Open-source tool gateway for agents from Rhys Sullivan. Normalizes MCP, OpenAPI, GraphQL, and custom sources into one typed SDK that agents call in a sandbox — built on Cloudflare's Code Mode pattern.
Set up your sources (MCP servers, OpenAPI specs, GraphQL endpoints, custom) once, and any agent — Claude, Cursor, Codex — can call them. Per-user or global credentials, team sharing, destructive-action gating, JS sandbox so secrets never reach the model. Rhys is now building it full-time as a startup.
Repo: RhysSullivan/executor · Beta: executor.sh
Built on Code Mode, the pattern Cloudflare introduced for agent tool use. The premise: LLMs are bad at direct tool calls because their training corpus has almost no synthetic tool-call syntax — but billions of lines of TypeScript. So instead of exposing tools as callable functions the model picks between, Executor exposes them as a typed TS SDK and asks the model to write code.
The flow:
{ name, inputSchema, outputSchema }, regardless of origin (MCP / OpenAPI / GraphQL / custom).Net effect: thousands of tools become callable through one MCP entry without blowing up context. The model reasons in code instead of slot-filling JSON arguments.
destructiveHint for MCP, mutations for GraphQL — Executor uses these to decide what auto-runs vs requires approval. Autonomy without losing the human in the loop.Did a small UI fix — PR #774. OAuth callback failures were rendering a hardcoded "Authentication failed" because the handler swallowed the real cause with Effect.catchCause, making integration failures undiagnosable from the popup. Dropped the catch, added a two-tier popup (short headline + collapsible technical details), kept XSS escaping. Merged.
Hoping to contribute more — the problem space is the right one and the codebase is clean Effect-TS.