npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@dinpd/ai-agent-guard

v0.1.0

Published

Runtime authorization guard for AI agent tool calls.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

dddiiidddiii

Keywords

ai-agentsagentguardrailstool-callingmcpauthorizationpolicypiicircuit-breaker

Readme

@dinpd/ai-agent-guard

Dependency-free runtime guard for AI agent tool calls.

Use this package before an agent executes a tool, API call, browser action, message send, payment, refund, export, or production change.

Install it from npm:

npm install @dinpd/ai-agent-guard

The first use case is simple: put a circuit breaker and approval gate in front of your agent's tools so loops, spend spikes, duplicate side effects, and PII egress are caught before execution.

The guard returns one of three decisions:

  • allow: execute the tool call.
  • challenge_required: pause and ask for approval.
  • deny: block execution.

Five-Minute Path

Install the package:

npm install @dinpd/ai-agent-guard

Run the local demos:

git clone https://github.com/dinpd/AgentPass.git
cd AgentPass/packages/guard
npm install
npm run demo:quickstart
npm run demo:mcp

The quickstart demo shows the intended first integration:

  1. A normal tool call executes.
  2. A repeated tool call is allowed once.
  3. The third identical call is denied.
  4. A PII email pauses for approval.

Copy one of the starter policies and tighten it for your agent:

Copy-Paste Wrapper

import { createToolGate } from "@dinpd/ai-agent-guard";

const gate = createToolGate({
  policy: {
    tools: {
      "web.search": { action: "read" }
    },
    budgets: {
      maxIdenticalToolCallsPerJob: 2,
      maxEstimatedCostUsdPerJob: 1
    }
  }
});

async function runAgentTool(toolCall) {
  const execution = await gate.run(
    {
      agentId: "research-agent",
      jobId: toolCall.jobId,
      tool: toolCall.name,
      action: "read",
      resource: toolCall.query,
      callFingerprint: `${toolCall.name}:${toolCall.query}`,
      estimatedTokens: toolCall.estimatedTokens,
      estimatedCostUsd: toolCall.estimatedCostUsd
    },
    () => executeTool(toolCall)
  );

  if (!execution.executed) {
    return execution.decision;
  }

  return execution.result;
}

Tool Gate

Use createToolGate when you want AgentPass to sit directly in front of tool execution:

import { createToolGate } from "@dinpd/ai-agent-guard";

const gate = createToolGate({ policy });

const execution = await gate.run(
  {
    agentId: "support-agent",
    jobId: "case-1042",
    tool: "stripe.refund",
    action: "pay",
    resource: "payment/pi_123",
    amountUsd: 49,
    idempotencyKey: "refund-case-1042-pi_123"
  },
  () => stripe.refunds.create({ payment_intent: "pi_123", amount: 4900 })
);

if (!execution.executed) {
  return execution.decision;
}

return execution.result;

MCP Tool-Call Gate

Use createMcpToolGate when you want to guard MCP tools/call requests before forwarding them to a provider or internal MCP server:

import { createMcpToolGate } from "@dinpd/ai-agent-guard";

const gate = createMcpToolGate({
  policy,
  mappings: {
    "provider.billing.issue_credit": {
      resource: (args) => `provider/customer/${String(args.customerId)}`,
      amountUsd: (args) => Number(args.amountUsd),
      idempotencyKey: (args) => String(args.idempotencyKey)
    }
  }
});

const execution = await gate.run(
  {
    params: {
      name: "provider.billing.issue_credit",
      arguments: {
        customerId: "cus_123",
        amountUsd: 49,
        idempotencyKey: "credit-case-1042-cus_123"
      }
    }
  },
  {
    agentId: "support-agent",
    jobId: "case-1042",
    userId: "user-17"
  },
  ({ call }) => forwardMcpToolCall(call)
);

if (!execution.executed) {
  return execution.decision;
}

The MCP adapter is dependency-free. It accepts a plain MCP-style { params: { name, arguments } } object, maps arguments into an AgentPass guard check, and uses the same allow / deny / challenge_required result as the local tool gate.

What It Checks

  • Closed-world tool declarations
  • Tool/action mismatches
  • Approval requirements
  • Amount caps
  • Idempotency keys and single-use actions
  • PII/sensitive-data movement to unsafe destinations
  • Field allowlists and blocked fields
  • Destination domain allowlists
  • Per-job tool-call, same-tool, identical-call, retry, token, cost, and runtime budgets
  • Soft budget thresholds that return challenge_required before hard denial
  • Optional callFingerprint values for detecting repeated tool calls without storing full tool parameters

This package is intentionally local and in-memory for the initial package. Persistent approvals, policy distribution, shared counters, and audit export belong in the runtime service layer.

Local Demo

npm install
npm test
npm run demo:quickstart
npm run demo:mcp
npm run demo
npm run demo:circuit
npm run demo:gate
npm run demo:pii

The refund demo shows the initial runtime-guard story:

  1. A support agent proposes a refund.
  2. The guard returns challenge_required.
  3. The approved refund succeeds once.
  4. A retry with the same idempotency key is denied.
  5. A PII email to an unapproved destination is denied.

The circuit-breaker demo shows tool-thrashing and spend controls:

  1. Repeated identical tool calls are denied.
  2. Soft token/cost thresholds pause for approval.
  3. Hard token/cost caps deny execution even after approval.

The PII demo shows destination-specific data movement rules:

  1. CRM PII read into agent context is allowed.
  2. Customer email requires approval.
  3. Unknown webhook destinations are denied.
  4. Raw PII prompts to model providers are denied.
  5. Bulk file exports are capped by record count.
  6. High-risk fields are blocked for browser automation.