Introduction

What is TengineAI?

TengineAI is execution infrastructure for AI tool calls.

It provides a remote MCP server that exposes your HTTP APIs as tools to AI runtimes. You define which endpoints the model can call. TengineAI handles authentication, execution, identity injection, and usage control — and returns structured results to the model.

TengineAI does not provide prebuilt third-party integrations. Instead, you define the HTTP APIs your model can call, and TengineAI handles the rest. Think of it as the execution layer between the model and your services.

TengineAI is to MCP tools what API Gateway is to REST APIs.

TengineAI works with any MCP-compatible model SDK or client. Anthropic is used throughout the documentation as the reference implementation because it is the most widely used and fully tested today.

---

Who Is This For?

TengineAI is built for developers who are building AI-powered products and need tool calls to execute safely against real APIs.

TengineAI is the right fit if:

• You are building a multi-tenant AI SaaS and need tool calls attributed to individual users
• You want to expose your own internal or external APIs to a model without building MCP tooling from scratch
• You need centralized control over which tools are available, with the ability to enable/disable them without redeploying
• You want usage visibility for tool calls across your project
• You want outbound requests to your APIs to be authenticated (HMAC-signed or bearer token) and carry member identity context

TengineAI is not the right fit if:

• You only need the model to call a single static endpoint — a direct API call in your code is simpler
• You want to execute tools entirely offline with no external network access
• You need the model to execute arbitrary code or manage infrastructure — TengineAI is tool execution, not an agent runtime

---

How TengineAI Works

┌─────────────┐         ┌──────────────────┐         ┌─────────────────────┐
│             │         │                  │         │                     │
│  MCP Client │────────▶│   TengineAI      │────────▶│   Your APIs         │
│  (Runtime)  │         │ (Execution Layer)│         │ (CRM, billing,      │
│             │◀────────│                  │◀────────│  internal services, │
└─────────────┘         └──────────────────┘         │  public APIs)       │
                                                     └─────────────────────┘

Copy

Flow:

1. An MCP client (Claude Desktop, Cursor, or programmatic SDK) connects to TengineAI
2. The client authenticates using an API key or a user-scoped session token
3. TengineAI returns the project's enabled tools — only the ones you defined
4. The model selects a tool to execute
5. TengineAI renders the request template, injects member identity, signs the request (if configured), and forwards it to your API
6. Your API executes the request and returns a response
7. TengineAI returns the response to the model
8. The model receives the result and continues execution

---

Core Concepts

TengineAI uses five primitives:

Projects

Isolated execution environments. Each project has its own API keys, integrations, and enabled tools. A token from one project cannot access another project's tools or configuration.

Tools

HTTP endpoints you register with TengineAI that the model can call. You define the name, description, HTTP method, URL template, input schema, and authentication strategy. TengineAI handles execution.

Tools are opt-in per project. The model only sees what you enable.

Integrations

MCP client connections. An integration defines how a model runtime (Claude Desktop, Cursor, custom SDK) authenticates with TengineAI.

API Keys

Project-scoped credentials (tengine_...). They authenticate requests from your application to TengineAI. Use them for server-to-server workflows and automation pipelines where all calls share a single project identity.

User-Scoped Sessions (Member Session Tokens)

Short-lived JWTs (tng_mst_..., 15-minute TTL) that scope an MCP session to a specific end user. Your backend mints them server-side by presenting a cryptographically signed member_assertion. TengineAI verifies it and issues the session token.

Use member session tokens when each end user should have their tool calls attributed to them individually.

---

Reliability Guarantees

• Retries won't duplicate writes — Safe retry handling prevents duplicate side effects when the model or SDK retries
• Tool calls are logged — Every invocation has a Run ID and appears in Run history
• Keys revoke across sessions — Revocation takes effect immediately for all active sessions

See Execution Model for details on retries, request IDs, and key revocation behavior.

---

Authentication Modes

TengineAI supports two client authentication modes:

Mode	Token	Use Case
API Key	tengine_...	Workflows, automation, server-to-server
User-Scoped	tng_mst_...	Multi-tenant apps, per-user tool execution

Both modes pass the credential as the authorization_token in the Anthropic SDK's mcp_servers configuration.

See API Keys and User-Scoped Sessions for full details.

---

What TengineAI Is Not

TengineAI is not:

• A prebuilt integration catalog (no Gmail connector, no Reddit connector, no SaaS OAuth flows)
• An agent framework
• A model hosting service
• A workflow orchestrator
• A prompt management system

It is execution infrastructure. You define the tools. The model decides what to call. TengineAI executes it safely.

The model can only call tools you have explicitly registered and enabled. TengineAI does not fetch arbitrary URLs — every endpoint the model can reach was configured by you.

---

Next Steps

• Get Started in 5 Minutes – Register a tool and run your first model-invoked API call
• Architecture Overview – Understand the full execution flow
• Execution Model – Retries, request IDs, key revocation
• API Keys – Project-scoped authentication
• User-Scoped Sessions – Per-user session tokens for multi-tenant apps
• Custom Tools – How to define and configure tools