Skip to main content
Toolshed is the execution layer for Philo Ventures agents. It provides the infrastructure for building, hosting, and running MCP (Model Context Protocol) servers that expose enterprise tools to AI agents.

Why Toolshed?

  • Sandboxed execution — run agent-generated TypeScript in isolated Firecracker microVMs or local runtimes (stdio transport)
  • Remote MCP — expose the catalog over HTTP for hosts like Claude Desktop’s “Add custom connector”
  • Role-based tool access — control which tools each agent can use with glob-pattern policies
  • Human-in-the-loop — destructive operations pause for user approval before executing
  • Multi-source catalog — unify tools from OpenAPI specs, GraphQL endpoints, MCP servers, and hand-written plugins into a single searchable catalog
  • OAuth built in — eight OAuth providers wired (GitHub, Google, Slack, Linear, QuickBooks, GCP, DocuSign, Carta) with encrypted token storage and automatic refresh

How it works

Toolshed ships two MCP transports, each tuned for a different host:
  • stdio (toolshed serve, used by the CLI flow) exposes search_tools, read_tool, run (sandboxed TypeScript), and resume (approve/deny pending elicitations).
  • HTTP (POST /api/mcp/:token, used by Claude Desktop’s “Add custom connector”) exposes search_tools, read_tool, and call_tool (one tool per call). This surface filters the catalog per-user — only tools the user has connected are visible to the agent.
Both surfaces front the same plugin catalog and the same three-source token resolution. See MCP Server Overview for the full picture.

Quickstart

Get up and running in 5 minutes

Architecture

Understand the monorepo layout and data flow

Write a Plugin

Build a plugin with definePlugin and defineTool

MCP Tools

Reference for the 4 MCP tools agents interact with

Prerequisites

  • Node.js >= 22
  • pnpm 9.15.4