Getting Started
Install agent-mesh, write your first policy, and make a governed tool call. Five minutes.
Install
Verify:
Minimal config
Create config.yaml:
mcp_servers:
- name: filesystem
transport: stdio
command: npx
args: ["-y", "@modelcontextprotocol/server-filesystem", "/home/user"]
policies:
- name: default
agent: "*"
rules:
- tools: ["filesystem.read_file", "filesystem.list_directory"]
action: allow
- tools: ["filesystem.write_file"]
action: human_approval
- tools: ["*"]
action: deny
This config:
- Connects to the filesystem MCP server
- Allows read operations
- Requires human approval for writes
- Denies everything else
Run with Claude Code
Claude Code now routes all tool calls through agent-mesh. Open Claude Code and try:
This should work (policy: allow). Now try:
You'll see an approval prompt. Say yes — agent-mesh traces the decision.
Run standalone (HTTP mode)
# List available tools
curl http://localhost:9090/tools | python3 -m json.tool
# Call a tool
curl -X POST http://localhost:9090/tool/filesystem.read_file \
-H "Authorization: Bearer agent:my-script" \
-H "Content-Type: application/json" \
-d '{"params":{"path":"/home/user/config.yaml"}}'
# Check traces
curl http://localhost:9090/traces | python3 -m json.tool
What just happened
Your agent ──► agent-mesh ──► filesystem MCP server
│
├── policy check (allow / deny / human_approval)
├── rate limit check
├── trace recorded (JSONL)
└── approval queue (if human_approval)
Every tool call is logged. Every policy decision is traceable. The agent doesn't know the proxy exists.
Next steps
- Writing Policies — per-agent rules, globs, conditions
- Approval Flow — approval queue, grants, CLI
- Deployment Modes — solo dev, team, Managed Agents