the full tour

How a tool goes from your terminal to your team.

ToolDrop is the workspace layer around agent-built apps. Your agent writes the tool; the platform owns everything that makes it real software — sign-in, secrets, storage, hosting, versions, and sharing. Here is the whole machine, end to end.

Your machine

You and your coding agent, building the way you already do.

One deploy

tooldrop deploy validates, builds, and ships a numbered version.

The workspace

One login, a real address, sharing and rollback the team can trust.

four stations · one contract · zero glue code

01
tooldrop init

Start from a scaffold that already knows the rules.

One command creates a working app with the ToolDrop contract built in. It isn't a boilerplate to fight — it's the sanctioned starting point your coding agent can actually follow.

  • The SDK is wired in. Identity, Tool Storage, env vars, and logging are one import away in lib/tooldrop — no setup step for your agent to skip.
  • The rules are written down. AGENTS.md and CLAUDE.md tell Claude Code or Codex where identity comes from, where state lives, and what never to touch.
  • The manifest declares intent. tooldrop.json names the tool and its required env keys, so the workspace knows what the tool needs before anyone relies on it.
  • The gateway guard ships by default. proxy.ts rejects any request that didn't come through the workspace gateway — private is the starting state, not a setting.
what lands on diskthe scaffold
  • refund-console/
  • AGENTS.mdthe contract your agent reads first
  • CLAUDE.mdsame rules, Claude Code entry point
  • tooldrop.jsonmanifest — name, env keys, schedules
  • design.mdthe workspace design language
  • proxy.tsgateway guard — rejects unsigned traffic
  • lib/tooldrop/the SDK — identity, storage, env, logs
  • app/a working Next.js app, yours to reshape
02
claude

Build with the agent your team already likes.

ToolDrop is not the IDE and not the model. Use Claude Code, Codex, or whatever ships next — locally, the way you already work. The platform's job is to make sure the agent builds against real conventions instead of guessing.

  • Docs speak agent. tooldrop docs, llms.txt, and docs.md put the whole contract in your agent's context in one call.
  • An MCP server, if you want it. Add the hosted server and your agent gets td_* tools for docs, env keys, storage, and logs while it works.
  • Secrets stay tagged, not pasted. Agents look up which env keys exist and what they're for — a database URL is a named, described thing, not a string in a prompt.
  • Local dev is one command. tooldrop dev runs the app with workspace identity simulated, so what you see is what teammates get.
hand your agent the contract
$ claude mcp add tooldrop --transport http \
tooldrop.app/api/mcp
 
✳ td_docs · td_env · td_storage · td_logs
✔ your agent now knows the rules

the contract, in four lines

  • no app auth code — identity comes from the gateway
  • no hardcoded secrets — read tagged env vars
  • app-owned state goes in td.storage
  • run tooldrop validate before deploy
03
tooldrop deploy

Deploy a version, not a vibe.

No repos required, no CI to configure, no YAML. The CLI validates the contract, builds the app, checks that the workspace has every declared env key, and publishes a numbered version with your name on it.

  • Validation runs first. tooldrop validate catches app-owned auth code, raw secrets, and missing manifest keys before they reach teammates.
  • Preflight builds catch breakage. The deploy fails on your machine, not in front of the team.
  • Every version is kept whole. Source, owner, message, and timestamp — so history, rollback, and cloning work without git ever entering the picture.
  • Risky changes can stage first. On Pro, stage a version in its own environment and share it before making it the live one.
~/tools/refund-console
$ tooldrop deploy -m "add bulk refunds"
✔ contract validated — no auth code, no raw secrets
✔ preflight build passed
✔ required env keys present in workspace
✔ refund-console v5 is live
→ tools.yourteam.com/refund-console
version history rollback anytime
  • v5add bulk refundsdavelive
  • v4filter by card brandpriyarestore
  • v3first shared versiondaverestore
04

It lands where the team already is.

The tool appears in the workspace launcher at a stable address, behind the sign-in everyone already has. Sharing is a decision, not a link that escapes.

  • One login for every tool. No per-app passwords, no magic links, no “who has access to this?” The workspace is the front door.
  • Visibility is explicit. Keep a tool personal, share it with the whole workspace, or invite specific people to just that tool.
  • Guests stay lightweight. App-only guests open up to two specific tools for free — occasional collaborators never become billable seats or shadow admins.
  • Ownership survives people. Every tool shows who built it, who shipped each version, and can be handed to a new owner intact.
tools.yourteam.com
refund console
churn radar
deal desk
on-call rotation
commission tracker
usage explorer
one sign-in · six tools · zero loose links workspace auth
under the hood

What actually happens when a teammate clicks the tool.

This is the part your agent never has to build — and the reason an agent-built app can be trusted with real work. Every single request walks the same path.

  1. 1

    gatewayGET /refund-console — request hits the ToolDrop gateway, never your app directly

    Every tool lives behind the workspace gateway. There is no public origin to leak, guess, or index.

  2. 2

    authworkspace session found — dave@yourteam.com, role: member

    Teammates use the sign-in they already have. No session means a workspace login screen, not your tool.

  3. 3

    identityidentity signed and attached to the request

    The gateway forwards who is asking on every request, cryptographically signed. Your app verifies it with one SDK call — it never handles passwords, sessions, or cookies.

  4. 4

    appyour route runs — env vars decrypted, td.storage scoped to this tool

    Secrets are injected server-side from the encrypted vault. Tool Storage reads and writes are scoped to the app, so tools can't step on each other.

  5. 5

    response200 — rendered for dave, logged for the workspace

    The tool responds like any web app, and the workspace keeps the operational trail: logs, errors, and who used what.

The six things you never build again.

Each one is table stakes for "real software" — and none of them is the reason you wanted the tool.

Identity & access

One workspace sign-in gates every tool. Signed identity rides along on each request, so “who is asking” is a fact, not a feature you build.

Env vars & secrets

Credentials live encrypted at the platform level, tagged so agents can find the right keys. Nothing gets pasted into another .env file.

Tool Storage

Saved filters, notes, and small app-created records get a scoped key-value home — instead of a table quietly added to production.

Hosting & address

Every tool gets a stable URL in the workspace. No preview links drifting through Slack, no laptop that must stay awake.

Versions & rollback

Every deploy is kept with source, owner, and message. Roll back in one click, clone a tool, or hand it off without archaeology.

Logs & audit

td.log and td.error stream into per-app logs you can read from the dashboard or CLI, alongside the audit trail of every deploy.

Who does what.

The whole model in one glance: creativity stays with you, discipline lives in the scaffold, and the boring-but-critical parts belong to the platform.

You + your agent

  • Decide what the tool does
  • Build the UI and the logic
  • Query your real systems
  • Iterate as the team asks for more

The scaffold

  • Ships the SDK and gateway guard
  • States the rules in AGENTS.md
  • Declares env keys in tooldrop.json
  • Keeps agents on the sanctioned path

The platform

  • Auth, identity, and sharing
  • Encrypted env vars & Tool Storage
  • Hosting, versions, and rollback
  • Logs, schedules, and webhooks

Four kinds of people, clearly separated.

Access maps to what someone actually does — and only workspace members are paid seats.

Admin

Runs the workspace — members, billing, env vault, and which tools are team-visible.

Builder

Ships tools. Deploys from the CLI, manages app env vars, versions, and rollback.

Member

Uses the workspace — the launcher, team tools, and search. This is the paid seat.

App-only guest

Gets specific tools, not the workspace. Up to two tools each, free on every plan.

Day two, handled too.

Shipping is the easy part. These are the moments — a week or a year later — where a loose app falls apart and a dropped tool doesn't.

Roll back a bad deploy

Every version is kept whole. One click returns the tool to the last good state while you fix forward.

pro

Edit in the browser

Chat with an AI editor against a live draft preview, then publish as a clean new version.

pro

Schedule jobs

Declare schedules in the manifest and the platform calls your cron routes, with run logs kept.

pro

Receive webhooks

Public webhook URLs forward into explicit route handlers, with delivery logs for debugging.

pro

Grow into a database

When td.storage isn't enough, a managed per-app database arrives as a provisioned DATABASE_URL.

Convert an existing app

Already built it? The Convert guide walks agents through adopting the contract route by route.

You've seen the machine. Feed it a tool.

Two workspace members and three live tools are free — enough to run the whole loop on something real this afternoon.