npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@torknetwork/mcp-server

v1.2.0

Published

TORK MCP Server - Governance tools for AI agents

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tork.networktork.network

Keywords

mcpai-governancetorkpiihitltool-governancemodel-context-protocol

Readme

TORK MCP Server

Governance tools for AI agents via Model Context Protocol (MCP).

Part of the TORK Network - AI governance infrastructure for the agentic era.

Installation

npm install @torknetwork/mcp-server

Features

The TORK MCP Server provides 21 governance tools across four categories:

Core Governance Tools

| Tool | Description | |------|-------------| | tork_scan_pii | Scan text for PII (SSN, credit cards, emails, phones, IP addresses, API keys) and optionally redact | | tork_governed_passthrough | Execute tool calls with full governance checks (validation + audit) | | tork_check_policy | Check if an action is allowed by policy without executing it | | tork_audit_stats | Get audit statistics for governance events | | tork_audit_logs | Query audit logs for governance events |

Tool Call Governance

| Tool | Description | |------|-------------| | tork_register_tool | Register a tool with governance policy (allowed agents, targets, blocked flags, rate limits, HITL requirements) | | tork_validate_tool_call | Validate a tool call BEFORE execution - checks registration, agent authorization, target restrictions, blocked flags, and rate limits | | tork_tool_call_stats | Get statistics on tool calls including allowed/blocked counts and rate limit hits |

HITL (Human-in-the-Loop) Enforcement

| Tool | Description | |------|-------------| | tork_request_approval | Submit an action for human approval with velocity tracking for slicing attack detection | | tork_approve_action | Human approves a pending action (with fatigue detection and cool-down enforcement) | | tork_reject_action | Human rejects a pending action (rejections indicate vigilance, no cool-down penalty) | | tork_check_approval | Check the status of an approval request | | tork_velocity_alert | Check for slicing attack patterns - many small requests aggregating to significant impact |

Cloud API Tools (v1.1.0+)

These tools connect to the live Tork Cloud API for centralized governance management. Requires TORK_API_KEY environment variable.

| Tool | Description | |------|-------------| | tork_dashboard | Get dashboard statistics (total tools, agents, policies, pending approvals) | | tork_list_tools | List all registered tools from Tork Cloud | | tork_list_policies | List all governance policies | | tork_get_policy | Get a specific policy by name | | tork_list_approvals | List pending HITL approval requests | | tork_approve | Approve a pending HITL request | | tork_deny | Deny a pending HITL request with reason | | tork_cloud_audit_logs | Query audit logs with filtering | | tork_create_webhook | Create a webhook for HITL notifications (v1.2.0+) | | tork_list_webhooks | List all configured webhooks (v1.2.0+) | | tork_delete_webhook | Delete a webhook by ID (v1.2.0+) | | tork_governance_check | Real-time policy validation against cloud (v1.2.0+) |

Getting an API Key

  1. Sign up at tork.network/signup
  2. Create an account with your email and password
  3. Your API key will be displayed after signup (save it securely!)
  4. Set the environment variable: export TORK_API_KEY=tork_live_xxxxx

Or via API:

curl -X POST https://tork.network/api/v1/auth/signup \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"SecurePass123!","organization_name":"My Company"}'

Usage

With Claude Desktop

Add to your Claude Desktop configuration (~/Library/Application Support/Claude/claude_desktop_config.json):

Basic (local mode only):

{
  "mcpServers": {
    "tork": {
      "command": "npx",
      "args": ["@torknetwork/mcp-server"]
    }
  }
}

With Cloud API (recommended):

{
  "mcpServers": {
    "tork": {
      "command": "npx",
      "args": ["@torknetwork/mcp-server"],
      "env": {
        "TORK_API_KEY": "tork_live_your_api_key_here"
      }
    }
  }
}

Example Prompts for Claude Desktop

Once configured, try these prompts with Claude:

Dashboard & Overview:

  • "Show me the Tork governance dashboard"
  • "List all registered tools in my Tork account"
  • "What governance policies do I have configured?"

Approvals & HITL:

  • "Show me pending approval requests"
  • "Approve request tork_abc123 as reviewer [email protected]"
  • "Deny request tork_xyz789 because it targets production without authorization"

Audit & Compliance:

  • "Show me recent audit logs"
  • "Query audit logs for agent-prod-1 from the last 24 hours"

PII Scanning:

  • "Scan this text for PII: Contact [email protected] at 555-1234"
  • "Check if this message contains sensitive data"

Programmatic Usage

import { spawn } from 'child_process';

const server = spawn('npx', ['@torknetwork/mcp-server'], {
  stdio: ['pipe', 'pipe', 'inherit']
});

// Send MCP requests via stdin, receive responses via stdout

Example: Register a Tool with Governance

{
  "tool": "tork_register_tool",
  "arguments": {
    "tool_name": "database_write",
    "allowed_agents": ["agent-prod-1", "agent-prod-2"],
    "allowed_targets": ["staging", "dev"],
    "blocked_flags": ["--drop-table", "--truncate"],
    "max_calls_per_minute": 10,
    "requires_hitl": true
  }
}

Example: Validate Before Execution

{
  "tool": "tork_validate_tool_call",
  "arguments": {
    "agent_id": "agent-prod-1",
    "tool_name": "database_write",
    "target_environment": "staging",
    "parameters": {
      "query": "INSERT INTO users (name) VALUES ('test')"
    }
  }
}

Security Features

  • PII Detection: Automatically scans for and redacts sensitive data
  • Blocked Flags: Prevents dangerous flags like --force, --no-confirm, --delete-all
  • Rate Limiting: Configurable per-tool rate limits
  • Agent Authorization: Control which agents can call which tools
  • Target Restrictions: Prevent production access from unauthorized contexts
  • HITL Enforcement: Require human approval for sensitive operations
  • Fatigue Detection: Lock reviewers who approve too many requests too quickly
  • Slicing Attack Detection: Detect patterns of many small requests aggregating to significant impact

Configuration

HITL enforcement uses these defaults (configurable in code):

const HITL_CONFIG = {
  max_approvals_per_minute: 5,      // Triggers cool-down after this many approvals
  cool_down_minutes: 15,            // Duration of reviewer lock-out
  velocity_window_minutes: 10,      // Window for detecting slicing attacks
  velocity_threshold_count: 10,     // Max requests before velocity alert
  velocity_threshold_amount: 10000, // Max cumulative amount before velocity alert
  approval_expiry_minutes: 30,      // Approvals expire if not reviewed
};

License

MIT - see LICENSE

Links