Architecture

toolshed/
  apps/
    cli/          CLI tool (login, run, serve)
    server/       API backend (Hono + Vercel + Neon PostgreSQL)
    web/          Static landing page
  packages/
    kernel/       Runtime abstraction (local, Vercel, sandboxed JS)
    mcp-host/     MCP server hosting layer
    policy/       Authorization and consent engine
    sdk/          Plugin and tool definition SDK
    shared/       Shared types and Zod schemas
    sources/      Data source adapters (OpenAPI, MCP, GraphQL, plugins)
  plugins/
    github/       GitHub API integration
    google-workspace/  Gmail, Drive, Calendar
    linear/       Linear issue tracking
    slack/        Slack messaging

cli ────→ kernel ────→ policy ────→ shared
  │         │
  ├──────→ mcp-host ──→ kernel
  │
  ├──────→ policy
  └──────→ shared

server ──→ sdk ────────→ shared
  │         │
  ├──────→ sources ────→ sdk
  │                       │
  ├──────→ policy         └──→ shared
  └──────→ shared

plugins (github, linear, google-workspace, slack)
  ├──────→ sdk ──────────→ shared
  └──────→ shared

MCP Client (Claude, Cursor, etc.)
  │
  │  MCP protocol (stdio)
  ▼
MCP Host (mcp-host)
  │  creates McpServer with 4 tools
  ▼
Runtime (kernel)
  │  executes TypeScript in sandbox
  │  provides tools.* proxy namespace
  ▼
Tool Proxy (kernel/proxy)
  │  translates tools.github.issues.list({...})
  │  into invoke("github.issues.list", args)
  ▼
Elicitation Engine (kernel)
  │  if destructive: pause, wait for approval
  ▼
Plugin Handler / Source Adapter
  │  calls external API (GitHub, Slack, etc.)
  ▼
External Service