heddle

<h1 align="center">Heddle</h1> <p align="center"><strong>The policy-and-trust layer for MCP tool servers.</strong></p> <p align="center"> Heddle turns declarative configs into <a href="https://modelcontextprotocol.io/">Model Context Protocol</a> servers<br> with trust enforcement, credential brokering, and tamper-evident audit logging built in. </p> <p align="center"> <a href="#see-it-work">See It Work</a> · <a href="#why-heddle">Why Heddle</a> · <a href="#current-status">Current Status</a> · <a href="#security-architecture">Security</a> · <a href="#quick-start">Quick Start</a> </p>

---

<h2 id="see-it-work">See It Work</h2>

<p align="center"> </p>

One config, one MCP server. This YAML is a complete tool server — no Python, no boilerplate:

agent:
  name: prometheus-bridge
  version: "1.0.0"
  description: "Bridges Prometheus for natural language metric queries"
  exposes:
    - name: query_prometheus
      description: "Run a PromQL query"
      parameters:
        query: { type: string, required: true }
    - name: get_alerts
      description: "List active Prometheus alerts"
  http_bridge:
    - tool_name: query_prometheus
      method: GET
      url: "http://localhost:9092/api/v1/query"
      query_params: { query: query }
    - tool_name: get_alerts
      method: GET
      url: "http://localhost:9092/api/v1/alerts"
  runtime:
    trust_tier: 1  # enforced: GET/HEAD only, no writes, no cross-agent calls

Run it:

heddle run agents/prometheus-bridge.yaml

Claude can now query Prometheus in natural language.

Current demo environment: 46 tools from 9 active configs through a single MCP connection (11 configs total, 2 excluded for incompatible transports).

daily-ops        (T3): daily_briefing, system_health_check, threat_landscape
gitea-api-bridge (T1): list_user_repos, list_repo_issues
grafana-bridge   (T1): list_dashboards, get_dashboard