Skip to content
ToolMesh
Blog

ToolMesh

Let AI agents touch real systems
— safely.

The missing control layer between AI agents and enterprise systems. AI agents access APIs today — without access control, audit trail, or credential protection. ToolMesh makes uncontrolled tool calls a governed, auditable process — and connects any REST API or MCP server in minutes, not months.

Auth verified AuthZ allowed sk_live_4eC3... ******** Creds injected [email protected] [REDACTED] Gate filtered Exec executed 200 OK tool:list_repos Audit logged AI Agent API Backend REQ
Quick Start Docs GitHub DADL Registry
1,100+ tools via DADL Secrets hidden from LLM Every call logged Open Source (Apache 2.0) Self-hosted

Your LLM writes the integration.
Any REST API — agent-ready in minutes.

Stop writing MCP servers. DADL describes any REST API as agent tools in pure YAML — and your LLM can generate it from an existing API spec in minutes.

mcp-server.js ~120 LOC 
import { Server } from "@modelcontextprotocol/sdk";
import express from "express";

const app = express();
const server = new Server({ name: "github" });

server.setRequestHandler("tools/list", () => ({
  tools: [{
    name: "list_repos",
    description: "List repositories",
    inputSchema: {
      type: "object",
      properties: {
        sort: {
          type: "string",
          enum: ["created", "updated"]
        }
      }
    }
  }]
}));

server.setRequestHandler("tools/call",
  async (req) => {
    const resp = await fetch(
      "https://api.github.com/user/repos",
      { headers: {
          Authorization: "Bearer " + TOKEN
      }}
    );
    return { content: [
      { type: "text", text: await resp.text() }
    ]};
  });

app.use(server.transport);
app.listen(3000);
// + error handling, pagination,
// retries, auth refresh, types...
Also needed: Node.js runtime npm dependencies Docker image Process manager Health checks Deployment
github.dadl 15 LOC 
spec: "https://dadl.ai/spec/v0.1"
backend:
  name: github
  type: rest
  base_url: https://api.github.com
  auth:
    type: bearer
    credential: github_token
  defaults:
    pagination:
      strategy: link_header
  tools:
    list_repos:
      method: GET
      path: /user/repos
      description: "List repositories"
      params:
        sort:
          type: string
          enum: [created, updated]
Auth, pagination, retries, error handling — all built in.
Prompt "Generate a DADL file for the Hetzner Cloud API"
Result Working hetzner-cloud.dadl — 98 tools, ready to use

Eliminate the MCP server middleman.

Without DADL AI Agent Context Window Overflow hundreds of individual tools github-mcp Node.js GitHub API stripe-mcp Node.js Stripe API hetzner-mcp Python Hetzner API deepl-mcp Go DeepL API 4 servers · 4 runtimes · 4 deployments Each server: deps, Docker, health checks, maintenance With DADL + Code Mode AI Agent Code Mode list_tools + execute_code ToolMesh github.dadl GitHub stripe.dadl Stripe hetzner.dadl Hetzner deepl.dadl DeepL YAML files · no code · no servers · no deployment 2 meta-tools replace hundreds of individual tools

What happens when an agent calls your API?

Agent receives: "List open invoices from Stripe"

Caller verified claude-code → trusted
Authorization checked User plan allows stripe_list_invoices
🔑
API key injected LLM never sees sk_live_4eC39HqL...
Request executed GET /v1/invoices?status=open
🛡️
PII redacted customer emails → [REDACTED]
📋
Call logged Queryable SQL audit trail
The risk

Agents calling production systems is terrifying.

Credentials in prompts. No audit trail. No content control. One hallucinated API call away from a data breach.

The relief

ToolMesh adds the missing layer.

Every call authenticated, authorized, credential-injected, content-gated, and logged. Fail-closed pipeline — if any check fails, nothing executes.

The power

Any API, integrated in minutes.

Point your LLM at an API spec, get a working DADL file back. No wrapper code, no deployment, no maintenance. Connect more tools — faster than ever.

Architecture at a glance

Every tool call flows through a fail-closed pipeline. If any stage rejects, nothing executes.

Claude Code trusted Claude Desktop trusted 3rd Party Agent untrusted MCP + CallerID ToolMesh Secure Execution Layer Auth OAuth 2.1 AuthZ OpenFGA Credentials Secret Inject Gate JS Policies Execute MCP / REST Audit slog / SQLite MCP Servers HTTP / STDIO Any existing MCP server DADL Library Declarative REST API descriptions — no code, no servers dadl.ai Stripe GitHub Hetzner DeepL Cloudflare any REST API 1,100+ tools — community-driven registry at dadl.ai

What you get

🔌

Any API in minutes

30 lines of DADL replace a whole MCP server. LLM-generated from API specs, with auth, pagination, and retries built in.

💻

Scale beyond limits

15 MCP servers at once? Impossible without ToolMesh. Code Mode cuts 50,000+ tokens to ~1,000 — making it work, not just better.

🔑

Keep secrets from the model

API keys injected at runtime by the ToolMesh server. The LLM never sees credentials — not in prompts, not in client configs, not in responses.

🔐

Control who can do what

Per-tool, per-user authorization via OpenFGA. Example: free users get read-only tools, pro users get everything.

🛡️

Block unsafe output

JavaScript policies block confidential data before execution, redact PII in responses, enforce compliance rules.

📋

See every call

SQL-queryable audit trail. Every tool invocation attributed to a user, plan, and caller. Answer 'what did that agent do?' with a query.

Know which agent is calling — and trust accordingly.

ToolMesh is the only known MCP gateway that differentiates which AI client triggers each tool call. Claude Code gets full access. An unknown third-party agent gets PII filtering and restricted tools. Same infrastructure, tiered trust.

CallerClass PII Filtering Tool Access
trusted Credentials only Full
standard High-risk PII + credentials Full
untrusted All PII patterns Sensitive tools blocked

Nginx made web apps production-ready — reverse proxy, SSL, load balancing.
ToolMesh makes AI agent tool calls production-ready — authorization, credentials, audit, content gating.

Running in 60 seconds.

LIVE DEMO Connect to our public ToolMesh instance — no install needed. Works with Claude Desktop, Claude Code, and ChatGPT.
1
Clone and configure
git clone https://github.com/DunkelCloud/ToolMesh.git && cd ToolMesh
cp .env.example .env
Edit .env — set TOOLMESH_AUTH_PASSWORD, TOOLMESH_API_KEY, and your CREDENTIAL_* backend keys.
2
Start
docker compose up
3
Connect your AI agent
claude mcp add -t http -H "Authorization: Bearer MY_API_KEY" -s user toolmesh http://localhost:8123/mcp
ToolMesh is now running on localhost:8123 — add backends in config/backends.yaml
Read the docs Architecture