One connection.
Every tool.
Give your AI agent 20+ tools the moment you connect — files, shell, git, and more with zero config. Add credentials to unlock 100+ total tools across cloud, databases, and APIs.
{
"mcpServers": {
"conductor": {
"command": "conductor",
"args": ["mcp", "start"]
}
}
}Works with every major AI coding client
Live demo
Your AI, fully equipped.
Conductor sits between your AI client and the real world. Every tool call is validated, logged, and — for destructive ops — gated behind user approval before execution.
- Read and write any file on disk
- Run shell commands with an allowlist you control
- Git: status, diff, commit, push — all of it
- Query any database, inspect schemas
- Fetch URLs, parse HTML, handle webhooks
Features
Everything in one place
255 Tools
15 tools work instantly with zero config. File system, shell, git, and more. Add credentials to unlock databases, APIs, webhooks, and cloud services.
npm install -g @useconductor/conductorSecurity built in
AES-256-GCM encryption, approval gates, circuit breakers, and tamper-evident audit logging — not bolted on.
Zero plaintext secrets. Ever.One server, all tools
Add one config block to your AI client. That's it. No per-tool servers, no per-tool configs.
Works with any MCP clientZero config
Install, add the config block, and go. Sensible defaults for everything. Deep config when you need it.
conductor config setupWebhooks
External systems can trigger Conductor via HTTP. Outgoing events push to any endpoint with retry and HMAC signing.
7 event types · exponential backoffFull observability
Prometheus metrics, health checks, and SHA-256 chained audit logs. Every tool call recorded permanently.
GET /metrics · GET /auditSecurity
Defense-in-depth,
not an afterthought.
Secrets never touch config files. Destructive ops require explicit approval. Every action is logged immutably. No single failure compromises the system.
AES-256-GCM encryption
Secrets are encrypted before storage using AES-256-GCM. Stored in an encrypted local credential store — never in config files.
Approval gates
Destructive tools (shell.exec, filesystem.delete) require explicit user confirmation before execution. Configurable per-tool.
Tamper-evident audit log
SHA-256 chained log at ~/.conductor/audit.log. Every modification breaks the chain — run 'conductor audit verify' to detect tampering.
Circuit breakers
Each tool has an independent circuit breaker. After 5 failures the circuit opens — requests fail fast, no cascading errors.
Command allowlisting
The shell plugin enforces a strict allowlist. No wildcards. No eval(). Only explicitly permitted commands can run.
Rate limiting
All HTTP endpoints are rate-limited. Webhook and tool endpoints have independent limits, configurable per deployment.
Plugins
15 instantly,
269 total.
Every plugin is sandboxed and auditable. Drop .js files into ~/.conductor/plugins/ to add your own.
File System
Read, write, search files
Shell
Execute with approval gates
Git
Full git operations
Web Fetch
Fetch and parse content
Database
SQLite & Postgres
Calculator
Math expression evaluator
Notes
Markdown notes
Weather
Current conditions
Keychain
OS credential store
Webhooks
In/out event handlers
Cron
Scheduled tasks
Docker
Container CLI
GitHub
PRs, issues, repos
Slack
Messages and channels
Gmail
Read and send email
AWS
EC2, S3, Lambda
GCP
Compute, Storage, Functions
How it works
One server. Every client. Every tool.
Your AI client
Tools
Get started
The last tool setup
you'll ever do.
One command. One config block. Your AI agent gets 20+ tools instantly — files, shell, git, and more. Configure credentials to unlock 100+ total.
npm install -g @useconductor/conductorOpen source · Apache-2.0 License · No vendor lock-in