ToolMesh — Let AI agents touch real systems. Safely.

One Go binary between your agents and your infrastructure — with authorization, credential security, audit logging, and output policies on every tool call.

30 lines of YAML. No server to build.

In practice, MCP servers only expose a fraction of the REST API they wrap — and you'll hit the gaps fast. ToolMesh lets you replace the wrapper layer with .dadl files — a declarative YAML format that describes any REST API as MCP tools. No wrapper server to build, deploy, or maintain.

Current:    Claude → ToolMesh → MCP Server → REST API
With DADL:  Claude → ToolMesh → REST API (via .dadl file)

You don't write the YAML by hand. You ask an LLM. Claude, GPT, Gemini — any model that knows the DADL spec generates a working .dadl file in seconds. Describe what you need, drop the file into config/dadl/, done.

"Create a DADL for the GitHub API — list repos, open issues, and create pull requests."

10 seconds. Works with any LLM that knows the format.

And unlike MCP gateways that just pass tool calls through, ToolMesh adds what production deployments actually need:

• Authorization — fine-grained user → plan → tool control (OpenFGA)
• Credential Security — secrets injected at execution time, never in prompts
• Audit Trail — every tool call recorded with structured logging or queryable SQLite
• Input & Output Gating — JS policies validate parameters and filter responses

The Six Pillars

| Pillar | What it does | Backed by | |--------|-------------|-----------| | Any Backend | Connect MCP servers or describe REST APIs declaratively via DADL | Go MCP SDK + DADL (.dadl files) | | Code Mode | LLMs write typed JS instead of error-prone JSON | AST-parsed tool calls | | Audit | Execution trail — every tool call recorded and queryable | slog / SQLite | | OpenFGA | Fine-grained authorization (user → plan → tool) | OpenFGA | | Credential Store | Inject secrets at execution time, never in prompts | Per-request injection via Executor pipeline | | Gate | JavaScript policies validate inputs (pre) and filter outputs (post) | goja |

Try the demo

Want to try ToolMesh before installing? Connect to our public demo instance — no Docker, no config, no API keys:

demo.toolmesh.io — Hacker News APIs via ToolMesh. Works with Claude Desktop, Claude Code, and ChatGPT. Login: dadl / toolmesh.

Quickstart

# Clone
git clone https://github.com/DunkelCloud/ToolMesh.git
cd ToolMesh

# Configure
cp .env.example .env
# IMPORTANT: Set a password — without it, all requests are rejected:
#   TOOLMESH_AUTH_PASSWORD=my-secret-password
# Or set an API key for programmatic access:
#   TOOLMESH_API_KEY=my-api-key

# Optional: local overrides (build locally, enable OpenFGA, HTTPS proxy, ...)
# cp docker-compose.override.yml.example docker-compose.override.yml
# # then edit docker-compose.override.yml — picked up automatically by Docker Compose

# Start (runs in bypass mode by default — no authz required)
docker compose up -d

# Verify it's running (default port: 8123)
curl http://localhost:8123/health

# MCP endpoint: http://localhost:8123/mcp
# Note: Most MCP clients require HTTPS — see TLS section below

TLS (important)

ToolMesh itself serves plain HTTP. Most MCP clients — including Claude Desktop — require HTTPS and will reject http:// URLs. You need a TLS-terminating reverse proxy in front of ToolMesh:

| Option | When to use | |-

... View full README on GitHub