io.tooloracle/agentguard
io.tooloracle/agentguard · v1.0.0 · MCP 2025-03-26
AgentGuard — 20-tool AI safety MCP: policy preflight, risk scoring, audit logging, rate limits.
Reachability
reachable
checked 2026-07-14 03:24 UTC
Registry status active
Tools pinned 24
b8ecbc93dd0e
Tools last changed
unchanged since first capture 2026-07-14
Provenance
Registry namespace io.tooloracle
(domain verified by the official registry)
Repository
github.com/tooloracle/agentguard
Remote endpoints
https://feedoracle.io/guard-oracle/mcp/ (streamable-http)
Observed changes
| When (UTC) | Event | Detail |
|---|---|---|
| 2026-07-14 03:24 | first capture | 24 tools pinned |
Pinned tool definitions (24)
| Tool | Description |
|---|---|
| policy_preflight | Pre-flight security check before any tool call. Evaluates all policies, computes risk score, checks rate limits, and returns allow/deny/require_approval decision. Call this BEFORE executing any agent tool. Writes to audit log automatically. |
| tool_risk_score | Compute 0-100 risk score for any tool + input combination. 0=minimal risk (read-only), 100=critical (payment/irreversible). Detects secrets, injection attempts, high-value amounts. Use before deciding whether to proceed with a tool call. |
| approval_required | Check if a tool call requires human approval before execution. Returns requires_approval=true/false with matched policy list. Set register_pending=true to create a trackable approval request with an approval_url for human review. |
| audit_log_write | Write a tool call result to the persistent, signed audit log. Call this AFTER tool execution with the outcome. Each entry is cryptographically signed for tamper-evidence. Essential for compliance, DORA, MiCA audit trail requirements. |
| audit_log_query | Query the persistent audit trail. Filter by agent, tool, decision, time range. Returns signed entries with tamper-detection. Use for compliance reporting, anomaly detection, or agent behaviour analysis. |
| decision_explain | Get a human-readable explanation of why a tool call was allowed or denied. Pass request_id from a previous policy_preflight for stored explanation, or provide tool_name + tool_args for fresh analysis. Explains matched policies, risk... |
| rate_limit_check | Check if an agent has exceeded rate limits. Returns per-window usage (minute/hour/day) with percentage used. Limits: 200/min, 5000/hr, 50000/day per agent. Use before high-frequency tool calls or for agent health monitoring. |
| payment_policy_check | Validate a payment against policy rules before execution. Checks amount limits (>100k warns, >1M blocks), recipient allowlist/denylist, supported currencies/networks, AML reporting thresholds, and MiCA flags. Returns approved/rejected... |
| spend_limit_check | Check if a payment amount stays within agent spend limits. Default limits: 10,000/call, 50,000/hr, 200,000/day. Trusted agents: 100,000/call, 500,000/hr, 2,000,000/day. Returns within_limits=true/false with headroom percentage. |
| secret_exposure_check | Deep scan any text/payload for secrets, credentials, and PII. Detects: API keys (OpenAI, GitHub, AWS), tokens (Slack, Bearer), private keys (ETH, Bitcoin), credentials (passwords, secrets), and PII (emails, credit cards, SSNs). Returns... |
| payload_safety_check | Comprehensive safety scan for injection attacks and dangerous patterns. Detects: prompt injection, jailbreak/DAN attempts, role hijacking, SQL injection (UNION/DROP/OR 1=1), XSS, Python/JS/Shell code injection, path traversal, oversized... |
| replay_guard_check | Detect replay attacks — identical requests sent multiple times in a time window. Uses SHA256 fingerprint of (agent_id + tool_name + args). Default window: 300 seconds (5 min). Returns is_replay=true/false with duplicate count and... |
| cross_tool_anomaly_check | Detect anomalous tool usage patterns across an agent recent history. Checks risky tool combinations (AML-then-payment, wallet-recon-then-transfer), high call frequency, repeated denials, broad reconnaissance, elevated risk scores. |
| scope_check | Check if agent has required scope for a tool. Roles: admin, compliance_officer, trader, auditor, developer, readonly. Returns has_scope + missing scope + granting roles. |
| session_validate | Create/validate/invalidate agent sessions with role, scopes, TTL and call budget. Actions: create|validate|invalidate|info. |
| tenant_policy_check | Multi-tenant governance. Tenants: default, fintech_eu (MiCA/DORA), defi_protocol, enterprise_read. Checks tool blocklists, max risk scores, spend limits. Actions: check|list. |
| threat_intel_check | Check entity against threat intelligence. Auto-detects ETH addresses, IPs, domains. Checks sanctions (Tornado Cash), disposable services, behavioral analysis from audit log. Returns threat_level: none|low|medium|high|critical. |
| output_safety_scan | Post-execution output scanner. Checks tool output for PII leaks (email, phone, SSN, IBAN), secret exposure, data exfiltration patterns (outbound URLs, base64), and tool poisoning (injected instructions). Verdict: clean|warn|flag|block. |
| emergency_kill | Emergency kill-switch. Immediately terminates agent session(s), revokes pending approvals, blocks rate limits, and audit-logs the emergency. Use for: compromised agents, runaway automation, suspicious behavior. kill_type: full|session_only|soft. |
| tool_manifest_verify | Supply-chain verification for MCP tools. Checks publisher identity against allowlist, scans tool descriptions for prompt injection, validates server domain and signing capability. Verdict: trusted|caution|block. |
| approval_resolve | Resolve a pending approval request. Approve or deny a tool call that was flagged for human review. Updates agent state and creates audit trail. Requires authentication. |
| approval_list | List approval requests. Filter by status (pending/approved/denied/all), agent_id, or tool_name. Shows summary stats. |
| policy_register | View the central policy registry. Query tiers (T1-T4), tool classifications, escalation rules. Actions: summary (default), lookup (by tool_name), tiers, rules, tools (by tier_id). |
| guard_metrics | AgentGuard operational metrics. Returns decision stats, top agents/tools, risk distribution, daily activity, approval stats, and tier distribution. |
Status badge
[](https://toolpin.dev/servers/io.tooloracle/agentguard)
Maintain this server? Add the badge to your README — it links your users to this live status page.