/ Directory / Playground / hyper-mcp
← All servers ↗ GitHub
● Community hyper-mcp-rs ⚡ Instant

hyper-mcp

by hyper-mcp-rs · hyper-mcp-rs/hyper-mcp

A Rust-based MCP server whose tools are WebAssembly plugins — sandboxed, signed via OCI, and loaded dynamically at runtime.

hyper-mcp is a fast, memory-safe MCP server where every tool is a WASM plugin pulled from an OCI registry. Plugins run in a sandbox with explicit host-function grants, and signatures verified via sigstore. Best for teams that want to ship tools to agents without trusting random npm packages.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

hyper.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "hyper": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/hyper-mcp-rs/hyper-mcp"
      ],
      "_inferred": true
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "hyper": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/hyper-mcp-rs/hyper-mcp"
      ],
      "_inferred": true
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "hyper": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/hyper-mcp-rs/hyper-mcp"
      ],
      "_inferred": true
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "hyper": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/hyper-mcp-rs/hyper-mcp"
      ],
      "_inferred": true
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "hyper",
      "command": "TODO",
      "args": [
        "See README: https://github.com/hyper-mcp-rs/hyper-mcp"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "hyper": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/hyper-mcp-rs/hyper-mcp"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add hyper -- TODO 'See README: https://github.com/hyper-mcp-rs/hyper-mcp'

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use hyper-mcp

How to ship internal MCP tools securely with hyper-mcp

👤 Platform teams building internal agent tools ⏱ ~45 min advanced

When to use: You need to give engineers a curated toolset and can't trust them to vet every npm MCP package.

Prerequisites
  • hyper-mcp binary installed — Download release from github.com/hyper-mcp-rs/hyper-mcp/releases
  • An OCI registry to host plugins — GHCR or a private Harbor/ECR
Flow
  1. Publish a signed plugin
    I've built a WASM plugin at ./my-plugin.wasm. Push it to ghcr.io/acme/my-plugin:v1 and sign with sigstore.✓ Copied
    → Plugin available on registry with signature
  2. Configure hyper-mcp to pull and verify it
    Edit ~/.config/hyper-mcp/config.json to add the plugin URL with required signer identity.✓ Copied
    → Plugin appears in hyper_mcp-list_plugins after restart
  3. Call the tool from Claude
    Use the tool exposed by my-plugin to do <X>.✓ Copied
    → Tool runs sandboxed; attempts to exceed granted capabilities are denied

Outcome: A locked-down internal toolbelt where every plugin is signed, versioned, and sandboxed.

Pitfalls
  • Granting network access to all plugins by default — Configure per-plugin allowed_hosts; deny-by-default
  • Plugin signed by the wrong identity — hyper-mcp will reject — check sigstore/rekor logs for signer mismatch

Hot-swap agent tools with hyper-mcp without restarting the client

👤 Agent developers iterating on tool APIs ⏱ ~10 min intermediate

When to use: You're testing a tool and want to iterate without killing the MCP session every 30 seconds.

Flow
  1. Load a new version
    Call hyper_mcp-load_plugin with the URL of my-plugin:v2. Confirm it loaded.✓ Copied
    → Plugin v2 shows in list_plugins
  2. Unload old version if needed
    Call hyper_mcp-unload_plugin on my-plugin:v1.✓ Copied
    → Only v2 remains

Outcome: A tight inner loop for plugin development.

Combinations

Pair with other MCPs for X10 leverage

hyper + claude-code

Run hyper-mcp as the only MCP host inside Claude Code and route all custom tools through it

Replace my 5 npx-based MCPs with hyper-mcp pointing at my internal plugin registry.✓ Copied
hyper + mcptools

Debug plugin tool surface before Claude sees it

Use mcp tools to enumerate what hyper-mcp currently advertises.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
hyper_mcp-list_plugins Inspect what's loaded; debug missing tools 0
hyper_mcp-load_plugin url: str (oci://...), name?: str Add a plugin at runtime one OCI pull
hyper_mcp-unload_plugin name: str Remove a plugin — release memory and revoke its tools 0

Cost & Limits

What this costs to run

API quota
None — local host
Tokens per call
Depends on plugin — typically 100–1000
Monetary
Free; OCI registry hosting may cost if private
Tip
Share a single hyper-mcp host across clients instead of running many npm-based MCPs

Security

Permissions, secrets, blast radius

Credential storage: Plugin secrets injected via config; OCI registry creds via standard docker/ghcr login
Data egress: Only to hosts listed in each plugin's allowed_hosts
Never grant: unrestricted filesystem unrestricted network

Troubleshooting

Common errors and fixes

Plugin fails signature verification

Check the sigstore signer identity matches config. Re-sign with cosign sign using the correct identity

Verify: cosign verify <oci-url>
Plugin loads but tool not visible to Claude

Claude caches the tool list at session start — restart the MCP client after loading

Verify: hyper_mcp-list_plugins shows the plugin and its advertised tools
WASM execution trap / panic

Plugin exceeded a resource limit or hit an unsafe op. Check logs; raise limit in config only if trusted

Alternatives

hyper-mcp vs others

AlternativeWhen to use it insteadTradeoff
ArcadeYou want a Python framework instead of WASM pluginsLess isolation; Python runtime instead of sandboxed WASM
GolfPython-first, auto-discovery of tool filesNot plugin-isolated; all tools run in one process
FastMCPSimple Python MCP, no registry/sandbox needsNo distribution story; you redeploy the whole server for each change

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills