npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@weave_protocol/hundredmen

v1.1.1

Published

Real-time MCP security proxy - intercepts, scans, and gates AI agent tool calls. Now with WARD.md policy enforcement.

Downloads

597

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

tyox-alltyox-all

Keywords

mcpmodel-context-protocolai-securityai-agentssecurityproxyinterceptordrift-detectionreputationwardagent-policyweave-protocolclaudellm

Readme

🔍 @weave_protocol/hundredmen

npm version npm license

Real-time MCP security proxy that intercepts, scans, and gates AI agent tool calls. v1.1.0 enforces WARD.md policies at the interception layer.

Old English "hundredmen" — the watchers of a hundred. Local officials who knew everyone passing through and could stop trouble before it spread.

Part of the Weave Protocol security suite.

🆕 v1.1.0 — WARD.md enforcement

Hundredmen now reads your project's WARD.md and enforces it at the MCP interception layer. Calls that violate the declared policy are blocked before they ever reach the underlying MCP server.

my-agent/
├── AGENTS.md          # what the agent does          (Google's format)
├── SKILL.md           # how the agent does it        (Anthropic's format)
├── WARD.md            # what the agent can't do      ← Hundredmen enforces
└── ...

Auto-detection on startup:

🔍 Weave Hundredmen MCP Server running
🛡️  WARD.md loaded from /Users/me/my-agent/WARD.md (My Agent Security Policy)

When a call violates the policy:

{
  "decision": "auto_blocked",
  "decisionReason": "WARD: Tool 'shell_exec' is in the deny list."
}

When a call requires human approval per WARD:

{
  "decision": "pending_review",
  "decisionReason": "WARD requires approval: Tool 'deploy' requires human approval before execution."
}

If no WARD.md is present, Hundredmen behaves exactly as v1.0 did — zero impact.

Install

npm install @weave_protocol/hundredmen

Use as a Claude Desktop MCP server

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "hundredmen": {
      "command": "npx",
      "args": ["-y", "@weave_protocol/hundredmen"]
    }
  }
}

Restart Claude Desktop. If you have a WARD.md in the CWD or set $WEAVE_WARD_PATH, Hundredmen will pick it up automatically.

How WARD integration works

When a tool call arrives at Hundredmen, the gating order is:

  1. WARD policy (new in v1.1.0) — capability/filesystem/network rules from your WARD.md
  2. Critical scan issues — blocked content in args
  3. Reputation — server trust score
  4. Intent / drift — declared vs actual analysis
  5. Manual approval queue — if any earlier gate said require_approval

WARD is the first gate. A WARD deny short-circuits everything else.

WARD's filesystem and network checks fire automatically when tool arguments look like file paths (path, file, filepath, target, ...) or URLs (url, endpoint, uri, ...). You don't have to teach Hundredmen which tools touch what — it inspects the call shape.

MCP tools

🆕 WARD policy (v1.1.0)

  • hundredmen_load_ward({ path? }) — load a WARD.md file
  • hundredmen_show_ward() — show the active policy
  • hundredmen_check_ward({ tool, args }) — dry-run a tool call against the policy
  • hundredmen_unload_ward() — disable WARD enforcement for the session

Session & intent

  • hundredmen_create_session({ agent_id? })
  • hundredmen_declare_intent({ session_id, intent })
  • hundredmen_diff_intent({ session_id })
  • hundredmen_end_session({ session_id, reason? })

Call inspection

  • hundredmen_get_live_feed({ session_id?, server?, status?, limit? })
  • hundredmen_get_pending()
  • hundredmen_approve_call({ call_id, approved_by? })
  • hundredmen_block_call({ call_id, blocked_by?, reason? })
  • hundredmen_get_call_history({ ... })

Reputation

  • hundredmen_check_reputation({ server_id })
  • hundredmen_list_servers({ filter?, min_score? })
  • hundredmen_report_suspicious({ server_id, report_type, description, evidence? })
  • hundredmen_get_server_stats({ server_id })

Config & stats

  • hundredmen_get_config() / hundredmen_set_policy({ ... })
  • hundredmen_get_stats()

Programmatic use

import { Interceptor, WardPolicyManager } from '@weave_protocol/hundredmen';

const interceptor = new Interceptor();
const wardManager = new WardPolicyManager();

// Auto-detect from CWD or $WEAVE_WARD_PATH
wardManager.autoLoad();

// Or explicit path
wardManager.loadFromPath('./policies/strict.WARD.md');

interceptor.setWardManager(wardManager);

// Now every call routed through interceptor.intercept() is checked against WARD
const call = await interceptor.intercept(sessionId, server, tool, args);
console.log(call.decision); // 'auto_approved' | 'auto_blocked' | 'pending_review'

Example WARD.md

---
ward: "1.0"
agent: my-agent
---

# WARD.md

## Capabilities
allow:
  - file_read
  - file_write
requireApproval:
  - deploy
  - secrets_read
deny:
  - shell_exec
  - eval
default: deny

## Filesystem
allow:
  - read: /workspace/**
  - write: /workspace/output/**
deny:
  - read: ~/.ssh/**
  - read: ~/.aws/**
default: deny

## Network
allow:
  - url: "https://api.openai.com/**"
  - url: "https://api.anthropic.com/**"
default: deny

## Behavioral Limits
maxCostUSD: 5.00
maxRuntimeSeconds: 300

See @weave_protocol/ward for the full WARD.md specification.

License

Apache 2.0 — see LICENSE.