HAL

HAL (HTTP API Layer) is a Model Context Protocol (MCP) server that provides HTTP API capabilities to Large Language Models.
  • javascript

37

GitHub Stars

javascript

Language

6 months ago

First Indexed

2 months ago

Catalog Refreshed

Documentation & install

Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "deanward-hal": {
      "command": "npx",
      "args": [
        "hal-mcp"
      ],
      "env": {
        "HAL_API_BASE_URL": "https://api.example.com",
        "HAL_SWAGGER_FILE": "\\/path\\/to\\/your\\/openapi.json",
        "HAL_SECRET_API_KEY": "YOUR_SECRET_API_KEY",
        "HAL_SECRET_PASSWORD": "YOUR_PASSWORD",
        "HAL_SECRET_USERNAME": "YOUR_USERNAME"
      }
    }
  }
}

HAL is an MCP server that exposes HTTP API capabilities for Large Language Models, enabling them to perform web requests securely and with automatic tooling from OpenAPI specifications. It supports secret management, OpenAPI-driven tool generation, and built-in documentation, making it easier to integrate APIs into your LLM workflows while keeping credentials safe.

How to use

You use HAL by running it as an MCP server and then connecting your MCP-compatible client to it. HAL can automatically generate tools from an OpenAPI specification and expose HTTP methods (GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD) as accessible tools for your LLMs. You can supply an OpenAPI file or a URL, enable secret substitution for sensitive data, and restrict secret usage to specific URLs. When you invoke HAL tools, the system substitutes secrets at request time and redacts secret values in any responses that reach the AI.

OpenAPI/Swagger integration and secrets

HAL supports automatic tool generation from an OpenAPI specification. Provide the OpenAPI file via an environment variable and HAL will create tools for each operation, named using the pattern swagger_{operationId}. You can configure base API URLs and secret values for safe usage.

Available tools

list-secrets

Lists available secret keys that can be referenced as {secrets.key} in requests.

http-get

Performs HTTP GET requests to a specified URL with optional headers.

http-post

Performs HTTP POST requests with optional body and headers and supports setting contentType.

swagger_getUser

Auto-generated tool from an OpenAPI operation with operationId getUser. Performs the corresponding API call using validated parameters.

swagger_listPets

Auto-generated tool from an OpenAPI operation with operationId listPets. Performs the corresponding API call with proper parameter handling.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational