Spring AI Playground

Safe Local Execution Layer for AI Agent Tools

Spring AI Playground is a cross-platform desktop app for building, testing, validating, and executing MCP tools in a controlled local environment. It helps you create reusable MCP tools once and use them across macOS, Windows, and Linux through a self-contained runtime. Unlike platforms that focus primarily on generating agents or authoring tools, Spring AI Playground focuses on making the tools it manages inside the app safer and easier to inspect before reuse.

No pass, no run.

Every tool you build earns a Local Pass — a local test-run with your sample arguments. Only passing tools are added live to the built-in MCP server and become callable from Agentic Chat. A tool that has not passed is never exposed to an agent.

In Tool Studio, new or updated built-in tools are test-run before they are published to the built-in MCP server. You do not need to know Java, Spring, or JVM internals to use it. If you can install a desktop app and write a small JavaScript function, you can build tools here and connect them to hosts and clients such as Claude Desktop, Claude Code, Cursor, IDEs, and other MCP-compatible environments.

The Problem

AI agents can generate tools quickly, but generated tools are not inherently safe to execute.

• It is often unclear what actually runs at execution time
• Failures are difficult to predict before real usage
• Execution is not easily traceable or inspectable

Most platforms focus on creation.

Very few make verification part of the default workflow for built-in tool publication.

Who is this for?

• Developers building MCP tools who want validation built into the default workflow
• Teams connecting MCP tools into Python, Node.js, or mixed-stack agent environments
• Users of Claude Desktop, Claude Code, Cursor, and other MCP-compatible environments

Quick Start

The fastest path is the desktop app distributed through GitHub Releases.

Spring AI Playground is a standalone desktop app, so you can install it and start building MCP tools without setting up a Java project, Docker environment, or source build first.

1. Download the Desktop App

Choose the installer for your platform from the latest release:

Each badge resolves to the latest published release automatically and opens a confirm dialog with the filename, size, and OS-specific default save path. The downloaded file keeps the version in its name (e.g. spring-ai-playground-0.2.0-M4-mac-arm64.dmg). Or browse all available assets on the Releases page.

2. Install and Launch

Install the app like a normal desktop application, then launch Spring AI Playground from your applications menu.

The desktop app bundles the backend runtime together with a launcher that provides provider starter templates, YAML override editing, environment-variable based secret handling, and one-click launch.

If you install the app, you can run Spring AI Playground immediately without setting up Docker or running the source manually.

macOS

Gatekeeper may block the install flow in two places:

• When you open the downloaded DMG, macOS may show a warning such as “cannot be opened because the developer cannot be verified.” If you trust the release source, go to System Settings > Privacy & Security and click Open Anyway.
• After copying the app into Applications, macOS may block the first app launch again. If that happens, open the app once, then return to System Settings > Privacy & Security and click Open Anyway.

If the app still doesn’t open because it remains quarantined, and you trust the app, one practical workaround is:

xattr -dr com.apple.quarantine "/Applications/Spring AI Playground.app"

Windows

The most common warning appears when you run the downloaded installer (.exe).

If Microsoft Defender SmartScreen shows a warning such as “Windows protected your PC” or says the app is unrecognized:

• Click More info
• Then click Run anyway

Linux

Separate Gatekeeper- or SmartScreen-style reputation warnings are uncommon. When installing the .deb or .rpm package, you usually only need to complete the normal package-install confirmation steps.

For more detailed platform guidance, see the Getting Started guide.

Verify Your Download

Each release ships with two integrity guarantees. You do not have to verify, but it is recommended for production use.

1. SHA-256 checksum — every installer has a matching .sha256 file in the release assets.

# macOS / Linux
shasum -a 256 -c spring-ai-playground-0.2.0-M4-mac-arm64.dmg.sha256

# Windows (PowerShell)
Get-FileHash spring-ai-playground-0.2.0-M4-win-x64.exe -Algorithm SHA256
# compare the value with the one inside the .sha256 file

2. Sigstore build provenance (SLSA) — every installer is signed by the official GitHub Actions release workflow using a short-lived Sigstore key, and the attestation is recorded in the public transparency log.

gh attestation verify spring-ai-playground-0.2.0-M4-mac-arm64.dmg \
  --owner spring-ai-community

A successful verification proves the file came from this repo's release workflow and was not tampered with after build.

Documentation

Detailed installation, configuration, features, and tutorials live in the documentation site:

• Documentation site: https://spring-ai-community.github.io/spring-ai-playground/
• Getting Started: https://spring-ai-community.github.io/spring-ai-playground/getting-started/
• Features: https://spring-ai-community.github.io/spring-ai-playground/features/
• Tutorials: https://spring-ai-community.github.io/spring-ai-playground/tutorials/

Alternative runtimes are still supported:

• Docker for server-style deployment
• local source execution for development workflows and MCP STDIO testing

Why Spring AI Playground?

• Built-In MCP Server: Publish tools directly from the app and expose them immediately through the built-in MCP server instead of wiring ad-hoc local scripts by hand.
• No Pass, No Run Workflow: In Tool Studio, built-in tools are test-run before they are published, making validation part of the default product flow instead of an optional afterthought.
• Executable Tool Validation: Test tools with real inputs, outputs, and runtime constraints before you reuse them from other MCP-compatible hosts and clients.
• Secure Secret Management: Keep API keys and sensitive configuration out of YAML and manage them through the desktop app's secret storage and launcher-backed environment settings. When OS-backed secure storage is unavailable, the app clearly warns before falling back to plain-text local storage.
• Tool-to-Agent Workflow: Create tools in Tool Studio, inspect them through MCP, and use them in Agentic Chat in one continuous workflow.
• Provider Agnostic: Switch between Ollama, OpenAI, and other OpenAI-compatible APIs without changing the overall workflow.
• OS-Independent Tool Runtime: Tools are authored once as JavaScript and run through the same bundled runtime, so the same tool definition works consistently across macOS, Windows, and Linux.
• Single-Agent Execution: Use validated built-in tools together with grounded context (RAG) in Agentic Chat to handle focused, practical workflows without needing a larger orchestration layer. Agentic Chat can also call tools exposed by MCP servers that you explicitly connect and trust.

The intended workflow is practical and composable:

• create or adapt tools in Tool Studio
• test them before publishing
• expose them through the built-in MCP server
• inspect them through MCP Inspector
• index knowledge in Vector Database
• combine tools and documents in Agentic Chat

Why Not Just Use Agent Builders?

Agent builders focus on generating tools and composing workflows.

Spring AI Playground focuses on validating tools and controlling exec