{"id":51396928,"url":"https://github.com/tsouth89/toolport","last_synced_at":"2026-07-07T01:00:20.638Z","repository":{"id":366028713,"uuid":"1274695288","full_name":"tsouth89/toolport","owner":"tsouth89","description":"Local-first MCP gateway. One port for every tool and every AI client: lazy discovery (~90% token savings), tool integrity + quarantine, secrets in the OS keychain.","archived":false,"fork":false,"pushed_at":"2026-07-04T03:25:20.000Z","size":11345,"stargazers_count":61,"open_issues_count":4,"forks_count":13,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-07-04T03:29:21.856Z","etag":null,"topics":["ai","ai-agents","anthropic","claude","cursor","developer-tools","gateway","llm","local-first","mcp","mcp-server","model-context-protocol","react","rust","tauri","vscode"],"latest_commit_sha":null,"homepage":"https://toolport.app","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tsouth89.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-19T19:42:40.000Z","updated_at":"2026-07-04T03:25:23.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/tsouth89/toolport","commit_stats":null,"previous_names":["tsouth89/conduit","tsouth89/toolport"],"tags_count":39,"template":false,"template_full_name":null,"purl":"pkg:github/tsouth89/toolport","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsouth89%2Ftoolport","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsouth89%2Ftoolport/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsouth89%2Ftoolport/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsouth89%2Ftoolport/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tsouth89","download_url":"https://codeload.github.com/tsouth89/toolport/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tsouth89%2Ftoolport/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35210429,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-06T02:00:07.184Z","response_time":106,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","ai-agents","anthropic","claude","cursor","developer-tools","gateway","llm","local-first","mcp","mcp-server","model-context-protocol","react","rust","tauri","vscode"],"created_at":"2026-07-04T03:05:26.796Z","updated_at":"2026-07-07T01:00:20.543Z","avatar_url":"https://github.com/tsouth89.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Toolport\n\n**Every tool. One port.** One local gateway for all your MCP servers, shared by\nevery AI client, with far fewer tokens.\n\n[![CI](https://github.com/tsouth89/toolport/actions/workflows/ci.yml/badge.svg)](https://github.com/tsouth89/toolport/actions/workflows/ci.yml)\n[![Latest release](https://img.shields.io/github/v/release/tsouth89/toolport?label=release)](https://github.com/tsouth89/toolport/releases)\n[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)\n[![Discord](https://img.shields.io/badge/Discord-join%20the%20community-5865F2?logo=discord\u0026logoColor=white)](https://discord.gg/Xsn27MxdBA)\n\n\u003c/div\u003e\n\n![Toolport: every tool from all your servers, collapsed to the 3 your agent loads](docs/lazy-discovery.svg)\n\n\u003c!-- TODO(toolport): re-capture the product demo GIF from the rebranded (Toolport) build before publicizing. Old docs/demo.gif shows the pre-rename UI.\n![Toolport demo: add a server, connect it to every AI tool, and the agent uses it](docs/demo.gif)\n--\u003e\n\nToolport is a local MCP (Model Context Protocol) gateway. You set up and\nauthenticate each server once, and every AI client (Claude, Cursor, Codex, and\nthe rest) points at Toolport and shares them, so you stop configuring the same\nservers separately in each app.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"docs/app.png\" alt=\"The Toolport desktop app: 14 MCP servers connected in one place with per-server tool counts, and every AI client wired in with one click\" width=\"900\" /\u003e\n\u003c/p\u003e\n\nIt also fixes what those servers cost your agent. Every MCP server you connect\ndumps all of its tools into context on every single request, and it adds up fast:\njust 3 servers (62 tools) cost ~24,000 tokens of definitions before you've asked\nanything. Toolport advertises 3 meta-tools the agent searches on demand instead,\nso it pays ~660 tokens.\n\n**Measured on a frontier model: up to 91% fewer total tokens at the same task\nsuccess** (graded for correct answers, not just completion), plus 97% less\ntool-definition overhead on every request, rising to 99.6% on a real 415-tool\ncatalog (see [BENCHMARK.md](BENCHMARK.md)). That holds whether you run one AI tool\nor five, on cloud models (where tokens are your bill) or local ones (where tool defs\neat your context window).\n\n|                                                                                             |                                                                              |                                                                                                |\n| :-----------------------------------------------------------------------------------------: | :--------------------------------------------------------------------------: | :--------------------------------------------------------------------------------------------: |\n|        ![Lazy discovery surfaces only the tools a task needs](docs/feature-lazy.png)        |          ![One gateway, every AI client](docs/feature-clients.png)           | ![Flags rug-pulls and poisoned tools before a client can call them](docs/feature-security.png) |\n| **Fewer tokens** - lazy discovery keeps context flat no matter how many servers you connect | **One config, every client** - set up a server once, every AI tool shares it |         **Supply-chain security** - rug-pull and tool-poisoning detection on the path          |\n\n\u003c!-- TODO(toolport): add product screenshots + a demo video, re-captured from the rebranded (Toolport) build, after the release is cut. --\u003e\n\n## Why\n\nEvery MCP server you connect dumps its full tool list into your agent's context on\nevery request, and most AI clients also want their own separate configuration. So you\npay a token tax on every call and reconfigure the same servers in every app. Toolport\nfixes both.\n\n### Fewer tokens\n\n- **~90% fewer tokens.** In lazy-discovery mode the gateway advertises three meta-tools\n  (`toolport_status`, `toolport_search_tools`, `toolport_call_tool`) instead of the full\n  catalog, and the agent searches and calls on demand, so context stays flat no matter\n  how many servers you connect. Benchmarked, graded for correct answers: up to 91% fewer\n  total tokens at the same task success, 97% less tool-definition overhead per request,\n  99.6% at a real 415-tool catalog ([BENCHMARK.md](BENCHMARK.md)). Ask `toolport_status`\n  for what it has saved you so far.\n- **Search by intent, not just keywords.** `toolport_search_tools` ranks by relevance\n  across every server, and no tool is ever hidden, any server's full set is one call\n  away. Optional semantic re-ranking (a local or hosted embeddings endpoint) surfaces\n  paraphrased needs like \"charge a card\"; off by default, pure lexical otherwise.\n\n### One setup, every client\n\n- **Set up once, use everywhere.** Each client points at one gateway. Add and\n  authenticate a server a single time and it appears in every client.\n- **Paste from any client's docs.** Copy a server config snippet straight from\n  an MCP server's installation instructions (Cursor JSON, Codex TOML, VS Code,\n  Zed, Claude Code CLI, or any other supported client) and paste it into the Add\n  Server dialog. Toolport auto-detects the format and pre-fills the fields,\n  including environment variable values.\n- **Per-agent scoping.** Give each client only the servers it should see. A coding\n  agent literally cannot call a billing tool that isn't in its profile.\n- **Obvious auth.** OAuth or API key, stored once in the OS keychain, a single click per\n  server. Newly-authed servers propagate to connected clients without a restart.\n- **No secrets in client configs.** Clients only ever say \"talk to Toolport.\" Keys live\n  in the OS keychain and are injected at runtime.\n- **A catalog to grow.** Add popular servers from a curated list of 40+, or search the\n  official MCP Registry, then authenticate through the same flow.\n\n### Security, because the gateway is on the path\n\n- **Tool integrity (rug-pull + poisoning detection).** Toolport fingerprints each tool\n  when you connect a server and flags it if the definition later changes or a server\n  quietly adds one (a \"rug pull\"), or if a description or schema carries injection-like\n  content (\"tool poisoning\"). Detection only, on by default, entirely local\n  ([details](docs/specs/mcp-integrity.md)).\n- **Content defense (anti-agentjacking).** When a tool _returns_ untrusted content (a\n  Sentry error, a web page, an issue body) with injection-like instructions, Toolport\n  flags it and marks it as external data, not instructions, the separation that blunts\n  indirect prompt injection. Never blocks, on by default\n  ([details](docs/specs/content-defense.md)).\n- **Governance and audit.** Toggle any tool on or off, or hide every destructive tool\n  from every client with one switch. Every call is recorded with per-server latency and\n  error rates.\n\n### Control and extras\n\n- **Agent control, on your terms.** Optionally let an agent enable or disable servers\n  through the gateway (`toolport_enable_server` / `toolport_disable_server`), reflected in\n  the app live. Off by default, and the destructive-tool switch always stays yours.\n- **Full MCP, not just tools.** Tools, resources, and prompts are all proxied.\n- **Test before you wire it up.** A built-in playground invokes any tool with a form\n  generated from its schema, so you can confirm a server works without configuring a\n  client first.\n- **Diagnostics in one click.** Bundles your version, OS, a secrets-stripped server\n  summary, and the recent gateway log, ready to paste into a bug report.\n\n## How it works\n\nToolport has two pieces:\n\n1. **The desktop app** (Tauri + React) where you manage servers, profiles,\n   credentials, and which clients are connected.\n2. **The gateway binary** (`toolport-gateway`) that each AI client launches over\n   stdio. It reads Toolport's registry, connects to the enabled downstream servers\n   (stdio or remote HTTP/SSE), and routes tool calls to the right one. Tool names\n   are namespaced per server (`stripe__list_charges`) so they never collide.\n\n```\nAI client (Cursor / Claude / Codex / Antigravity / ...)\n        │  stdio MCP\n        ▼\n  toolport-gateway  ──reads──►  registry.json + OS keychain\n        │  routes tools/calls\n        ▼\n  downstream MCP servers (Stripe, Supabase, GitHub, ...)\n```\n\nThe registry is the shared source of truth; the gateway watches it and rebuilds\nlive, so toggles and new credentials take effect without restarting the client.\nIf a connected server changes its own tool set mid-session, Toolport picks that up\nand refreshes too.\n\n## Supported clients\n\nToolport auto-detects these **20 AI clients**, installs the gateway into each with one\nclick, and can import a client's existing servers. It writes the config file shown\nbelow for you, so you never have to edit these by hand.\n\n| Client         | Config file                                                                                | Format                   |\n| -------------- | ------------------------------------------------------------------------------------------ | ------------------------ |\n| Claude Desktop | `\u003cconfig\u003e/Claude/claude_desktop_config.json`                                               | JSON (`mcpServers`)      |\n| Claude Code    | `~/.claude.json`                                                                           | JSON (`mcpServers`)      |\n| Cursor         | `~/.cursor/mcp.json`                                                                       | JSON (`mcpServers`)      |\n| VS Code        | `\u003cconfig\u003e/Code/User/mcp.json`                                                              | JSON (`servers`)         |\n| Windsurf       | `~/.codeium/windsurf/mcp_config.json`                                                      | JSON (`mcpServers`)      |\n| Codex          | `~/.codex/config.toml`                                                                     | TOML (`mcp_servers`)     |\n| Continue       | `~/.continue/config.yaml`                                                                  | YAML (`mcpServers`)      |\n| Antigravity    | `~/.gemini/config/mcp_config.json`                                                         | JSON (`mcpServers`)      |\n| Gemini CLI     | `~/.gemini/settings.json`                                                                  | JSON (`mcpServers`)      |\n| Cline          | `\u003cconfig\u003e/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json` | JSON (`mcpServers`)      |\n| Roo Code       | `\u003cconfig\u003e/Code/User/globalStorage/rooveterinaryinc.roo-cline/settings/mcp_settings.json`   | JSON (`mcpServers`)      |\n| Warp           | `~/.warp/.mcp.json`                                                                        | JSON (`mcpServers`)      |\n| Amazon Q       | `~/.aws/amazonq/mcp.json`                                                                  | JSON (`mcpServers`)      |\n| Kiro           | `~/.kiro/settings/mcp.json`                                                                | JSON (`mcpServers`)      |\n| Zed            | `~/.config/zed/settings.json`                                                              | JSON (`context_servers`) |\n| LM Studio      | `~/.lmstudio/mcp.json`                                                                     | JSON (`mcpServers`)      |\n| Jan            | `\u003cdata\u003e/Jan/data/mcp_config.json`                                                          | JSON (`mcpServers`)      |\n| BoltAI         | `~/.boltai/mcp.json`                                                                       | JSON (`mcpServers`)      |\n| Goose          | `~/.config/goose/config.yaml`                                                              | YAML (`extensions`)      |\n| Hermes         | `~/.hermes/config.yaml`                                                                    | YAML (`mcp_servers`)     |\n\n`\u003cconfig\u003e` is your OS application-config dir (`%APPDATA%` on Windows, `~/Library/Application Support` on macOS, `~/.config` on Linux); `\u003cdata\u003e` is the data dir (`~/.local/share` on Linux, the same as `\u003cconfig\u003e` elsewhere). Zed and Goose paths vary slightly by OS; Toolport resolves the right one automatically.\n\n### Codex setup walkthrough\n\nUse this when Codex has already created its `~/.codex/` directory.\n\n1. In Toolport, add or enable the MCP servers you want Codex to use.\n2. Open **Clients**, select **Codex**, optionally choose a profile, and click **Connect to Toolport**.\n3. Toolport updates `~/.codex/config.toml` with a single `[mcp_servers.conduit]` entry. That entry runs the resolved `toolport-gateway` binary; existing Codex TOML keys and other MCP servers are preserved, and an existing config is backed up before the write.\n4. Start a new Codex session so it re-reads the config. In Toolport, the Codex row changes to **connected to Toolport**; in Codex, Toolport-managed tools are served through the one `conduit` MCP server. With lazy discovery enabled, Codex gets Toolport's compact search tools instead of every downstream tool up front.\n\nGotcha: when running Toolport from source, build the gateway first with `npm run build:gateway`. The desktop dev server does not build the separate binary that Codex spawns, so Codex will report the gateway as missing until that binary exists.\n\n### Open WebUI and other HTTP/OpenAPI consumers\n\nThe gateway speaks HTTP/OpenAPI natively, so Open WebUI (and any OpenAPI tool\nclient) connects straight to Toolport, no bridge or proxy. Flip on **Settings -\u003e\nIntegrations -\u003e Open WebUI / HTTP endpoint** in the app (or run\n`toolport-gateway --http 8765`), then add `http://localhost:8765` as an OpenAPI\ntool server. See [docs/openwebui.md](docs/openwebui.md). The same endpoint serves\nany HTTP/OpenAPI MCP consumer (n8n, LibreChat, custom agents).\n\n## Configuration\n\nLazy discovery, the destructive-tool block, and agent control are global settings,\nstored in the registry and toggled in the app's Settings view, so they apply to every\nclient (lazy discovery is on by default). Per-client behavior is set via env vars on the\ngateway entry, written for you when you connect a client:\n\n- `CONDUIT_PROFILE=\u003cname\u003e` - scope this client to one profile's servers. Unset =\n  the active profile.\n- `CONDUIT_DISCOVERY=lazy|full` - optional per-client override of the global lazy\n  setting. Rarely needed; the gateway reads the registry default otherwise.\n- `CONDUIT_REGISTRY=\u003cpath\u003e` - override the registry file location. Defaults to a\n  stable per-user path so packaged and unpackaged clients agree.\n- `CONDUIT_RESULT_BUDGET=\u003cbytes\u003e` - cap oversized tool results at this many bytes\n  (0 disables it). Optional; off by default.\n- `CONDUIT_HTTP=\u003cport\u003e` (with optional `CONDUIT_HTTP_HOST`, default `127.0.0.1`,\n  and `CONDUIT_HTTP_TOKEN` for the required bearer token) - run the gateway in\n  HTTP/OpenAPI mode instead of stdio, for Open WebUI and other OpenAPI clients (see\n  above). The in-app Settings -\u003e Integrations toggle sets these for you, and the\n  gateway refuses a non-loopback bind without a token.\n\n**Semantic search (optional).** Lazy discovery ranks tools lexically by default. Point it\nat any `/v1/embeddings` endpoint (LM Studio, Ollama, or a cloud provider) to blend in\nembedding similarity for paraphrased queries: `CONDUIT_SEMANTIC=on`,\n`CONDUIT_EMBED_ENDPOINT`, `CONDUIT_EMBED_MODEL`, plus optional `CONDUIT_EMBED_KEY`\n(endpoint auth) and `CONDUIT_EMBED_BLEND`. See\n[docs/specs/semantic-search.md](docs/specs/semantic-search.md).\n\n**Multiple accounts for the same service.** Credentials belong to a server, not a\nprofile. To use, say, a work and a personal GitHub, add GitHub twice as two\nservers (\"GitHub (work)\", \"GitHub (personal)\"), authenticate each with its own\naccount, and enable one in each profile. A client scoped to the work profile\n(`CONDUIT_PROFILE`) then only ever sees the work account. Tool names are\nnamespaced per server, so the two never collide even in the same profile.\n\n## Install\n\nPrebuilt installers are published on the\n[Releases](https://github.com/tsouth89/toolport/releases) page. Toolport runs on\n**Windows and macOS** (both builds are code-signed; macOS is also notarized), with\n**Linux** in beta. On Linux, prefer the **`.deb`** (it links your system's WebKitGTK and is\nthe most reliable package); the **AppImage** is a portable, no-root fallback but\ncan clash with very new or virtualized graphics stacks (see Troubleshooting). To\nrun from source, see Development below.\n\nBoth the **Windows** and **macOS** installers are code-signed (macOS is also\nnotarized). macOS installs cleanly through Gatekeeper. On Windows the installer is\nsigned with your validated publisher name (no \"unknown publisher\"), but because it\nuses a standard certificate rather than EV, SmartScreen reputation still builds with\ndownloads, so an early install may still show \"Windows protected your PC\", click\n**More info -\u003e Run anyway** to continue. The **Linux** packages are unsigned, as is\ntypical. See [docs/SIGNING.md](docs/SIGNING.md) for details.\n\n**Updating and uninstalling on Linux.** There is no graphical uninstaller, use the\nterminal. The package name is `toolport`.\n\n```bash\n# Update to a newer version: just install the new .deb, it upgrades in place.\nsudo apt install ./Toolport_1.0.0_amd64.deb\n\n# Uninstall (keeps your config + saved secrets).\nsudo apt remove toolport\n\n# Uninstall and wipe app config too (secrets in the keyring stay).\nsudo apt purge toolport\n```\n\nIf you used the **AppImage**, there's nothing to uninstall, just delete the\n`.AppImage` file. (On Windows use Add or Remove Programs; on macOS drag\n**Toolport.app** to the Trash.)\n\n## Development\n\nRequires Node and the Rust toolchain.\n\n```bash\nnpm install\nnpm run tauri dev      # run the desktop app\n```\n\nOther useful commands:\n\n```bash\ncargo test --manifest-path src-tauri/Cargo.toml   # Rust unit tests (lib + gateway)\n\n# Build the gateway binary. Required when running from source: AI clients spawn\n# this binary directly, so without it a connected client reports \"not found\".\n# (Packaged releases bundle it, so installed users never need this.)\nnpm run build:gateway\n\n# Build a Windows installer (NSIS) with the gateway bundled.\nnpm run tauri:bundle\n```\n\nThe frontend is typechecked with `npx tsc --noEmit`.\n\n## Troubleshooting\n\n- **OAuth opens a blank page (macOS).** The OAuth flow redirects back to a local\n  `http://127.0.0.1` callback. Safari can silently block that redirect, so the\n  sign-in page renders blank. Set **Chrome or Brave** as your default browser (or\n  paste an access token instead). Complete one attempt at a time, an abandoned\n  attempt keeps the callback port reserved for a few minutes and can cause a\n  \"state mismatch\" on the next try.\n- **A client reports the gateway \"was not found\" (running from source).** Build\n  the gateway binary once: `cd src-tauri \u0026\u0026 cargo build --bin toolport-gateway`.\n  `npm run tauri dev` builds the app but not this separate binary; packaged\n  releases bundle it, so installed users never hit this.\n- **Repeated macOS keychain prompts / \"could not read secret from the keychain\"\n  in dev.** An unsigned dev build gets an unstable code-signing identity, so the\n  keychain re-prompts or denies reads. Signed release builds (v0.9.3+) don't: they\n  store secrets in the macOS data-protection keychain under a shared access group,\n  so the gateway reads them with no prompt. This is a dev-only artifact.\n- **\"could not read/store secret\" on Linux.** Secret storage uses the freedesktop\n  Secret Service (libsecret), provided by GNOME Keyring, KWallet, or similar. A\n  headless box or a session without a running keyring daemon has nowhere to store\n  secrets. Run Toolport in a desktop session, or install and unlock a keyring\n  (e.g. `gnome-keyring`).\n- **macOS keychain and the gateway (v0.9.3+).** The app and the separately-signed\n  gateway share a team-scoped keychain access group, so the gateway reads the\n  secrets the app saved with no prompt, even across app updates. (Earlier releases\n  showed a one-time \"Always Allow\" prompt; on current signed builds it's gone.)\n- **VS Code: the `conduit` server doesn't start automatically.** VS Code may require\n  you to click **Start Server** on the `conduit` MCP entry the first time, that's VS\n  Code's own MCP handling, not Toolport. After that it reconnects on its own.\n- **Linux: the AppImage won't launch / no window (`EGL_BAD_PARAMETER`).** The\n  AppImage bundles its own libraries, which can clash with a very new or\n  virtualized graphics stack (e.g. VMware's `vmwgfx` driver, where the default EGL\n  display fails). **Use the `.deb` instead**, it links your system's WebKitGTK and\n  is the more reliable Linux package. If you must use the AppImage, try\n  `EGL_PLATFORM=surfaceless ./Toolport_*.AppImage`, or in a VM enable 3D\n  acceleration. (This is a packaging/GPU issue, not a Toolport bug; the `.deb` works\n  where the AppImage doesn't.)\n\n## Status\n\nToolport is in active development. Working end to end: the\ngateway, lazy discovery, per-agent scoping, OAuth/key auth with live propagation,\nthe catalog, client import/migrate, per-tool and destructive-tool governance, a global\nSettings view, tool-integrity and content-defense detection, an audit log with\nlatency/error stats, resources + prompts proxying, and a tool playground. See\n[docs/ROADMAP.md](docs/ROADMAP.md) for what is done and planned.\n\n## Known issues\n\n- **Linux only, glib `VariantStrIter` soundness ([RUSTSEC-2024-0429](https://rustsec.org/advisories/RUSTSEC-2024-0429)).**\n  Tauri's Linux webview stack pulls in `glib` 0.18 transitively (`wry → webkit2gtk →\ngtk 0.18 → glib 0.18`). The fix only exists in `glib` 0.20+, and the gtk-0.18\n  binding line, which is what Tauri 2 uses on Linux, hard-pins `glib = \"^0.18\"`, so\n  the patched release cannot be selected without moving the whole webview stack. The\n  bug is a soundness/null-deref crash (not remote code execution), is confined to the\n  webview binding layer (Toolport never calls `VariantStrIter`), and does not affect\n  the Windows or macOS builds. We are tracking the upstream move to a glib-0.20 stack\n  and will apply a `[patch.crates-io]` backport if Linux crashes surface before then.\n\n## Toolport Teams\n\nWant one shared, governed MCP server set across your whole team? **Toolport Teams** lets\nan admin define the team's servers once, every member's Toolport syncs them, and each\nmember's keys still never leave their own machine.\n\nRun it whichever way you prefer:\n\n- **Hosted:** sign in at [toolport.app/teams](https://toolport.app/teams) and invite your\n  team, no infrastructure to run.\n- **Self-hosted:** one Docker command (`docker pull ghcr.io/tsouth89/conduit-teams`).\n\nSame pricing either way:\n\n- **Free for up to 5 people** (hosted or self-hosted).\n- **$12/seat/month** beyond that; the first 5 seats stay free.\n- Central destructive-tool policy, an exportable audit trail, and per-member opt-in for\n  local-command servers (a team config can never silently run code on a member's machine).\n\nPricing, the self-host quickstart, and checkout are all at\n**[toolport.app/teams](https://toolport.app/teams)**.\n\n## License\n\n[MIT](LICENSE), and the local app and gateway always will be. Toolport follows an\nopen-core model: the desktop app and `toolport-gateway` are free and open source, and\nToolport Teams (above) funds the free app. Anything you contribute here is MIT and\nbenefits everyone, see [CONTRIBUTING.md](CONTRIBUTING.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftsouth89%2Ftoolport","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftsouth89%2Ftoolport","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftsouth89%2Ftoolport/lists"}