Open source · Go · MIT license

Your infrastructure, as MCP tools.

meshcp turns your remote machines into Claude tools over mTLS gRPC.
Enroll any machine in two commands. No VPN config. No SSH keys in Claude.

Get started → Download skill

After enrolling your machines, Claude can:

# Run commands on any enrolled machine
exec(machine="web-server", command="docker", args=["ps", "-a"])

# Read / write files remotely
read_file(machine="ci-server", path="/etc/nginx/nginx.conf")

# Get system status at a glance
system_status(machine="laptop")

How it works

Two binaries. One CA. Zero manual certificate management.

hub machine

orchestrator

CA · registry · enrollment

MCP server

stdio / HTTP+SSE

mTLS gRPC
(mesh network)

laptop

agent

ci-server

agent

web-server

agent
🔐

mTLS everywhere

Every connection is mutually authenticated with certs signed by your own CA. Private key never leaves your server.

🎟️

One-time tokens

Enrollment tokens expire (default 1h) and are single-use. One command on a new machine, done.

Streaming output

Long-running commands stream stdout and stderr in real time over gRPC. Claude sees output as it arrives.

🔧

Capability config

Each agent declares what it allows in YAML. Restrict commands, paths, or file sizes per machine.

Quick start

Up and running in under five minutes.

1

Install the orchestrator

On your hub machine — the one Claude will connect to.

go install interrupt.fr/meshcp/cmd/meshcp-orchestrator@latest
meshcp-orchestrator serve --data-dir /var/lib/meshcp

Starts enrollment on :7443 and listens for MCP on stdio. CA is auto-generated.

2

Enroll a machine

Generate a one-time token, then run the printed command on the target.

# On the hub
meshcp-orchestrator --data-dir /var/lib/meshcp token create ci-server --ttl 1h

# On the target machine
meshcp-agent enroll \
  --orchestrator https://<HUB_IP>:7443 \
  --token <TOKEN>

meshcp-agent start
3

Connect Claude

Add to your Claude Code or Claude Desktop MCP config.

{
  "mcpServers": {
    "meshcp": {
      "command": "meshcp-orchestrator",
      "args": ["serve", "--data-dir", "/var/lib/meshcp"]
    }
  }
}

MCP tools

Six tools available the moment Claude connects.

list_machines

List enrolled machines, their addresses, capabilities, and last-seen timestamp.

exec

Run any shell command with streaming output, env vars, working directory, and timeout.

machine · command · args · env · cwd · timeout_seconds

read_file

Read any file on a remote machine. Binary files detected automatically.

machine · path

write_file

Write content to a file. Parent directories are created automatically.

machine · path · content · mode

list_files

List files and directories with optional recursive traversal.

machine · path · recursive

system_status

CPU, memory, disk, load average (1/5/15m), uptime, and top processes.

machine

Install & skill

Build from source or use the one-liner installer.

Build from source

git clone https://github.com/interrupt-engineering/meshcp
cd meshcp
make build
sudo make install

Cross-compile agent

# macOS Apple Silicon
make agent/darwin-arm64

# Linux x86-64
make agent/linux-amd64

# Raspberry Pi / ARM64
make agent/linux-arm64

Claude Code skill

Drop the meshcp skill into your project for context-aware help with enrollment, config, cross-compilation, and troubleshooting.

# Add to your project
mkdir -p .claude
curl -fsSL https://meshcp.interrupt.fr/meshcp.md \
  -o .claude/meshcp.md
Download meshcp.md

One-liner agent install

Downloads the binary, enrolls the machine, and installs a systemd service.

curl -fsSL https://meshcp.interrupt.fr/install.sh \
  | bash -s -- \
    --orchestrator https://<HUB>:7443 \
    --token <TOKEN>