Give your agent tool intelligence
One command. 21 tools. 999 scored services. 18 callable providers today.
Rhumb MCP gives your AI agent live access to tool scores, failure modes, route, health, and cost checks, plus governed execution where Rhumb is actually callable today. Install it in 30 seconds and your agent knows which API to pick, what will break, what rail it will use, and how much it will cost before making a single call.
Honest current state
Discovery breadth: 999 scored services and 435 capability definitions. Current runtime-callable surface: 18 callable providers, strongest today for research, extraction, generation, and narrow enrichment.
npx rhumb-mcp@latest
No governed API key required for discovery and scoring. Add to any MCP-compatible client.
Before you wire this into an agent loop
Want to inspect the trust story first? Read Trust, inspect the public Methodology, or use the provider dispute path if a score or claim looks wrong.
Default path for agents
Default path: start with governed API key or wallet-prefund on `X-Rhumb-Key`, discover a Service, choose a Capability, estimate the call, then execute through Layer 2. One governed surface, many managed capabilities: start with Rhumb-managed capabilities first, bring your systems only when needed, and keep one surface instead of a tool graveyard. Bring BYOK or Agent Vault only when the workflow touches your own systems. Use x402 only when zero-signup per-call matters. Use Layer 1 only when you must pin the provider. Use Layer 3 only when a published recipe already exists.
Start with Layer 2. It is the main production surface today.
For repeat traffic, use governed API key or wallet-prefund on X-Rhumb-Key. Bring BYOK or Agent Vault only when provider control is the point.
Zero-signup per-call payment matters more than repeat throughput.
What your agent gets
21 MCP tools organized into four categories. Your agent can discover tools, check their quality, execute capabilities through Rhumb's proxy, manage budgets, and work with receipts plus the live recipe-catalog status — all through natural tool calls.
Setup
Add Rhumb MCP to your agent framework. Same config works everywhere.
Claude Desktop
{
"mcpServers": {
"rhumb": {
"command": "npx",
"args": ["rhumb-mcp@latest"]
}
}
} Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%/Claude/claude_desktop_config.json (Windows). Restart Claude Desktop.
Cursor / Windsurf / any MCP host
{
"mcpServers": {
"rhumb": {
"command": "npx",
"args": ["rhumb-mcp@latest"]
}
}
} Same configuration format. Add to your editor's MCP settings file.
Direct stdio (any framework)
npx rhumb-mcp@latest
The server speaks MCP over stdio. Pipe it into any MCP-compatible client: LangChain MCP Adapters, CrewAI, AutoGen, or custom implementations.
Workflows
Three real workflows showing how an agent uses Rhumb MCP tools together. Each starts with a scenario and walks through the tool calls step by step.
Find the best tool for a job
Your agent needs to send an email but doesn't know which provider to use.
find_services ("send transactional email") Returns ranked services: Resend (7.8), SendGrid (5.5), Postmark (7.5), Amazon SES (7.5) — sorted by AN Score.
get_score ("resend") Full breakdown: execution 8.7, access readiness 6.8, confidence 93%. Explanation of why it scores high.
get_failure_modes ("resend") Known failure patterns — webhook delivery delays under burst, 429 rate limit behavior, etc.
Execute a capability through Rhumb
Your agent decides Resend is the right choice and wants to send an email through Rhumb's proxy.
resolve_capability ({ capability: "email.send", credential_mode: "byok" }) Returns ranked providers plus machine-readable execute guidance like cost per call, auth method, endpoint pattern, configured state, and preferred credential mode. If the requested mode dead-ends, Rhumb also returns machine-readable recovery fields like recovery_hint.resolve_url, recovery_hint.credential_modes_url, and, when applicable, recovery_hint.alternate_execute_hint or recovery_hint.setup_handoff. If the capability ID is wrong, Rhumb returns search suggestions instead of a blank dead end.
estimate_capability ({ capability_id: "email.send", provider: "resend" }) Estimate returns the active execution rail, cost, and health before execution, plus machine-readable execute_readiness handoffs on anonymous direct system-of-record paths: $0.001/call, budget remaining, can_afford: true.
execute_capability ({ capability_id: "email.send", body: { to: "user@example.com", subject: "Hello", html: "<p>Hi</p>" } }) Email sent through Resend via Rhumb proxy. Response includes execution time, cost, and upstream status.
Manage agent budget and spend
Your agent has a daily budget and needs to track spend across providers.
budget ((no args)) Current budget status: daily limit, remaining, period reset time.
spend ((no args)) Spend breakdown by capability and provider. Which tools cost the most, where budget is going.
check_balance ((no args)) Credit balance in USD. If low, use get_payment_url to top up via Stripe or x402 USDC.
What's in the dataset
Domains include: payments, email, CRM, auth, databases, analytics, communication, storage, search, monitoring, e-commerce, AI/ML, and 18 more. Every service is scored on the same 20-dimension methodology.
Scores update as we gather new evidence. When you call get_score,
you get the latest data — not a static snapshot.
Direct API access
Prefer REST? The same data is available via HTTP. No governed API key needed for read endpoints.
GET https://api.rhumb.dev/v1/services List all 999 scored services
GET https://api.rhumb.dev/v1/services/stripe/score Full score breakdown with failure modes
GET https://api.rhumb.dev/v1/capabilities/email.send/resolve Ranked providers for a capability
GET https://api.rhumb.dev/v1/leaderboard/payments Category leaderboard, sorted by AN Score
Full API reference at rhumb.dev/docs. Machine-readable description at rhumb.dev/llms.txt.
Credential paths that match your trust boundary
Rhumb supports three live credential paths. Start with the Rhumb-managed path when zero-config governed execution is the point, then bring BYOK or Agent Vault in only when provider control matters.
Rhumb holds the upstream credential. Agent provides capability + body, Rhumb handles auth. Zero-config for the agent. Per-call pricing with pre-call estimates.
Pass your own provider API key at execution time. Rhumb routes the request, you keep control of the provider credential. Full control, no credential storage.
Agent brings a JWE-encrypted credential token. Rhumb decrypts at execution time, never stores. Highest security — the credential is never at rest in Rhumb.
Start with one bounded execution lane, not connector sprawl
If Rhumb MCP already fits your stack, the next useful test is not wiring every provider at once. Start with capability-first onboarding or jump into the managed lane and inspect what is actually callable today.
A clean install is only the floor. The next honest question is what happens once the same server is carrying retries, provider quotas, and credential churn for more than one workflow.
Move from first-tool success into the failure shape of real multi-step agent loops.
See how shared quotas, retries, and fallback decisions become a fleet problem fast.
The companion read on scoped leases, expiry detection, and rotation once the lane is live.
Failure-mode evidence
If you are deciding whether to trust this surface in a real workflow, look at where agents actually get cut on live provider APIs. These autopsies turn abstract score and readiness claims into concrete failure patterns.
See the rate-limit trap, association complexity, and missing idempotency that turn routine CRM jobs brittle under automation.
See how OAuth ceremony, governor limits, and metadata-driven schemas create a maze that simple hello-world demos hide.
See what an agent-friendly API still needs in practice, from A2P registration latency to carrier-imposed rate behavior.
See how GraphQL cost budgets, version migration pressure, and inventory authority shape real commerce execution risk.
Explore further
Choose tools by workflow fit, trust class, and runtime reality, not just availability.
Pressure-test auth, governors, recovery paths, and blast radius before unattended use.
See why safer MCP surfaces narrow authority around the job instead of exposing raw provider sprawl.
See why one bounded capability surface beats dropping agents into a connector graveyard.