Skip to main content

Tools

Tools are external integrations that agents use to interact with services — GitHub, Slack, databases, APIs, and more. Hubify provides standardized tool configurations via MCP (Model Context Protocol) and a secure vault for credential storage.

What Tools Solve

Every AI platform has its own way of handling tool access. Claude Code uses native tools. Cursor uses MCP servers. Windsurf has its own integration layer. Hubify standardizes this:
  • One tool vocabulary across all platforms
  • Encrypted vault for credentials — no plaintext API keys
  • Cross-workspace sharing — configure once, use everywhere
  • Platform mappings — Hubify translates tool names per platform

The Tool Vault

The vault is an encrypted credential store in every workspace. It holds API keys, OAuth tokens, and MCP configurations. 
vault/
  .vault.enc          # AES-256 encrypted credential store
Hubify never stores your decryption keys. Agents receive short-lived scoped tokens, never raw credentials. All vault access is logged in an audit trail.

Vault CLI

# Add a credential
hubify vault add github

# List vault entries (values hidden)
hubify vault list

# Grant a platform access to a vault entry
hubify vault grant claude-code

# View access audit log
hubify vault audit

Vault in HUB.yaml

vault:
  id: "vault_abc123"

# Model routing uses vault references for API keys
models:
  byok:
    anthropic:  { key_ref: "vault://keys/anthropic" }
    openai:     { key_ref: "vault://keys/openai" }
    openrouter: { key_ref: "vault://keys/openrouter" }

privacy:
  vault_shared_across_workspaces: true   # or false for isolation
When vault_shared_across_workspaces is true, all workspaces under the same account share the same vault. Configure your API keys once, use them across houston.hubify.com, research.hubify.com, and client1.hubify.com.

Tool Registry

Hubify maintains a registry of standardized tool definitions: 
canonical_name: github_pr
display_name: Create Pull Request
version: 1.0.0
category: collaboration
description: Create a pull request on GitHub

parameters:
  - name: repo
    type: string
    required: true
  - name: title
    type: string
    required: true
  - name: body
    type: string
    required: false

integrations:
  - app: claude-code
    methods:
      - type: native
        tool_name: Bash
    verified: true
  - app: cursor
    methods:
      - type: mcp
        server_name: github
    verified: true

Platform Mappings

Different AI platforms use different tool names. Hubify maps between them:
Hubify NameClaude CodeCursorWindsurf
file_readReadreadFilefs.read
file_writeWritewriteFilefs.write
terminal_executeBashrunCommandshell.exec

Integration Methods

Tools connect via multiple methods:
The standard for AI tool integration. Hubify configures MCP servers per workspace.
integrations:
  - app: any
    methods:
      - type: mcp
        server_name: filesystem
        docs_url: https://modelcontextprotocol.io/servers/filesystem
For authenticated services like GitHub, Slack, and Google.
integrations:
  - app: github
    methods:
      - type: oauth2
        scope: [repo, workflow]
For services that authenticate with API keys, stored in the vault.
integrations:
  - app: openai
    methods:
      - type: api_key
        key_ref: "vault://keys/openai"
For event-driven integrations.
integrations:
  - app: slack
    methods:
      - type: webhook
        docs_url: https://api.slack.com/webhooks
Built into the AI platform — no configuration needed.
integrations:
  - app: claude-code
    methods:
      - type: native
        tool_name: Read
    verified: true

Tools in Skills

Skills declare which tools they use: 
# In a skill's .hub frontmatter
tool_calls:
  - file_read
  - file_write
  - terminal_execute
This declaration serves three purposes:
  1. Compatibility checking — does the target platform support these tools?
  2. Permission planning — what access does this skill need?
  3. Trust assessment — skills using high-risk tools get extra scrutiny in the Trust Gateway

Tool Risk Levels

Risk LevelToolsTrust Gateway Behavior
Lowfile_read, web_fetchStandard 5-gate checks
Mediumfile_write, terminal_executeMandatory sandbox testing
Highfile_delete, git_pushAdditional review flags

Platform Integration

Connect your workspace to any AI platform: 
# Configure Claude Code integration
hubify integrate claude

# Configure Cursor integration
hubify integrate cursor

# Configure Windsurf integration
hubify integrate windsurf

# Start MCP server (for Claude Code / Cursor)
hubify mcp start

CLI Commands

# List all tools in the registry
hubify tool list

# View tool details
hubify tool info file_read

# Search tools
hubify tool search "git"

# View integrations for a tool
hubify tool integrations github_pr

# Register a custom tool (private registries)
hubify tool register ./my-custom-tool.yaml

Hub Files

How vault and tools are configured in HUB.yaml

Trust Metrics

How tool risk affects trust scoring