Switchyard
Health Warn
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
This tool acts as a shared runtime layer that helps AI applications connect to user-provided credentials (like API keys via BYOK) and web sessions. It standardizes provider routing and diagnostics so developers do not have to rebuild these systems from scratch for every new AI product.
Security Assessment
The light code scan of 12 files found no dangerous patterns, hardcoded secrets, or requests for risky system permissions. However, because the core function is to route and manage end-user API credentials and active web sessions, the tool inherently handles highly sensitive authentication data. Developers must exercise caution regarding how these credentials are stored, processed, and logged at runtime. Overall risk is rated as Medium due to the sensitive nature of the data passing through the service, despite the clean automated scan.
Quality Assessment
The project is actively maintained, with its most recent push occurring today. It uses the permissive and standard MIT license and provides extensive, well-structured documentation alongside clear boundaries about its current capabilities. Community trust and visibility are currently very low. The repository has only 7 GitHub stars, indicating that it is an early-stage project that has not yet been widely peer-reviewed or battle-tested by the broader developer community.
Verdict
Use with caution — the codebase itself appears safe, but the project's low community adoption means it has not been broadly vetted, and its role handling sensitive credentials demands a careful manual review of your specific deployment configuration.
Shared provider runtime for AI apps.
Switchyard
Shared provider runtime for AI apps.
Switchyard turns end-user BYOK + Web/Login access into one service-first
runtime that AI products can call without rebuilding provider routing,
credential/session handling, and diagnostics from scratch.
It is not a chat product, not a personal assistant, and not another
all-in-one AI platform. It exists to be the shared runtime layer that other AI
apps can depend on.
Builder Thesis
One shared provider runtime for AI apps.
Use Switchyard when you want AI products to plug into real end-user access
lanes without every product re-inventing provider contracts, session logic,
and diagnostics.
Current Public Boundary
Today the truthful public story is:
- Primary public front door: the GitHub Pages docs atlas plus this root
README - Primary repo-native runtime surface:
apps/service/and the
service/runtime HTTP contract - Secondary machine-readable surface:
packages/surfaces/mcp/server.json, a read-only MCP descriptor - Builder-facing packet:
distribution/claude-marketplace/plugins/switchyard-builder-suite/skills/runtime-diagnostics/
plus starter packs and host examples - Not claimed today: official marketplace listings, official MCP Registry
listing, npm publication, hosted multi-tenant runtime, write-capable MCP, or
full consumer parity
Artifact-ready still does not mean listed-live.
Public Language Policy
Switchyard now treats the public front door as English-first.
- The default landing path for global developers stays English-first.
- Bilingual support remains available through glossary and i18n helper pages.
- Live/browser realism notes belong in proof and runbook surfaces, not in the
stable top-level product sentence.
Open The Right Door
| If you need to... | Open this first |
|---|---|
| understand the product in 30 seconds | docs/media/30-second-overview.md |
| run the shortest first success | docs/first-success.md |
| inspect what is really proved today | docs/public-proof-pack.md |
| see what is package-ready vs listed-live | docs/public-distribution-ledger.md |
| bootstrap a local workstation or inspect workstation-bound reality | docs/runbooks/dev-bootstrap.md |
| browse the public docs front row | docs/index.html and docs/README.md |
If you are touching Switchyard for the first time, stop there.
The heavier shelves still exist, but they are not first-row front door pages:
- support signboard and bootstrap runbook
- contracts and blueprints
- submission-packet accounting
- builder catalog internals
- testing/governance reference pages
The old Wave 1 working packs were relocated out of the public docs plane. The
legacy docs/blueprints/wave1/* paths now act only as relocation notes, while
the real working copies live under .agents/internal-docs/wave1/.
30-Second Version
If you only remember four lines, remember these:
- Switchyard is not another AI app.
- It is a shared provider runtime for AI apps.
- It turns
BYOK + Web/Loginaccess into a service-first substrate that other
AI products can call. - Today it ships a repo-native runtime, a partial read-only MCP surface, a
runtime-diagnostics packet, starter packs, and truth-first public docs. npm,
registry, marketplace, Docker, and broader publication remain later lanes.
First Success
If you want the fastest truthful first success, run the shortest bounded path:
Start the local runtime:
pnpm run start:service-localProve the read-only truth surface is alive:
pnpm run example:mcp-inspectorProve the runtime can accept one minimal invoke:
pnpm run example:runtime-bridge
The default service port is http://127.0.0.1:4010.
If you want the full step-by-step path and failure routing, open
docs/first-success.md.
Why Switchyard Exists
Many AI products keep rebuilding the same messy layer:
- provider contracts
- auth/session plumbing
- provider routing
- diagnostics and remediation
- builder starter surfaces
Switchyard exists so that this repeated work can become one reusable runtime:
a shared provider runtime that AI apps can plug into, instead of each app
re-inventing the provider layer alone
What It Is
- a shared provider runtime for AI apps
- a service-first runtime surface with SDK and MCP companion surfaces
- a builder-facing repo that keeps proof, starter packs, and truth contracts
aligned - a runtime layer that stays fail-closed on claims it cannot honestly prove
What It Is Not
- not a chat product
- not a personal assistant
- not a control-plane-first SaaS
- not a hosted multi-tenant runtime today
- not a browser plugin
- not a raw fork product of any upstream repo
V1 Scope
Switchyard V1 is intentionally narrow:
BYOKWeb/Login
Current Web/Login provider set:
ChatGPTGeminiClaudeGrokQwen
Current BYOK code support must cover:
OpenAIAnthropicGrok / xAIOpenRouterGroqQwen APIVertex AIBedrock
Explicit non-goals right now:
Agent Input LaneCodex/Claude Codeas supply-side sourcesGemini CLI- shared public credentials
- multi-tenant account pooling
- a hosted control plane
Architecture In One Sentence
Switchyard separates lane, provider, consumer, and surface so
that the runtime stays reusable even while builder routes and public claims stay
fail-closed.
High-level shape:
flowchart LR
A["BYOK lane"] --> K["Switchyard kernel"]
B["Web/Login lane"] --> K["Switchyard kernel"]
K --> H["HTTP service surface"]
K --> S["SDK surface"]
H --> F["First-party integrations"]
S --> D["Future AI app consumers"]
H --> C["Future consumer compat"]
What Ships Now vs Later
Ships now
- service-first runtime surface
- partial read-only MCP surface
- partial thin compat packages
- runtime-diagnostics public skill packet
- starter packs and host examples
- proof-first docs atlas and public distribution ledger
Still later
- official marketplace listings
- official MCP Registry listing
- npm publication read-back
- Docker/runtime catalog publication
- hosted multi-tenant runtime
- full consumer parity
- write-capable MCP
Proof And Reality Truth
Live/browser outcomes are important, but they are proof / runbook truth for a
credentialed workstation, not the stable repo identity.
That means:
- repo-side green does not erase local browser/session blockers
- one workstation result should not rewrite the top-level product sentence
- current live/browser reality belongs in
docs/public-proof-pack.md
and docs/runbooks/dev-bootstrap.md
Use the proof pack when the question becomes:
- what is really proved today
- which blockers are external-only
- which results depend on local credentials and browser session materials
Distribution Truth
Current distribution truth is intentionally narrow:
- GitHub Pages storefront is live and remains the primary public homepage
- repo materials are package-ready for the MCP surface and thin compat packages
- official marketplace or registry publication is not claimed yet
- builder packets and starter packs are public repo surfaces, not official
listings - packet-scoped host receipts, including the
switchyard-runtime-diagnosticspacket, belong in the packet's own manifest
and README; they do not upgrade repo-wide npm, marketplace, or official
MCP Registry truth
See:
If you need the exact heavy-lane packet or older staging material, treat them as
deeper shelves rather than the default first stop.
Docs Atlas
First-row public routes
- docs/index.html
- docs/README.md
- docs/media/30-second-overview.md
- docs/first-success.md
- docs/public-proof-pack.md
- docs/public-distribution-ledger.md
- docs/api/service-http-reference.md
- docs/api/openapi.yaml
Deeper public shelves
- Product and scope
- API and diagnostics
- Builder adoption
- examples/README.md
- starter-packs/README.md
- docs/starter-pack-index.md
- docs/plugin-skill-starter-kits.md
- docs/starter-manifest-templates.md
- docs/starter-manifest-templates.schema.json
- docs/starter-manifest-examples.md
- docs/starter-manifest-examples.schema.json
- docs/starter-pack-chooser.md
- docs/starter-pack-comparison.md
- docs/builder-journeys.md
- docs/builder-intent-router.md
- docs/host-integration-playbooks.md
- docs/host-integration-examples.md
- Public reference and catalogs
- docs/public-surface-support-matrix.md
- docs/public-surface-catalog.md
- docs/public-surface-catalog.schema.json
- docs/compat/README.md
- docs/mcp.md
- docs/blueprints/m2-kernel-beta-verdict.md
- docs/blueprints/m3-first-party-integration-readiness.md
- docs/blueprints/openclaw-zero-token-adoption-ledger.md
- docs/provider-runtime-catalog.md
- docs/provider-runtime-catalog.json
- docs/provider-runtime-catalog.schema.json
- docs/compat-target-catalog.md
- docs/compat-target-catalog.json
- docs/compat-target-catalog.schema.json
- docs/builder-kit-catalog.md
- docs/builder-kit-catalog.json
- docs/builder-kit-catalog.schema.json
- docs/skill-pack-catalog.md
- docs/skill-pack-catalog.json
- docs/skill-pack-catalog.schema.json
- docs/discoverability-keyword-truth.json
- docs/discoverability-keyword-truth.schema.json
- Support surfaces
Internal-only working packs
- Wave 1 contract/evidence packs now live under
.agents/internal-docs/wave1/. - The old
docs/blueprints/wave1/*locations remain only as relocation notes so
older links do not break.
Truth Rules
supportedmeans there is a durable, repo-backed public surface now.partialmeans a real narrow slice exists, but it is not the full promised
shape.plannedmeans the route is intentional but not landed.researchmeans investigation exists but support does not.not nowmeans the surface is explicitly outside the current public front
door.
Security And Local Runtime Boundaries
Do not publish cookie bundles, browser profiles, or other credential
materials..runtime-cache/,.agents/, and.env*stay out of public release
surfaces.Repo-local cleanup only applies to Switchyard-owned runtime artifacts, never
to machine-wide caches or other apps.Before live/browser/cleanup actions, run:
pnpm run scan:host-process-risks
For local runtime hygiene, browser/session acquisition, and operational
footprint, go to docs/runbooks/dev-bootstrap.md.
Verification Entry Points
pnpm run typecheckpnpm run test:coveragepnpm run test:docs-frontdoorpnpm run build
One Final Sentence
Switchyard exists because AI apps should share one honest provider runtime
instead of each product rebuilding the provider layer alone.
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found