tsk initial public release
tsk is a local MCP server that sits between your AI agent and external APIs. Your credentials stay on your machine and never reach the agent. Every tool call is gated by explicit rules you define, rate-limited, and logged to a local SQLite database.
The standard local agent setup gives the model direct access to every key in your .env file. A hallucination or prompt injection can issue real API calls. Refunds, deletions, writes with no interception layer and no record of what happened. tsk replaces that with an explicit allow-list: the agent can only call what you've defined in ~/.tsk/rules.yaml.
Everything else is blocked.
This first release ships with:
- Credential isolation — secrets live in ~/.tsk/.secrets and are injected at call time; the agent never sees them
- Tool allowlisting — you define exactly which endpoints, methods, and parameters the agent can use
- Response scrubbing — card numbers, IBANs, email addresses, and custom patterns are redacted before the response reaches the model's context window
- Per-tool rate limits — sliding-window call caps enforced at the proxy layer
- Local activity log — every request written to ~/.tsk/activity.db, queryable with tsk logs or raw SQL
Works with any MCP-compatible agent. Claude Code and Claude Desktop configs are in the README.
curl -fsSL https://tesserak.dev/install.sh | sh
tsk init
tsk runBinaries for Linux and macOS (amd64/arm64) are attached. Each artifact includes a SHA-256 checksum and an SBOM. Build provenance attestations are verifiable via gh attestation verify.