惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
O
OpenAI News
Engineering at Meta
Engineering at Meta
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
月光博客
月光博客
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
WordPress大学
WordPress大学
宝玉的分享
宝玉的分享
GbyAI
GbyAI
T
The Blog of Author Tim Ferriss
Google DeepMind News
Google DeepMind News
B
Blog RSS Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
云风的 BLOG
云风的 BLOG
罗磊的独立博客
S
SegmentFault 最新的问题
The Register - Security
The Register - Security
Hugging Face - Blog
Hugging Face - Blog
D
DataBreaches.Net
U
Unit 42
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog
阮一峰的网络日志
阮一峰的网络日志
P
Proofpoint News Feed
雷峰网
雷峰网
V
Visual Studio Blog
小众软件
小众软件
aimingoo的专栏
aimingoo的专栏
N
Netflix TechBlog - Medium
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Y
Y Combinator Blog
博客园 - 【当耐特】
G
Google Developers Blog
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
I
InfoQ
Martin Fowler
Martin Fowler
F
Fortinet All Blogs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
The Cloudflare Blog
AI
AI
Google Online Security Blog
Google Online Security Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
博客园 - Franky
Blog — PlanetScale
Blog — PlanetScale
Webroot Blog
Webroot Blog
PCI Perspectives
PCI Perspectives
爱范儿
爱范儿
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org

Flavio Copes

Workers Cache: a cache in front of your Cloudflare Worker Cloudflare Drop: drag a folder, get a live site Temporary Cloudflare accounts: agents can now deploy without signing up Moondream 3.1 on Workers AI: fast vision at the edge inferencecost.dev: what will AI inference cost you at 10k users? Sitebase: all the features your website needs, in one place StackPlan: figure out where to deploy your app, and what it How the Cloudflare Pages build cache works The Summer of Code How I generate an Open Graph image for every post New: 90 free tools for developers How I added search to my static site with Pagefind How to rebuild a Cloudflare site on a schedule Cloudflare Email Workers: run code when an email arrives Cloudflare Turnstile: stop bots without annoying CAPTCHAs Cloudflare Workers: secrets and environments Cloudflare Workers observability: logs and traces Cloudflare Analytics Engine: store and query metrics The AI Workshop (July 2026 cohort) Cloudflare Cron Triggers: run a Worker on a schedule Cloudflare Durable Objects: state that lives in one place Cloudflare Queues: run work in the background Cloudflare R2: object storage without egress fees Cloudflare KV: a key-value store for your Workers Cloudflare D1: a SQL database for your Workers Serving a website with Cloudflare Workers static assets Wrangler: the Cloudflare Workers command line tool Cloudflare Workers: your first serverless function Vercel eve: an open framework for building AI agents Flue: the open framework for building AI agents Val Town: write and deploy code in seconds A hands-on guide to The Agency, a collection of AI agents The AI Workshop (June 2026 cohort) The AI Workshop (May 2026 cohort) The AI Workshop (Apr 2026 cohort)
Executor: one gateway to connect your AI agent to every tool
Flavio Copes · 2026-06-20 · via Flavio Copes

By Flavio Copes

A look at Executor, an open-source, local-first layer that gives your AI agents one shared catalog of tools, with shared auth and built-in safety rules.

~~~

If you use AI coding agents, you’ve felt this. Every agent wants its own tool setup.

You add an MCP server to Cursor. Then you add it again to Claude Code. You paste a huge tool definition into a chat and watch it eat your context. Or you give the agent broad shell access and hope for the best.

Executor is a fix for all of that. It’s one place where you connect your tools, and then every agent can use them. It’s open source, built by Rhys Sullivan.

The problem it solves

Agents are only as useful as the things they can reach: your GitHub, your database, your Linear, your internal APIs.

Connecting them today is messy. Each agent has its own config. Each tool is wired up separately. Big tool catalogs waste tokens because every definition rides along in the prompt. (I built a free context window fit tool that shows how much of a model’s context your prompt stack eats up.) And handing an agent free rein over your systems is, in Executor’s own words, scary.

Executor turns this into one shared layer that sits between your agents and your tools.

What Executor is

Think of Executor as a single catalog of everything your agents can do. You add your tools once, and every agent points at the same catalog, with the same logins and the same safety rules.

The clever part is how it treats those tools. You can add an MCP server, an OpenAPI REST API, or a GraphQL endpoint. Under the hood, Executor turns all of them into the same shape: a tool name, an input schema, and an output schema.

Once everything looks the same, your agent doesn’t need to care where a tool came from. A GitHub API, a Linear MCP server, your own GraphQL backend, they’re all just tools it can call.

How it works

The flow is short:

  1. You run Executor locally. It starts a small daemon with a web UI.
  2. You add a source: paste a URL for an MCP server, an OpenAPI doc, or a GraphQL endpoint.
  3. Executor detects the type, indexes all the tools inside it, and handles the auth.
  4. Your agent calls those tools through Executor.
  5. If a tool needs a login or some input, execution pauses, opens a local prompt, and then resumes.

Start it with the CLI:

npx executor web

That gives you a local web UI at http://127.0.0.1:4788. Open it, click “Add Source,” paste a URL, and your tools are in.

Here’s the idea I like most.

Instead of stuffing every tool definition into the prompt, the agent writes a little TypeScript that calls only the tools it needs. Executor exposes everything as a typed tools.* runtime, so a task looks like code:

const issues = await tools.linear.listIssues({ assignee: 'me' })
const open = issues.filter((i) => i.state === 'open')

The agent discovers what’s available, pulls in just those tools, and runs real code against them. No giant manifest riding along in context, no guessing at raw HTTP calls.

It can also search the catalog by intent, so it finds the right tool instead of carrying all of them:

executor tools search "create a GitHub issue"

It knows what’s safe and what’s not

This is the part that makes letting an agent loose less scary.

When Executor imports a source, it keeps the meaning of each action. A GET in an OpenAPI doc is a read. A DELETE is destructive. MCP tools carry a destructiveHint. GraphQL mutations change things.

So Executor can tell the agent what it’s allowed to run on its own and what should stop and ask you. You set a policy like “auto-approve reads, pause on writes,” and the agent works autonomously on the safe stuff while pulling you back in for anything risky.

It treats agent tool use as a permission problem, which is exactly the right way to think about it.

Secrets stay yours

Tool calls run in a JavaScript sandbox. The agent can use your secrets to make a call, but the secrets themselves stay local, in your system keychain. They don’t get pasted into prompts or shipped off somewhere.

That local-first stance runs through the whole thing. In the desktop app, your sources, secrets, and sessions all stay on your machine.

Built for a team

Once a tool is set up, it doesn’t have to be set up again by everyone else.

Executor supports shared credentials and per-user ones, so you configure your company’s sources once and the whole team’s agents can reach them. No onboarding ritual, no toggling MCP servers on and off mid-task.

Two ways to run it

  • Local. A native app for Mac, Windows, and Linux, or the executor CLI. Everything stays on your machine. MIT licensed.
  • Cloud. A hosted version with auth, sync, policies, and your team online in a few minutes. There’s a free tier.

Either way it’s open source, built on an SDK they publish to npm. And because it speaks MCP, you point any MCP-compatible agent at it, Cursor, Claude Code, Codex, and they all share the same catalog.

My take

I’ve been writing about a lot of agent frameworks lately. Executor is solving a different, and honestly underrated, piece of the puzzle.

Frameworks help you build an agent. Executor is about connecting the agents you already use to the tools you already have, safely, in one place, without redoing it for every tool and every agent.

The reads-versus-writes safety model is the detail that stands out. It’s the difference between an agent you babysit and one you can actually let work.

You can try it at executor.sh, and the code is on GitHub.

~~~

Related posts about ai: