mesh

<img alt="deco CMS" src="https://github.com/user-attachments/assets/d3e36c98-4609-46d3-b39f-7ee1c6d77432" /> <h1 align="center">DecoCMS: The Context Management System</h1> <p align="center"> <em>MCP-native · TypeScript-first · Deploy anywhere</em><br/><br/> <b>Declare and Compose MCPs for your AI Agents and Workflows.</b><br/> </p> <p align="center"> <a href="https://docs.deco.page">📘 Docs</a> · <a href="https://decocms.com/discord">💬 Discord</a> · <a href="https://decocms.com">🌐 decocms.com</a> </p> > **TL;DR:** > - Centralize your company context in a private MCP mesh.<br /> > - Generate full-stack TypeScript AI Apps and publish them as internal MCPs.<br /> > - Have full control over usage, costs, monitoring and sharing. <br/> ## 🚀 What is a Context Management System? **DecoCMS** is an open‑source Context Management System — the **MCP Mesh** for AI. It centralizes MCP connections, tools, data access, and policies to aggregate organization‑wide context in one secure place. Compose and expose virtual MCPs ("AI Apps") for any client (Claude Desktop, VS Code, custom UIs) with governance, observability, and cost control. > Think **Lovable + n8n + LangGraph**, running on your AWS/GCP with a single deploy command. > Full-stack AI, production-ready. --- ## ✨ Why DecoCMS? AI teams are stuck between low-code prototypes and enterprise production chaos. Backends live in n8n or LangGraph. Frontends in Lovable or React. Deployments are separate. Auth is inconsistent. Costs spiral. Debugging is guesswork. **DecoCMS fixes that:** - 🧠 **MCP-native** — Compose Model Context Protocol servers with built-in policy, auth, and observability. - ⚙️ **Full-stack in TypeScript** — Agents, workflows, and UIs share the same repo and types. - 🌍 **Deploy anywhere** — Cloudflare Workers, AWS, or local Bun/Deno runtimes. - 🔐 **Governance built-in** — RBAC, audit trails, and spend caps from day one. - 🔭 **Unified observability** — Trace UI clicks → agent calls → model responses. - 🧩 **Open & modular** — Install integrations, MCP tools, or full-stack modules from the Deco marketplace. --- ## 🧭 Architecture at a Glance - MCP Mesh (kernel): - Compose and secure MCPs across your org; - Connect and proxy external MCPs with secure tokens; - Expose governed Virtual MCPs ("AI Apps") to any MCP client; - Enforce auth/RBAC/audit/FinOps; - Get full observability. - AI App Framework (Virtual MCPs in the Mesh): - Build AI‑native web software (admin, workflows, custom views) that calls Tools; - Fullstack, From database to UI with React 19 + Tailwind v4; - Generative Admin interface: _decopilot_ helps you write the PRD and implement. --- ## 🕸️ The MCP Mesh The **MCP Mesh** is the backbone of Deco — a distributed runtime that manages context, connections, and observability for every agent in your system. > Declare and compose context — aggregate connections, authorize access, and compose tools into governed, reusable capabilities. **Core capabilities** | Layer | Description | |-------|--------------| | 🧩 **MeshContext** | Unified runtime interface providing auth, storage, observability, and policy control. | | ⚙️ **defineTool()** | Declarative API for typed, auditable, observable MCP tools. | | 🧱 **AccessControl** | Fine-grained RBAC via Better Auth — OAuth 2.1 + API keys per workspace/project. | | 📊 **OpenTelemetry** | Full tracing and metrics for tools, workflows, and UI interactions. | | 💾 **Storage Adapters** | Kysely ORM → SQLite / Postgres, easily swapped. | | ☁️ **Proxy Layer** | Secure bridge to remote MCP servers with token vault + OAuth. | | 🧰 **Virtual MCPs** | Compose and expose governed toolsets as new MCP servers ("AI Apps"). | _On the hosted platform, usage is metered by MCP calls._ ```ts import { z } from "zod"; import { defineTool } from "~/core/define-tool"; export const CONNECTION_CREATE = defineTool({ name: "CONNECTION_CREATE", description: "Create a new MCP connection", inputSchema: z.object({ name: z.string(), connection: z.object({ type: z.enum(["HTTP", "SSE", "WebSocket"]), url: z.string().url(), token: z.string().optional(), }), }), outputSchema: z.object({ id: z.string(), scope: z.enum(["workspace", "project"]), }), handler: async (input, ctx) => { await ctx.access.check(); const conn = await ctx.storage.connections.create({ projectId: ctx.project?.id ?? null, ...input, createdById: ctx.auth.user!.id, }); return { id: conn.id, scope: conn.projectId ? "project" : "workspace" }; }, }); ```` ✅ **Type-safe**<br/> ✅ **Audited**<br/> ✅ **Observable**<br/> ✅ **Callable via MCP**<br/> --- ## 🧱 Core Architecture *(Mesh)* ``` apps/mesh/ ├── api/ # Hono HTTP + MCP proxy ├── core/ # MeshContext, AccessControl, defineTool ├── tools/ # Built-in MCP management tools ├── storage/ # Kysely DB adapters ├── auth/ # Better Auth