Skip to content
ToolMesh
Blog

Architecture

ToolMesh is a Go middleware that orchestrates, authorizes, and secures the execution of tool calls between AI agents and backend infrastructure.

Claude Code trusted Claude Desktop trusted 3rd Party Agent untrusted MCP + CallerID ToolMesh Secure Execution Layer Auth OAuth 2.1 AuthZ OpenFGA Credentials Secret Inject Gate JS Policies Execute MCP / REST Audit slog / SQLite MCP Servers HTTP / STDIO Any existing MCP server DADL Library Declarative REST API descriptions — no code, no servers dadl.ai Stripe GitHub Hetzner DeepL Cloudflare any REST API 1,100+ tools — community-driven registry at dadl.ai

Execution Pipeline

Section titled “Execution Pipeline”

Every tool call passes through a fail-closed pipeline. If any step rejects (AuthZ, Gate), the entire execution stops. No partial results leak through.

The Six Pillars

Section titled “The Six Pillars”
PillarImplementationBacked by
Any BackendMCP servers (HTTP/STDIO) + REST APIs via DADLGo MCP SDK + DADL parser
Code Modelist_tools + execute_code — LLMs write JS instead of JSONAST-parsed tool calls
AuditEvery tool call logged structurallyslog (write-only) or SQLite (queryable)
AuthorizationUser → Plan → Tool relationshipsOpenFGA
Credential StoreSecrets injected at runtime, never in promptsEnv vars (CREDENTIAL_*), extensible
Output GateJS policies validate input/outputgoja (Go JS engine)

Extension Model

Section titled “Extension Model”

Three components are extensible via a registry pattern (inspired by Go’s database/sql drivers):

ComponentRegistry FunctionBuilt-inConfig
Credential Storecredentials.Register()embedded (env vars)CREDENTIAL_STORE=<name>
Tool Backendbackend.Register()mcp, rest (DADL), echoconfig/backends.yaml
Gate Evaluatorgate.RegisterEvaluator()goja (JavaScript)GATE_EVALUATORS=<list>

Extensions register via init() functions. Enterprise extensions live in a separate module and are included via Go build tags:

Terminal window
go build -tags enterprise ./cmd/toolmesh

Enterprise Extensions (Planned)

Section titled “Enterprise Extensions (Planned)”
ComponentExtensionDescription
Credential StoreInfisicalStoreInfisical Secrets Manager integration
Credential StoreVaultStoreHashiCorp Vault / OpenBao integration
Gate EvaluatorCompliance-LLMLLM-based content classification

Project Structure

Section titled “Project Structure”
toolmesh/
├── cmd/
│   └── toolmesh/          # Main entrypoint (MCP server)
├── config/
│   └── openfga/           # Authorization model (model.fga), tuples (tuples.json), setup script
├── internal/
│   ├── mcp/               # MCP server (Streamable HTTP + STDIO)
│   ├── backend/           # ToolBackend interface + MCPAdapter + RESTAdapter
│   ├── executor/          # ExecuteTool pipeline (AuthZ → Creds → Gate → Exec → Audit)
│   ├── audit/             # Audit store interface + log/sqlite implementations
│   ├── authz/             # OpenFGA authorization
│   ├── credentials/       # Credential store interface + EmbeddedStore
│   ├── gate/              # Output gate (goja policy engine)
│   ├── userctx/           # UserContext propagation
│   └── config/            # Environment-based configuration
├── config/                # Backend config (backends.yaml, users.yaml, apikeys.yaml)
├── tools/                 # TypeScript tool definitions (canonical source)
├── policies/              # JavaScript gate policies
└── docs/                  # Documentation