Wrap command-line tools in an MCP wrapper to separate secrets from the coding environment. Support introspection of tools and allow requests for additional cababilities.
  • Go 92.3%
  • Shell 3.9%
  • HTML 1.8%
  • CSS 1.3%
  • Scheme 0.7%
Find a file
Peter Tillemans c845f28870
All checks were successful
Lint / lint (push) Successful in 26s
Merge branch 'fix-toolcall-invariant' into 'main'
refactor: enforce the tool-call Allowed/DenyReason invariant at the boundary

See merge request pti/wraptool!23
2026-07-10 11:47:45 +00:00
.devcontainer devcontainer: add the claude-code feature 2026-07-03 11:07:10 +02:00
.forgejo/workflows fix(ci): stop Go toolchain auto-download in the CI image 2026-07-08 13:03:10 +00:00
cmd fix(harness): mount pool bin/ read-only; append to PATH 2026-07-10 09:44:12 +00:00
design fix(harness): mount pool bin/ read-only; append to PATH 2026-07-10 09:44:12 +00:00
docs docs: refresh overview — Web UI, isolation boundary, wraptool up 2026-07-09 12:35:36 +00:00
examples/devcontainer refactor: single flat manifest.scm, drop container.scm + toggles 2026-07-07 14:32:58 +02:00
features feat(connect): extend the feature to opencode, gemini, pi 2026-07-09 10:06:22 +00:00
internal docs(requestlog): correct invariant wording per review 2026-07-10 11:40:26 +00:00
testdata Initial implementation of wraptool MCP server 2026-05-15 12:52:10 +02:00
.envrc Initial implementation of wraptool MCP server 2026-05-15 12:52:10 +02:00
.gitignore add essential tools to plumbing and update .gitignore 2026-07-08 15:41:21 +02:00
.gitlab-ci.yml fix(ci): stop Go toolchain auto-download in the CI image 2026-07-08 13:03:10 +00:00
.golangci.yml ci: run gofmt, go vet, and golangci-lint on both remotes 2026-07-06 13:26:41 +00:00
CLAUDE.md feat(serve): serve Streamable HTTP at /mcp alongside SSE 2026-07-08 18:31:42 +00:00
go.mod fix(ci): stop Go toolchain auto-download in the CI image 2026-07-08 13:03:10 +00:00
go.sum streamline approval and reload 2026-05-18 15:06:11 +02:00
LICENSE Add GPLv3 license 2026-05-16 01:24:55 +02:00
main.go Initial implementation of wraptool MCP server 2026-05-15 12:52:10 +02:00
manifest.scm add essential tools to plumbing and update .gitignore 2026-07-08 15:41:21 +02:00
README.md docs: add Rules view screenshot to README and Web UI guide 2026-07-03 11:23:42 +00:00
test-container.sh Add Guix container integration test script 2026-05-16 01:22:32 +02:00

wraptool

An MCP server that wraps CLI tools behind a security whitelist, so AI coding assistants can use tools like git, gcloud, and kubectl without direct access to credentials.

Why

AI coding assistants need CLI tools to be productive, but giving them direct access exposes API keys, SSH keys, kubeconfigs, and service account credentials to the model context. wraptool sits between the assistant and the tools:

  • Credentials stay isolated -- wraptool runs as a separate process with its own environment; secrets never enter the AI context.
  • Subcommand-level whitelisting -- allow git commit but deny git push --force, with flag-level granularity and value constraints.
  • Auto-discovery -- wraptool parses --help output to generate MCP tool schemas with real descriptions.
  • Structured denial workflow -- denied commands trigger a capability-request flow that an operator approves from the CLI.

Quick start

go build -o wraptool .
wraptool init --harness claude --url http://127.0.0.1:8717/sse
wraptool serve

Web UI

An optional operator-facing dashboard (bound to 127.0.0.1, not AI-facing) reviews capability requests and provides full rule CRUD — edit a tool's allow/deny rules in the browser and the running server hot-reloads the change. See docs/web-ui.qmd.

wraptool Web UI — the Rules view, with per-tool allow/deny rules and inline edit controls

Documentation

Full documentation lives in docs/ and is rendered with Quarto to a website (published via GitLab Pages):

Page Source
Getting started docs/getting-started.qmd
Configuration reference docs/configuration.qmd
Security model docs/security.qmd
Hot-reload & capability requests docs/hot-reload.qmd
Request-review Web UI docs/web-ui.qmd
Isolated environments docs/isolated-environments.md
Overview slides docs/presentation.qmd

Build the site locally

quarto preview docs        # live-reloading dev server
quarto render  docs        # produce docs/_site/

License

GPLv3 -- see LICENSE.