Platform Features

With security infrastructure in place, we built out the platform features that make Toolcog usable for teams and complex use cases.

Organizations

Create organizations for team collaboration. Two-tier roles: Owner (full permissions, can manage members) and Member (read/write on Hub resources). Last-owner protection prevents demoting or removing the final org owner.

Unified Entities

Users and Organizations unified as “Owners” with shared URL patterns. APIs and Catalogs unified as “Bridges” with polymorphic behavior. The difference: APIs get operations from uploaded specs; Catalogs get operations from source references. This unification enables consistent tooling across resource types.

Resource Variants

Parallel distribution paths—more general than version numbers. URL encoding: /{owner}/{name} for main variant, /{owner}/{name}@{variant} for others. Use cases: dev/staging/production, beta channels, version variants, per-customer configurations.

Membership Invites

Invite members by email with 7-day expiration. Idempotent creation. The invite itself is authorization—no separate permission check needed.

Source Filters

Include operations from APIs or catalogs with glob-like pattern filters: service, operation, endpoint (METHOD /path), tag. Multiple sources union together. Within each source, filters AND together. Enables nested composition.

Override System

Apply transformations during operation materialization. Hierarchical matching: global → service-wide → operation-specific. Auth overrides inject credentials with strategy control and conflict resolution. Content overrides modify descriptions, servers, parameters. Overrides persist separately from specs and survive re-uploads.

Variables

Define named variables that clients pass at connection time. Hierarchical scoping. Map variable values to operation parameters. Same catalog serves different clients with different configurations.

SSE Streaming

Per-request Server-Sent Events when client accepts text/event-stream. Per-request (not session-global) to allow Durable Object hibernation.

Progress Notifications

Progress at four stages: loading operation spec, resolving credentials, executing API call, processing response. Token-driven: only sent when client provides progressToken.

Consent Elicitation

When an operation declares consequences, the system pauses and prompts the user. Five risk categories: destructive, financial, communication, access, configuration. High-risk operations omit the “always” option.

Authorization Elicitation

On 401/403 response, prompts user to authorize if streaming and client supports elicitation. Dynamic scope extraction from response headers. Retry capability: user authorizes and immediately retries.

Bridge Scoping

Three addressing patterns for MCP sessions: / for defaults, /:ownerHandle for owner with default bridge, /:ownerHandle/:bridgeHandle for explicit scoping.