earl 0.5.0 - Docs.rs

docs.rs failed to build earl-0.5.0
Please check the build logs for more information.
See Builds for ideas on how to fix a failed build, or Metadata for how to configure docs.rs builds.
If you believe this is docs.rs' fault, open an issue.

Earl sits between agents and external services. Operations are HCL files committed to your repository. The LLM sees a tool name and description; it never reads the template body. An injected instruction in an API response has nowhere to land because the LLM isn't reading the part of the request that executes.

Secrets stay in the OS keychain. They aren't in tool arguments, tool descriptions, or output.

→ Documentation

Quick start

# Install
curl -fsSL https://raw.githubusercontent.com/brwse/earl/main/scripts/install.sh | bash

# Import a provider template
earl templates import https://raw.githubusercontent.com/brwse/earl/main/examples/github.hcl

# Store a secret — prompts for the value, not echoed
earl secrets set github.token

# Call a command
earl call --yes --json github.search_repos --query "language:rust stars:>100"

To use Earl as MCP tools in your agent, add it to your MCP config and restart. Claude Code and Cursor use the same format:

{
  "mcpServers": {
    "earl": {
      "command": "earl",
      "args": ["mcp", "stdio"]
    }
  }
}

MCP tools don't activate until after restart. In the current session, use earl call --yes --json through the Bash tool.

See Quick Start for the full walkthrough, or Agent-Assisted Setup to let an agent handle the install and configuration.

How it works

You write an HCL template describing an operation: method, URL, auth, parameters. When an agent calls the tool, Earl loads the template, reads the required secret from the OS keychain, renders the Jinja expressions against the agent's supplied values, and executes the request. The LLM only ever provided parameter values. Every other part of the request — the URL, the auth header, the method — was written by a human and committed to the repo.

See How Earl Works for the full security model.

Documentation

Introduction — why Earl exists, how the security model works
Quick Start — install, first call, MCP config in five steps
Writing Templates — HTTP, GraphQL, gRPC, Bash, SQL; auth; result formatting
Template Schema — field-by-field reference
Secrets & Auth — OS keychain storage, OAuth2 flows
External Secrets — 1Password, Vault, AWS, GCP, Azure
MCP Integration — stdio and HTTP transport, full vs. discovery mode
Policy Engine — JWT auth and access control for HTTP deployments
Environments — production, staging, and per-environment overrides
Hardening — SSRF protection, egress allowlist, production checklist
Commands — complete CLI reference
Troubleshooting — keychain errors, template validation, MCP issues

License

MIT