Skip to main content
Toolshed is a framework for building Model Context Protocol (MCP) tool servers. Define typed tools in TypeScript, connect integrations like GitHub, Slack, and Linear, control which tools each agent role can access, and run everything in an isolated sandbox — all from a single unified platform.

Quick Start

Install the CLI, connect your first integration, and start your MCP server in minutes.

Build a Plugin

Learn how to define tools and plugins using the Toolshed SDK with full type safety.

Core Concepts

Understand plugins, sources, the tool registry, policies, and sandboxed execution.

API Reference

Explore the full REST API for managing sources, auth connections, roles, and elicitation.

How Toolshed works

Toolshed sits between your AI agents and the tools they need. You register tool sources — hand-written plugins or auto-generated from OpenAPI specs, GraphQL endpoints, or existing MCP servers. Agents discover and call tools through a standard MCP interface. Toolshed handles auth, enforces access policies, routes executions to a sandboxed runtime, and logs every tool call for audit.
1

Install the CLI

Install @toolshed/cli and authenticate with your Toolshed server.
2

Register your tools

Write a plugin with definePlugin() or point to an OpenAPI spec with defineSource().
3

Configure access policies

Create roles with tool path patterns to control which agents can invoke which tools.
4

Start the MCP server

Run toolshed serve to expose your tools to any MCP-compatible AI client.

Key features

Typed SDK

Define tools with Zod schemas — inputs and outputs are validated automatically.

Auto-generated tools

Import tools from OpenAPI specs, GraphQL endpoints, or existing MCP servers without writing handlers.

Role-based access

Control tool access with wildcard patterns like github.** or slack.messages.*.

Human-in-the-loop

Require explicit user approval before destructive tools execute.

Built-in integrations

GitHub, Slack, Linear, and Google Workspace plugins are included out of the box.

Sandboxed execution

Run agent scripts locally or inside Vercel Firecracker microVMs for full isolation.