DollhouseMCP 2.0 is an open-source MCP server for making and using composable building blocks for AI customization. You build elements as portable MD and YAML files, compose them into stacks, and activate the stacks in any MCP-compatible client.
Element types that drive behavior and permissions:
* Personas: behavioral profiles (how the AI sounds and acts)
* Skills: discrete capabilities (what the AI can do)
* Agents: goal-oriented, multi-step executors
* Ensembles: composed stacks of the above
* Plus templates for structured outputs and memories for persistent context.
Two things I think are actually new here:
1. Identity-based permissioning. When you activate a persona, skill, agent, or ensemble, its permission policy takes effect in the server. Same client, same LLM, different permission surface depending on which active elements are loaded. A read-only analyst persona blocks creates and deletes regardless of what the client allows. A security-focused ensemble can deny specific destructive operations. This runs server-side, after the client approves the call, so policy cannot be overridden by the LLM or the client.
2. A bimodal agent loop. Agents do not run free inside the LLM. Every step hands control back to the MCP server, which evaluates the proposed operation against the active permission stack, runs autonomy and risk checks, enforces any hard blocks, then returns a decision to the LLM with continue, pause, or escalate guidance. The LLM acts on what it is allowed to do, describes the next step, and hands back to the server. The loop repeats until the goal completes or a human is asked to intervene. Higher agency stays observable and bounded instead of opaque.
There's also a audit trail of approved and denied actions a danger zone lockout that will prevent the LLM from doing truly dangerous things if they go through the MCP server. And any active Dollhouse agent that is running through the DollhouseMCP server has it's actions evaluated every step.
I added easy configuration through the web console for a wide variety of MCP clients if you use the one-liner, and there are logs and metrics as well as the local and github hosted portfolio and collection to save your Dollhouse elements and share and use other's. They are all validated and scanned several times along the their distribution path to keep things as safe as we can.
The one-liner install: npx @dollhousemcp/mcp-server@latest --web
Happy to go deep on the permissioning model, the bimodal agent loop, composition patterns, YAML schema, or anything else.
Home: https://dollhousemcp.com Repo: https://github.com/DollhouseMCP/mcp-server Collection: https://collection.dollhousemcp.com
Hope you like it.