project instead of --scope user to limit the server to a single workspace, then verify:

claude mcp list

For the Claude Desktop chat app, add the JSON config instead (path ~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "netstacks-vsce": {
      "url": "http://127.0.0.1:47826/mcp",
      "headers": {
        "Authorization": "Bearer <agent-token>"
      }
    }
  }
}

Cursor, Cline & Continue

All three use the same Streamable-HTTP endpoint and bearer header. The MCP Setup panel provides copy buttons for each.

Cursor

Add to <workspace>/.cursor/mcp.json:

{
  "mcpServers": {
    "netstacks-vsce": {
      "url": "http://127.0.0.1:47826/mcp",
      "headers": {
        "Authorization": "Bearer <agent-token>"
      }
    }
  }
}

Cline

Add via Cline's MCP settings UI (or <workspace>/.vscode/cline_mcp_settings.json). Cline wants an explicit transport type:

{
  "mcpServers": {
    "netstacks-vsce": {
      "type": "streamable-http",
      "url": "http://127.0.0.1:47826/mcp",
      "headers": {
        "Authorization": "Bearer <agent-token>"
      }
    }
  }
}

Continue.dev also supports Streamable-HTTP MCP — point it at the same URL and Authorization header.

Settings Reference

All settings live under the netstacks.* namespace. Open NetStacks: Open Settings… or edit settings.json directly. The most useful ones:

A compact starter block you can drop into your user settings.json:

{
  "netstacks.terminalTheme": "nord",
  "netstacks.scrollback": 20000,
  "netstacks.hoverLookups": true,
  "netstacks.vault.autoUnlockOnStart": "touchIdOnly",
  "netstacks.sessionLogs.startOnConnect": "log",
  "netstacks.ai.defaultModel": "claude-code:claude-sonnet-4-6",
  "netstacks.mcpPort": 47826
}

Standalone Agent & Data Dir

The extension bundles and supervises its own NetStacks agent binary, staged per platform at package time. It is independent of the desktop Terminal: each has its own vault, TLS cert, auth token, and — critically — its own lockfile, so the two agents never evict or clobber each other.

By default the extension stores everything under a VS Code-specific application directory, separate from the Tauri desktop app's com.netstacks.terminal:

# macOS
~/Library/Application Support/com.netstacks.vsce

# Linux
${XDG_DATA_HOME:-~/.local/share}/com.netstacks.vsce

# Windows
%APPDATA%\com.netstacks.vsce

To share a single set of sessions and credentials between the extension and another NetStacks install, point both at the same folder with netstacks.dataDir.

Port isolation at a glance

• Agent HTTPS — ephemeral by default (auto-discovered via the startup handshake); pin with netstacks.agentPort.
• MCP (plain HTTP) — 47826 (extension) vs 47824 (desktop Terminal).

Agent commands

• Restart Agent — netstacks.agent.restart
• Show Agent Logs — netstacks.agent.showLogs
• Rotate Agent Auth Token — netstacks.agent.rotateToken

Q&A

Do I need the NetStacks desktop app to use the extension?

No. The extension is fully standalone — it bundles its own agent and runs on its own data directory (com.netstacks.vsce). The desktop Terminal is optional and stays isolated when both are installed.

How do I connect Claude Code to the MCP server?

Run NetStacks: MCP Setup…, copy the claude mcp add command, and run it. It registers netstacks-vsce at http://127.0.0.1:47826/mcp with your bearer token. Verify with claude mcp list. See Claude Code.

How many tools does the MCP server expose?

17 — covering session management, NetBox queries, SNMP operations, DNS/WHOIS/ASN lookups, and active-session context. Inside VS Code chat, the @netstacks participant has access to an even broader set of language-model tools.

Why does the MCP endpoint use plain HTTP?

Most MCP SDKs reject the agent's self-signed TLS cert. The MCP listener is therefore plain HTTP bound to 127.0.0.1 only — never reachable off your machine — and the bearer token still authenticates every request. The rest of the agent API stays HTTPS.

Will the extension conflict with the desktop Terminal?

No. Different data dirs, different lockfiles, and different ports ( MCP 47826 vs 47824; HTTPS is ephemeral by default) keep the two agents fully independent.

How do I rotate the MCP token?

Run NetStacks: Rotate Agent Auth Token, then re-run MCP Setup… and paste the new token into every client. The old token is invalidated immediately.

Where are session logs and recordings stored?

Under ${globalStorage}/session-logs/<session>/<date>/<time>.{log,cast} by default. Override the root with netstacks.sessionLogs.path and auto-start with netstacks.sessionLogs.startOnConnect.

What VS Code version do I need?

VS Code 1.120 or newer. The extension activates on startup and runs as a workspace extension.

Related

• Installation — install the desktop Terminal and deploy the Controller.
• MCP Servers — how NetStacks consumes and exposes Model Context Protocol tools.
• AI Chat — the assistant, tool calls, and model selection in depth.
• NetBox Integration — configuring sources and syncing inventory.
• Network Topology — SNMP / LLDP / CDP discovery and diagram generation.
• Credential Vault — how the master-password vault protects connections and AI tools.
• Session Recording — audit logs and asciicast capture.