MCP Server

Offline

ToolPiper is an MCP server — 300+ tools and 5 resources that give AI coding assistants access to local inference, speech, vision, OCR, NLP, RAG, image/video processing, AX-powered browser automation, web scraping, PiperTest execution, programmatic video creation, outreach, macOS system actions, and OAuth. No cloud, no API keys.

Install

One command. ToolPiper handles the rest — all 300+ tools are available immediately, and PiperMatch picks the relevant subset per chat turn so you don't burn context window on tool definitions you won't use.

Claude CodeHTTP transport

claude mcp add --transport http toolpiper http://127.0.0.1:9998/mcp

First-call consent

Apple-signed clients (Claude Code, Cursor, Claude Desktop) auto-trust on first call. Other clients see a consent sheet in ToolPiper.

No CLI middleman

Tools dispatch over HTTP to 127.0.0.1:9998. No ~/.toolpiper/mcp stdio binary in your path.

Per-tool permissions

Allow / Ask / Deny per tool lives in ToolPiper → Settings → Tool Permissions. Per-app gating in Connected Apps.

Other Clients

ToolPiper speaks MCP over Streamable HTTP. Any client that supports HTTP transport can connect to http://127.0.0.1:9998/mcp.

Cursor / Windsurf / Gemini Code

Add to .mcp.json in your project root:

{
  "mcpServers": {
    "toolpiper": {
      "type": "http",
      "url": "http://127.0.0.1:9998/mcp"
    }
  }
}

CI / scripted use

For headless contexts that can't show a consent sheet, pre-issue a bearer token. Read it from ~/Library/Application Support/ToolPiper/.toolpiper-token and pass it as a bearer:

export TOOLPIPER_BEARER=$(cat ~/Library/Application\ Support/ToolPiper/.toolpiper-token)

curl -H "Authorization: Bearer $TOOLPIPER_BEARER" \
     -H "Content-Type: application/json" \
     -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' \
     http://127.0.0.1:9998/mcp

Tools 300+

Tool names are unprefixed — the MCP server namespace (toolpiper) provides branding and collision avoidance. Every tool includes annotations (readOnlyHint, openWorldHint).

Core AI

chatread-onlyRun a prompt through a local LLM (llama.cpp or Apple Intelligence)

audio_transcriberead-onlyTranscribe audio to text (FluidAudio or MLX Audio)

audio_speakConvert text to speech and save as WAV

audio_voice_cloneGenerate speech using a cloned voice from a reference audio sample

text_embedread-onlyGenerate vector embeddings (local model or Apple NL, 512-dim)

vision_ocrread-onlyExtract text from images and PDFs (Apple Vision, 18+ languages)

text_translateread-onlyTranslate text (Apple Translate or a local LLM)

vision_camera_captureCapture a single still PNG from the Mac webcam (base64)

model_listread-onlyList available models with status, RAM cost, and categories

model_loadLoad a model into memory (auto-downloads if needed)

model_unloadUnload a model from memory to free RAM/VRAM

model_searchread-onlySearch HuggingFace for GGUF/MLX models matching a query

model_repo_inforead-onlyInspect a HuggingFace repo — files, sizes, README, license

model_downloadDownload a GGUF/MLX model from HuggingFace

model_download_listread-onlyList active and recent model downloads

model_download_cancelCancel an in-flight model download

endpoint_listread-onlyList configured inference endpoints (local + cloud)

endpoint_setSet the active inference endpoint

endpoint_statusread-onlyCheck health, latency, and load on an endpoint

endpoint_recommendread-onlyPick the best endpoint for a task given current state

voice_chat_settings_getread-onlyRead push-to-talk voice chat configuration

voice_chat_settings_setConfigure voice chat STT/TTS backends and behavior

voice_chat_session_resetReset the voice chat session and clear short-term context

voice_chat_memory_addAdd a long-lived memory to the voice chat context

voice_chat_memory_clearClear voice chat memories

claude_code_installInstall the claude-tp helper that points Claude Code at ToolPiper

claude_code_uninstallRemove the claude-tp helper installation

claude_code_statusread-onlyCheck claude-tp install status and active configuration

system_statusread-onlyServer health — backends, loaded models, GPU, RAM, license tier

system_resourcesread-onlyLive CPU/RAM/GPU snapshot used by the resource intelligence layer

Analysis & RAG

Filesystem & Git

workspace_searchread-onlySearch pinned workspace files via Spotlight metadata

file_pick_directoryread-onlyShow a native folder picker and return the selected path

file_list_directoryread-onlyList directory contents with size, type, and modified date

file_readread-onlyRead a file as UTF-8 text

file_writeWrite content to a file (overwrites if it exists)

file_createCreate a new file — fails if it already exists

file_deleteDelete a file (moves to Trash for safety)

code_searchread-onlyripgrep-style code search across a directory tree

archive_createCreate a tar/zip archive from a directory

archive_extractExtract a tar/zip archive to a directory

archive_listread-onlyList the contents of an archive without extracting

system_run_commandread-onlyRun a read-only shell command (allowlist-gated)

git_statusread-onlygit status — clean/dirty, staged, untracked

git_diffread-onlygit diff — staged or unstaged changes

git_logread-onlygit log — recent commit history

git_commitCreate a git commit with the given message

git_checkoutCheck out a branch, tag, or commit

git_pushPush commits to a remote

Capture

Browser & Web

Custom Chrome DevTools Protocol engine. Playwright MCP and chrome-devtools MCP weren't cutting it.

AX-native selectorsrole:button:Sign In, role:form:Login > role:button:Submit

Self-healingFuzzy AX match in ~5-15ms — no AI round-trip, no flaky CSS selectors

Mutation diffingEvery action returns what changed on the page — ~5 lines, not ~200

No dependenciesDirect CDP over WebSocket — no Playwright, no Puppeteer, no Node.js

Unique toolsWebAuthn virtual authenticator, Chrome native autofill, network interception with rule management

browser_snapshotread-onlyAX-tree snapshot of the current page — auto-connects, optional screenshot

browser_actionClick, fill, navigate, press, drag, upload — AX selectors with self-healing

browser_assertread-onlyAssert visible/hidden/text/url/count/attribute/console with polling

browser_consoleread-onlyConsole messages + optional network request logs for debugging

browser_recordRecord interactions with AX-enriched selectors and hierarchical scoping

browser_statusread-onlyConnection lifecycle — status, version, attached page

browser_page_listread-onlyList open tabs with title, URL, and ID

browser_page_selectSwitch the active tab

browser_page_closeClose a tab

browser_page_newOpen a new tab with an optional URL

browser_disconnectDisconnect from the Chrome CDP session

browser_viewport_resizeResize the active viewport

browser_dialog_handleAccept or dismiss JS dialogs (alert/confirm/prompt)

browser_launchLaunch a fresh Chrome instance with the CDP debugger attached

browser_evalExecute JavaScript in the page and return the serialized result

browser_networkNetwork traffic inspection — list, get body, filter by URL/status

browser_storageRead/write cookies, localStorage, and sessionStorage

browser_performanceWeb Vitals tracing — LCP, FCP, CLS, TBT, JS heap, layout counts

browser_coverageJS and CSS code coverage measurement

browser_interceptMock or intercept network requests — stub APIs, simulate errors

browser_webauthnVirtual authenticator for passkey/WebAuthn testing

browser_autofillTrigger Chrome native autofill on credit card and address fields

browser_detectread-onlyDetect frontend framework, meta-framework, CMS, and state libraries

web_api_discoverread-onlyDiscover JSON APIs by watching a page’s network traffic

http_requestGeneral HTTP request with full header and body control

http_request_replayReplay a captured HTTP request from browser_network output

web_scraperead-onlyCDP scraping with 7 output formats (markdown, AX tree, links, screenshot, etc.)

youtube_transcriptread-onlyFetch transcript captions from a YouTube video

PiperTest

test_listread-onlyList saved PiperTests with metadata (id, name, step count, last run)

test_getread-onlyGet a full PiperTest by ID — groups, steps, AX paths, context

test_saveCreate or update a grouped PiperTest session (groups → steps)

test_deleteDelete a saved PiperTest by ID

test_runExecute a grouped PiperTest at native CDP speed with optional AX healing

test_exportread-onlyExport a PiperTest to Playwright or Cypress — deterministic, no AI

macOS System

162

Motion & Streaming

Video Creator

Outreach

OAuth

Sieve (MediaPiper)

Resources 5

Read-only data the AI can pull into context without calling a tool.

toolpiper://statusServer health, version, loaded models, system resources

toolpiper://modelsFull model catalog with availability and categories

toolpiper://backendsBackend status — which engines are running and their capabilities

toolpiper://testsSaved PiperTests with metadata

toolpiper://categoriesTool categories, counts, and profiles for filtering tools/list

How It Works

AI Client (Claude Code, Cursor, Windsurf, Gemini Code, etc.)
    ↓ JSON-RPC over Streamable HTTP
POST http://127.0.0.1:9998/mcp
    ↓ Bearer token (first-call consent or pre-issued)
ToolPiper.app (macOS, running)
    ↓ PiperMatch retrieval picks the relevant subset per turn
Backends (llama.cpp, FluidAudio, MLX Audio, Apple Intelligence, Vision, NLP, Pose, CDP, System Actions)

Auth

Apple-signed clients (Claude Code, Cursor, Claude Desktop) auto-trust on first call. Other clients see a consent sheet in ToolPiper → Settings → Connected Apps. CI and scripted use can pre-issue a bearer from ~/Library/Application Support/ToolPiper/.toolpiper-token.

Errors

If ToolPiper isn't running, the MCP endpoint is unreachable and the AI client surfaces a connection error pointing back at modelpiper.com/download. ToolPiper's own errors (auth, model not loaded, permission denied) come back as isError: true tool results with the message attached verbatim.

Annotations

Every tool has readOnlyHint, openWorldHint, and idempotentHint (where applicable) so AI clients can make informed decisions about tool usage.

PiperMatch retrieval

Wire payload stays under Claude Code's ~28-31 KB per-server cap by stripping schemas to {type: object} on all-string tools and shipping typed schemas only where parameters can't be inferred from name + context. PiperMatch (an on-device CoreML retrieval model) then picks the relevant tool subset per turn for inference handlers, so the model sees what it needs without context inflation.

Permissions

Per-tool gating (Allow / Ask / Deny) lives in ToolPiper → Settings → Tool Permissions and travels with the user, not the client. Per-external-app gating in Settings → Connected Apps. Denied tools return an isError result; Ask-tier tools trigger a confirmation banner in ToolPiper before dispatching.

Prompts

5 workflow templates available via prompts/list: setup-model, audit-page, create-test, voice-over, research-topic. Each returns step-by-step instructions with the right tool sequence.

Structured output

Inference and analysis tools return structuredContent (machine-readable JSON) alongside human-readable text — embed, ocr, model_list, rag_query, rag_collection_list, audio_speak, audio_voice_clone, image_upscale, and the test_* family.