claudeers.

🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?

Claim this page →
// MCP Servers

conduit

Local MCP gateway: manage all your MCP servers in one place, set up once and shared by every AI client (Claude, Cursor, VS Code, Codex). Lazy discovery colla…

// MCP Servers[ cli ][ api ][ desktop ][ web ][ claude ]#claude#ai#cursor#developer-tools#gateway#llm#mcp#model-context-protocol#mcp-serversMIT$open-sourceupdated 12 days ago
Actively maintained
100/100
last commit 4 days ago
last release 5 days ago
releases 38
open issues 8
// install
{
  "mcpServers": {
    "conduit": {
      "command": "npx",
      "args": ["-y", "https://github.com/tsouth89/conduit"]
    }
  }
}

Conduit

All your MCP servers in one place, with ~90% fewer tokens.

Conduit: every tool from all your servers, collapsed to the 3 your agent loads

Conduit demo: add a server, connect it to every AI tool, and the agent uses it

Conduit is a local MCP (Model Context Protocol) gateway. You set up and authenticate each server once, and every AI client (Claude, Cursor, Codex, and the rest) points at Conduit and shares them, so you stop configuring the same servers separately in each app.

It also fixes what those servers cost your agent. Every MCP server you connect dumps all of its tools into context on every single request, and it adds up fast: just 3 servers (62 tools) cost ~24,000 tokens of definitions before you've asked anything. Conduit advertises 3 meta-tools the agent searches on demand instead, so it pays ~660 tokens.

Measured on a frontier model: up to 91% fewer total tokens at the same task success (graded for correct answers, not just completion), plus 97% less tool-definition overhead on every request, rising to 99.6% on a real 415-tool catalog (see BENCHMARK.md). That holds whether you run one AI tool or five, on cloud models (where tokens are your bill) or local ones (where tool defs eat your context window).

Screenshots

ServersActivityPlayground
All serversActivity and metricsTool playground

Why

Every MCP server you connect dumps its full tool list into your agent's context, on every request, and most AI clients also want their own separate configuration. So you pay a token tax on every call and reconfigure the same servers per app. Conduit fixes both:

  • ~90% fewer tokens. In lazy-discovery mode the gateway advertises three meta-tools (conduit_status, conduit_search_tools, conduit_call_tool) instead of the full catalog. The agent searches and calls on demand, so context stays flat no matter how many servers you connect. In a measured benchmark, graded for correct answers, that's up to 91% fewer total tokens at the same task success, and 97% less tool-definition overhead per request (99.6% at a real 415-tool catalog) (BENCHMARK.md). Ask conduit_status and it reports what it has saved you so far, in tokens and dollars.
  • Set up once, use everywhere. Each client points at one Conduit gateway. Add a server and authenticate it a single time; it appears in every client.
  • Per-agent scoping. Give each client only the servers it should see. A coding agent literally cannot call a billing tool that is not in its profile.
  • Obvious auth. OAuth or API key, stored once in the OS keychain. Status is shown per server; a single click authenticates. Newly-authed servers propagate to connected clients without a restart.
  • A catalog to grow. Add popular servers from a curated list or search the official MCP Registry, then authenticate through the same flow.
  • Searches by intent, not just keywords. Lazy discovery's conduit_search_tools ranks by relevance so the agent finds the right tool across all your servers, and no tool is ever hidden: any server's full tool set is one call away. Optional semantic re-ranking (point it at a local or hosted embeddings endpoint) blends embedding similarity into the ranking so paraphrased needs ("charge a card") still surface the right tool; off by default, pure lexical otherwise.
  • No secrets in client configs. Clients only ever say "talk to Conduit." Keys live in the OS keychain and are injected at runtime.
  • Governance built in. Toggle any tool on or off, or flip one switch to hide every destructive tool from every client at once. Every tool call is recorded in an audit log, with per-server latency and error rates.
  • Tool-definition integrity (rug-pull + poisoning detection). Conduit fingerprints each tool when you connect a server, and flags it if the definition later changes or a known server quietly adds a tool, the signature of a "rug pull," where a tool you approved is silently swapped for a malicious one. It also scans each tool's description and schema for injection-like content (the "tool poisoning" / "line jumping" attack, where hidden instructions ride in a tool definition before any call). Both show up as security notices in Activity. Detection only (it never blocks), on by default, and entirely local. Because Conduit is on the path and already watches for tool changes, it's the natural place to catch this.
  • Content defense (anti-agentjacking). The flip side of the result path: when a tool returns untrusted content (a Sentry error, a web page, an issue body) that contains injection-like instructions, Conduit flags it and wraps it with a marker telling the agent it's external data, not instructions, the data/instruction separation that blunts indirect prompt injection. The original content is preserved, only flagged results are touched, and it never blocks the call. On by default. (A gateway can't see execution that happens through the client's own shell, so this is defense in depth, ingress hardening, not a silver bullet.)
  • Agent-controllable, on your terms. Turn on Allow agent control and an agent can enable or disable servers itself through the gateway (conduit_enable_server / conduit_disable_server), with the change reflected in the app live. Off by default, and the destructive-tool switch stays yours, so an agent can never escalate past your governance.
  • Full MCP, not just tools. Tools, resources, and prompts are all proxied.
  • Test before you wire it up. A built-in playground invokes any tool with a form generated from its schema, so you can confirm a server works without configuring a client first.
  • Diagnostics in one click. A "Copy diagnostics" button bundles your version, OS, a secrets-stripped server summary, and the recent gateway log, ready to paste into a bug report.

How it works

Conduit has two pieces:

  1. The desktop app (Tauri + React) where you manage servers, profiles, credentials, and which clients are connected.
  2. The gateway binary (conduit-gateway) that each AI client launches over stdio. It reads Conduit's registry, connects to the enabled downstream servers (stdio or remote HTTP/SSE), and routes tool calls to the right one. Tool names are namespaced per server (stripe__list_charges) so they never collide.
AI client (Cursor / Claude / Codex / Antigravity / ...)
        │  stdio MCP
        ▼
  conduit-gateway  ──reads──►  registry.json + OS keychain
        │  routes tools/calls
        ▼
  downstream MCP servers (Stripe, Supabase, GitHub, ...)

The registry is the shared source of truth; the gateway watches it and rebuilds live, so toggles and new credentials take effect without restarting the client. If a connected server changes its own tool set mid-session, Conduit picks that up and refreshes too.

Supported clients

Cursor, Claude Desktop, Claude Code, Codex, Google Antigravity, VS Code, Windsurf, Gemini CLI, Cline, Roo Code, Warp, Amazon Q, Kiro, Zed, LM Studio, Jan, Goose, and BoltAI. Conduit detects each one, installs the gateway with one click, and can import a client's existing servers.

Configuration

Lazy discovery and the destructive-tool policy are global settings, stored in the registry and toggled in the app, so they apply to every client (lazy discovery is on by default). Per-client behavior is set via env vars on the gateway entry, written for you when you connect a client:

  • CONDUIT_PROFILE=<name> - scope this client to one profile's servers. Unset = the active profile.
  • CONDUIT_DISCOVERY=lazy|full - optional per-client override of the global lazy setting. Rarely needed; the gateway reads the registry default otherwise.
  • CONDUIT_REGISTRY=<path> - override the registry file location. Defaults to a stable per-user path so packaged and unpackaged clients agree.

Multiple accounts for the same service. Credentials belong to a server, not a profile. To use, say, a work and a personal GitHub, add GitHub twice as two servers ("GitHub (work)", "GitHub (personal)"), authenticate each with its own account, and enable one in each profile. A client scoped to the work profile (CONDUIT_PROFILE) then only ever sees the work account. Tool names are namespaced per server, so the two never collide even in the same profile.

Install

Prebuilt installers are published on the Releases page. Conduit runs on Windows and macOS (the macOS build is signed and notarized), with Linux in beta. On Linux, prefer the .deb (it links your system's WebKitGTK and is the most reliable package); the AppImage is a portable, no-root fallback but can clash with very new or virtualized graphics stacks (see Troubleshooting). To run from source, see Development below.

Both the Windows and macOS installers are code-signed (macOS is also notarized), so they install without a SmartScreen or Gatekeeper warning. Windows SmartScreen reputation still accrues with downloads, but the "unknown publisher" block is gone. The Linux packages are unsigned, as is typical. See docs/SIGNING.md for details.

Updating and uninstalling on Linux. There is no graphical uninstaller, use the terminal. The package name is conduit.

# Update to a newer version: just install the new .deb, it upgrades in place.
sudo apt install ./Conduit_0.3.10_amd64.deb

# Uninstall (keeps your config + saved secrets).
sudo apt remove conduit

# Uninstall and wipe app config too (secrets in the keyring stay).
sudo apt purge conduit

If you used the AppImage, there's nothing to uninstall, just delete the .AppImage file. (On Windows use Add or Remove Programs; on macOS drag Conduit.app to the Trash.)

Development

Requires Node and the Rust toolchain.

npm install
npm run tauri dev      # run the desktop app

Other useful commands:

cargo test --manifest-path src-tauri/Cargo.toml   # Rust unit tests (lib + gateway)

# Build the gateway binary. Required when running from source: AI clients spawn
# this binary directly, so without it a connected client reports "not found".
# (Packaged releases bundle it, so installed users never need this.)
npm run build:gateway

# Build a Windows installer (NSIS) with the gateway bundled.
npm run tauri:bundle

The frontend is typechecked with npx tsc --noEmit.

Troubleshooting

  • OAuth opens a blank page (macOS). The OAuth flow redirects back to a local http://127.0.0.1 callback. Safari can silently block that redirect, so the sign-in page renders blank. Set Chrome or Brave as your default browser (or paste an access token instead). Complete one attempt at a time, an abandoned attempt keeps the callback port reserved for a few minutes and can cause a "state mismatch" on the next try.
  • A client reports the gateway "was not found" (running from source). Build the gateway binary once: cd src-tauri && cargo build --bin conduit-gateway. npm run tauri dev builds the app but not this separate binary; packaged releases bundle it, so installed users never hit this.
  • Repeated macOS keychain prompts / "could not read secret from the keychain" in dev. An unsigned dev build gets an unstable code-signing identity, so the keychain re-prompts or denies reads. A signed release fixes this; it is a dev-only artifact.
  • "could not read/store secret" on Linux. Secret storage uses the freedesktop Secret Service (libsecret), provided by GNOME Keyring, KWallet, or similar. A headless box or a session without a running keyring daemon has nowhere to store secrets. Run Conduit in a desktop session, or install and unlock a keyring (e.g. gnome-keyring).
  • macOS keychain prompt the first time the gateway runs. When a client spawns the gateway and it reads a saved key, macOS asks for keychain access ("Conduit wants to use ..."). Click Always Allow once and it won't ask again. (The app and the gateway are separate signed binaries today; a future release will share keychain access so this prompt goes away.)
  • VS Code: the conduit server doesn't start automatically. VS Code may require you to click Start Server on the conduit MCP entry the first time, that's VS Code's own MCP handling, not Conduit. After that it reconnects on its own.
  • Linux: the AppImage won't launch / no window (EGL_BAD_PARAMETER). The AppImage bundles its own libraries, which can clash with a very new or virtualized graphics stack (e.g. VMware's vmwgfx driver, where the default EGL display fails). Use the .deb instead, it links your system's WebKitGTK and is the more reliable Linux package. If you must use the AppImage, try EGL_PLATFORM=surfaceless ./Conduit_*.AppImage, or in a VM enable 3D acceleration. (This is a packaging/GPU issue, not a Conduit bug; the .deb works where the AppImage doesn't.)

Status

Conduit is in active development. Working end to end: the gateway, lazy discovery, per-agent scoping, OAuth/key auth with live propagation, the catalog, client import/migrate, per-tool and destructive-tool governance, an audit log with latency/error stats, resources + prompts proxying, and a tool playground. See docs/ROADMAP.md for what is done and planned.

Known issues

  • Linux only, glib VariantStrIter soundness (RUSTSEC-2024-0429). Tauri's Linux webview stack pulls in glib 0.18 transitively (wry → webkit2gtk → gtk 0.18 → glib 0.18). The fix only exists in glib 0.20+, and the gtk-0.18 binding line, which is what Tauri 2 uses on Linux, hard-pins glib = "^0.18", so the patched release cannot be selected without moving the whole webview stack. The bug is a soundness/null-deref crash (not remote code execution), is confined to the webview binding layer (Conduit never calls VariantStrIter), and does not affect the Windows or macOS builds. We are tracking the upstream move to a glib-0.20 stack and will apply a [patch.crates-io] backport if Linux crashes surface before then.

License

MIT. The gateway and local manager are free and open source under an open-core model; planned team/enterprise features (shared/hosted gateway, RBAC/SSO, policy, audit export, secret-vault integrations) are a separate paid layer.

// compatibility

Platformscli, api, desktop, web
Operating systems
AI compatibilityclaude
LicenseMIT
Pricingopen-source
LanguageRust

// faq

What is conduit?

Local MCP gateway: manage all your MCP servers in one place, set up once and shared by every AI client (Claude, Cursor, VS Code, Codex). Lazy discovery collapses them to 3 meta-tools the agent searches on demand, for ~90% fewer tokens. Keys in your OS keychain, no cloud.. It is open-source on GitHub.

Is conduit free to use?

conduit is open-source under the MIT license, so it is free to use.

What category does conduit belong to?

conduit is listed under mcp-servers in the Claudeers registry of Claude-compatible tools.

0 views
63 stars
unclaimed
updated 12 days ago

// embed badge

conduit on Claudeers
[![Claudeers](https://claudeers.com/api/badge/conduit.svg)](https://claudeers.com/conduit)

// retro hit counter

conduit hit counter
[![Hits](https://claudeers.com/api/counter/conduit.svg)](https://claudeers.com/conduit)

// reviews

// guestbook

0/500

// related in MCP Servers

🔓

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete…

// mcp-serversf/HTML164,687NOASSERTION[ claude ]
🔓

A cross-platform desktop All-in-One assistant for Claude Code, Codex, OpenCode, OpenClaw, Gemini CLI & Hermes Agent. Only official website: ccswitch.io

// mcp-serversfarion1231/Rust112,854MIT[ claude ]
🔓

An open-source AI agent that brings the power of Gemini directly into your terminal.

// mcp-serversgoogle-gemini/TypeScript105,729Apache-2.0[ claude ]
🔓

A collection of MCP servers.

// mcp-serverspunkpeye/90,251MIT[ claude ]
→ see how conduit connects across the ecosystem