npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agentsid/guard

v0.1.1

Published

MCP server for safe shell, file, database, git, and HTTP access. Every operation validated against per-agent permission rules. Powered by AgentsID.

Downloads

45

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

stevenkozeniesky03stevenkozeniesky03

Keywords

mcpmcp-servershellfile-systemdatabasegithttpsecurityai-agentspermissionsagentsidclaude-codecursorcodexguard

Readme

Your AI agent has access to your shell, file system, database, git repos, and the internet. Right now, nothing controls what it can do with any of them.

AgentsID Guard fixes that. 11 tools across 5 categories — shell, files, database, git, HTTP — every operation validated against per-agent permission rules before execution.

How It Works

Agent: shell_run("ls -la /src")
  → Classified: shell.read.ls
  → AgentsID: ALLOWED ✓
  → Executes normally

Agent: shell_run("rm -rf /data")
  → Classified: shell.danger.rm
  → AgentsID: BLOCKED ✗
  → Never executes

Agent: db_query("DROP TABLE users")
  → Classified: db.danger.ddl
  → AgentsID: BLOCKED ✗
  → Never executes

Agent: git_run("push origin main")
  → Classified: git.write.push
  → AgentsID: BLOCKED ✗
  → Never executes

Quick Start

1. Install

npx @agentsid/guard

2. Get your keys

Sign up at agentsid.dev/dashboard — free tier: 25 agents, 10K events/month.

3. Add to Claude Code

claude mcp add guard \
  -e AGENTSID_PROJECT_KEY=aid_proj_your_key \
  -e AGENTSID_AGENT_TOKEN=aid_tok_your_token \
  -- npx @agentsid/guard

4. Set permissions

npx agentsid register-agent --name "my-agent" \
  --permissions "shell.read.*" "file.read" "file.list" "git.read.*" "http.get"

Tools

AgentsID Guard exposes 11 MCP tools:

| Tool | What it does | Permission pattern | |------|-------------|-------------------| | shell_run | Execute a shell command | shell.read.*, shell.write.*, shell.danger.*, shell.admin.* | | file_read | Read a file | file.read | | file_write | Write/create a file | file.write | | file_delete | Delete a file | file.delete | | file_list | List directory contents | file.list | | file_info | Get file metadata | file.info | | db_query | Run a SQL query | db.read, db.write.*, db.danger.* | | git_run | Run a git command | git.read.*, git.write.*, git.danger.* | | http_request | Make an HTTP request | http.get, http.post, http.put, http.delete | | check_permission | Check if an action would be allowed | — | | list_categories | List all permission categories | — |

Permission Categories

Shell

| Pattern | Commands | Risk | |---------|----------|------| | shell.read.* | ls, cat, grep, find, ps, df, curl, ping | Safe | | shell.write.* | mkdir, touch, cp, mv | Moderate | | shell.danger.* | rm, chmod, chown, kill | High | | shell.admin.* | sudo, docker, apt, npm, systemctl | Critical |

Files

| Pattern | Operations | Risk | |---------|-----------|------| | file.read | Read file contents | Safe | | file.list | List directories | Safe | | file.info | File metadata | Safe | | file.write | Create/write files | Moderate | | file.delete | Delete files | High |

Database

| Pattern | Statements | Risk | |---------|-----------|------| | db.read | SELECT, SHOW, DESCRIBE, EXPLAIN | Safe | | db.write.insert | INSERT | Moderate | | db.write.update | UPDATE | Moderate | | db.write.create | CREATE | Moderate | | db.danger.delete | DELETE | High | | db.danger.ddl | DROP, TRUNCATE, ALTER | Critical |

Git

| Pattern | Commands | Risk | |---------|----------|------| | git.read.* | status, log, diff, branch, show, blame | Safe | | git.write.* | add, commit, push, pull, merge, checkout, stash | Moderate | | git.danger.* | reset, force-push | Critical |

HTTP

| Pattern | Methods | Risk | |---------|---------|------| | http.get | GET | Safe | | http.post | POST | Moderate | | http.put | PUT | Moderate | | http.delete | DELETE | High |

Permission Examples

Read-only research agent:

shell.read.*    → allow
file.read       → allow
file.list       → allow
db.read         → allow
git.read.*      → allow
http.get        → allow

Developer agent (read + write, no destructive):

shell.read.*    → allow
shell.write.*   → allow
file.read       → allow
file.write      → allow
file.list       → allow
db.read         → allow
db.write.*      → allow
git.read.*      → allow
git.write.*     → allow
http.get        → allow
http.post       → allow

Full access with approval gates:

shell.read.*    → allow
shell.write.*   → allow
shell.danger.*  → allow (requires approval)
shell.admin.*   → allow (requires approval)
file.*          → allow
db.read         → allow
db.write.*      → allow
db.danger.*     → allow (requires approval)
git.*           → allow
http.*          → allow

Environment Variables

| Variable | Required | Description | |----------|----------|-------------| | AGENTSID_PROJECT_KEY | Yes | Your AgentsID project key | | AGENTSID_AGENT_TOKEN | Yes | Agent token for permission checks | | AGENTSID_BASE_URL | No | API URL (default: https://agentsid.dev) | | GUARD_CWD | No | Working directory (default: cwd) | | GUARD_TIMEOUT | No | Command timeout in ms (default: 30000) | | GUARD_ALLOWED_DIRS | No | Comma-separated allowed directories for file ops (default: cwd) | | GUARD_DB_URL | No | Database connection string for db_query (postgresql://, mysql://, or .db path) |

Security

  • Deny-first — unknown commands and tools are blocked by default
  • Path containment — file operations restricted to allowed directories
  • Fail-closed — network errors to AgentsID result in denial, not bypass
  • Audit trail — every allow and deny logged to AgentsID's tamper-evident hash chain
  • No shell injection — commands executed via execSync with no shell interpolation of user input in tool arguments

Dashboard

Every operation appears in your AgentsID dashboard:

  • Which agent ran which command
  • Whether it was allowed or denied and why
  • Full audit trail across all 5 categories

Links

License

MIT