Hal

Turns any HTTP endpoint into an MCP tool, with built-in support for OpenAPI/Swagger specs that auto-generate the tooling for you. Handles GET, POST, PUT, PATCH, DELETE, and HEAD requests. The secret management system is well thought out: define credentials as environment variables, reference them with template syntax like {secrets.api_key}, and HAL substitutes them at request time while automatically redacting any leaked values from responses. You can namespace secrets and restrict them to specific URL patterns, so your Azure keys only work with Azure domains. Load OpenAPI specs from local files or URLs, point it at your base URL, and you're making authenticated API calls through Claude without exposing tokens in the conversation.