Quick Start
Install the CLI, connect your first integration, and start your MCP server in minutes.
Build a Plugin
Learn how to define tools and plugins using the Toolshed SDK with full type safety.
Core Concepts
Understand plugins, sources, the tool registry, policies, and sandboxed execution.
API Reference
Explore the full REST API for managing sources, auth connections, roles, and elicitation.
How Toolshed works
Toolshed sits between your AI agents and the tools they need. You register tool sources — hand-written plugins or auto-generated from OpenAPI specs, GraphQL endpoints, or existing MCP servers. Agents discover and call tools through a standard MCP interface. Toolshed handles auth, enforces access policies, routes executions to a sandboxed runtime, and logs every tool call for audit.Register your tools
Write a plugin with
definePlugin() or point to an OpenAPI spec with defineSource().Configure access policies
Create roles with tool path patterns to control which agents can invoke which tools.
Key features
Typed SDK
Define tools with Zod schemas — inputs and outputs are validated automatically.
Auto-generated tools
Import tools from OpenAPI specs, GraphQL endpoints, or existing MCP servers without writing handlers.
Role-based access
Control tool access with wildcard patterns like
github.** or slack.messages.*.Human-in-the-loop
Require explicit user approval before destructive tools execute.
Built-in integrations
GitHub, Slack, Linear, and Google Workspace plugins are included out of the box.
Sandboxed execution
Run agent scripts locally or inside Vercel Firecracker microVMs for full isolation.