Governed MCP tools. Sealed in WASM.

Write tools in any language, compile to WebAssembly, and run them with auditable policies and least-privilege security.

Any language → WASM
Policy-based sandboxing
Full audit trail
terminal
$mcpfuse build --target wasm32
✓ Compiled to WebAssembly (124KB)
$mcpfuse publish --sign
✓ Signed with attestation
✓ Published to registry v1.0.3
Console
slack-notifierActive
Network:hooks.slack.com
Filesystem:read-only
Last run:2 min ago

Trusted by platform teams at

Acme
Northwind
Contoso
Fabrikam
Tailspin
WideWorld
"mcpfuse transformed how we manage internal tooling. Our security team finally has visibility into what tools are doing, and our developers can ship faster knowing their tools will pass review."
Sarah Chen
Head of Platform, Acme Corp

Default-deny by design.

Tools run sealed in a WASM codebox. Capabilities open only when declared in a manifest—fully auditable.

Default deny runtimeExplicit allowlistAuditable execution
Filesystemfs:///tmp/cache
Networkapi.weather.com
SecretsAPI_KEY
WASM Codebox
weather.fetch
Sandboxed
manifest.yaml
# Permissions manifest
storage:
  allow:
    - uri: "fs:///tmp/cache"
      access: ["read", "write"]
network:
  allow:
    - host: "api.weather.com"
environment:
  allow:
    - key: "API_KEY"
Audittool=weather.fetch policy=prod-default allow=network,fs,env

How it works

From code to production in four steps, with security built-in at every stage.

Build

Write your tool in any language. Rust, Go, TypeScript—compile it to WebAssembly.

weather-tool.ts
export function getWeather(city: string) {
  const res = await fetch(
    `https://api.weather.com/${city}`
  );
  return res.json();
}

Declare Permissions

Define capabilities in a manifest: network allowlists, filesystem access, secrets.

manifest.yaml
# Permissions
storage:
allow:
    - uri: "fs:///tmp/cache"
      access: ["read", "write"]
network:
allow:
    - host: "api.weather.com"
environment:
  allow:
    - key: "API_KEY"

Review & Sign

Policy checks, team approvals, and cryptographic attestation for supply chain integrity.

Policy Check
Network allowlist verified
No filesystem escalation
Signed by security@acme.io
Ready to deploy

Run Anywhere

Deploy to secure runtimes. Connect to Slack, Teams, agents, and production workflows.

Deployed Endpoints
slack-botlive
teams-connectorlive
agent-runtimelive
3 instances • 99.9% uptime

Everything you need for governed tooling

Built for platform teams who need security without sacrificing developer experience.

Tool Registry & Versioning

Centralized registry with semantic versioning, rollback support, and dependency tracking.

Permission Manifest

Declare capabilities explicitly: network, filesystem, environment variables, secrets.

Policy Engine

Define allow/deny rules, egress allowlists, and custom policies per team or org.

Audit Logs

Complete trail of who ran what, when, with full input/output capture.

Attestation & Signing

Cryptographic signatures and SLSA attestation for supply chain integrity.

Runtime Sandboxing

WASM codebox with resource limits, isolated execution, and configurable constraints.

Secrets & Config

Secure secret injection, environment management, and config versioning.

CI/CD Integration

GitHub Actions, GitLab CI, and webhook support for automated workflows.

Observability

Metrics, traces, and structured logs with OpenTelemetry support.

Security & governance deep dive

Built from the ground up with security as a first-class concern, not an afterthought.

Least Privilege by Default

  • Tools start with zero permissions
  • Explicit capability declaration required
  • Runtime enforcement of declared limits
  • Network egress allowlists

Auditable Everything

  • Every execution logged with full context
  • Input/output capture for debugging
  • Tamper-evident audit trail
  • Export to SIEM and compliance tools

Enterprise Controls

  • SSO/SAML integration
  • Role-based access control
  • Org-wide policy enforcement
  • Compliance reporting (SOC 2, GDPR)

Security Architecture

DeveloperBuild WASMRegistryPolicy GateRuntimeAudit/Logs

Developer experience first

A CLI and SDK that feels familiar, with security that stays out of your way.

# Initialize a new tool
$ mcpfuse init my-slack-bot
✓ Created manifest.toml
✓ Created src/main.rs

# Build to WebAssembly
$ mcpfuse build --target wasm32
✓ Compiled to WebAssembly (124KB)
✓ Generated permissions hash

# Validate against policies
$ mcpfuse policy validate
✓ Network allowlist: hooks.slack.com
✓ No filesystem write access
✓ Secrets: SLACK_WEBHOOK_URL

# Publish with signing
$ mcpfuse publish --sign
✓ Signed with attestation
✓ Published to registry v1.0.3

# Run with enforced policy
$ mcpfuse run my-slack-bot@1.0.3
✓ Policy enforced
✓ Execution logged

Integrations

Plug into your existing SDLC and observability stack.

Slack
Microsoft Teams
GitHub
GitLab
Kubernetes
OpenTelemetry

Simple, transparent pricing

Start free, scale as your team grows.

Free

$0

For individual developers and experimentation.

  • Local development & testing
  • Up to 5 tools in registry
  • Community support
  • Basic audit logs (7 days)
  • Single user
Most popular

Team

$49/user/month

For teams building governed internal tools.

  • Unlimited tools in registry
  • Team collaboration & reviews
  • Custom policies per team
  • Full audit logs (90 days)
  • Slack & Teams integration
  • Priority support

Enterprise

Custom

For organizations with advanced security needs.

  • Everything in Team
  • SSO/SAML authentication
  • Advanced policy engine
  • Unlimited audit retention
  • Dedicated support & SLA
  • On-premise deployment option

Frequently asked questions

Everything you need to know about mcpfuse.

Ship tools your security team will approve.

Join hundreds of platform teams building governed, auditable tooling with mcpfuse.