npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

agentbrake

v1.0.0

Published

The safety control plane for AI agents — a transparent MCP proxy that enforces security policies on tool calls in real-time.

Downloads

90

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ujjwaljain16ujjwaljain16

Keywords

mcpmodel-context-protocolai-safetyagentsecuritygovernanceproxymiddlewarepolicy-enginedlpcircuit-breakerrate-limitinghuman-in-the-loop

Readme

AgentBrake 🛡️

The Safety Control Plane for AI Agents.

License: MIT Docker Image

"Run AI agents at full throttle — without losing control."

AgentBrake is a transparent Model Context Protocol (MCP) proxy that enforces safety policies on AI tool calls in real-time. It sits between your agent (Archestra, LangChain, etc.) and your tools, blocking dangerous actions before they happen.

🚀 Quick Demo: Stop a Rogue Agent

See AgentBrake intercept a simulated "Rogue Agent" trying to steal secrets.

Option 1: Docker (Recommended)

# Start the Research Agent demo (Blocks attacks + HITL automatically)
docker compose up --build

Option 2: Local (Node.js)

npm install
npm run build
npm run demo:rogue

What you'll see:

  • Allow: Safe tools (calculator) pass through.
  • 🛡️ Block: DLP rules stop access to /app/.env.
  • HITL: Critical actions trigger Human-in-the-Loop approval.

✨ Features

  • 🛡️ Semantic Firewall: Block tools based on arguments (regex), not just names.
    • Example: Allow read_file only for /tmp/*. Block *.env.
  • 💰 Budget Enforcement: Limit spending per session (Mock currency or token counts).
  • 🔌 Circuit Breaker: Auto-cut connection if tools fail repeatedly (e.g., 5 errors in 60s).
  • 👮 Human-in-the-Loop: Pause execution for approval via Slack/Webhook for sensitive actions.
  • 📜 Policy-as-Code: Configure everything via a single YAML file (enterprise-config.yml).
  • 📊 JSON Logging: Structured logs for every decision (ALLOW, BLOCK, KILL).

🏗️ How It Works

AgentBrake operates as a transparent proxy between your AI Agent (the client) and its Tools (the server).

  1. Intercept: The agent sends a JSON-RPC request (e.g., call_tool: search_web) to AgentBrake.
  2. Evaluate: AgentBrake pauses the request and runs it through the Policy Engine, checking:
    • Identity: Is this agent allowed to use this tool?
    • Content: Do the arguments match DLP blocklists (e.g., regex for .env)?
    • Context: Has the budget been exceeded? Is the tool failing repeatedly?
    • Approval: Does this specific action require human verification?
  3. Enforce:
    • ALLOW: Request is forwarded to the actual tool. Result is returned to the agent.
    • 🛡️ BLOCK: Request is rejected. The agent receives a standard error (e.g., "Access Denied").
    • 🛑 KILL: The entire session is terminated immediately (for high-risk violations).
    • HITL: The system waits for an external signal (e.g., webhook/Slack) before proceeding.

Architecture Diagram

sequenceDiagram
    participant Agent as 🤖 AI Agent
    participant Brake as 🛡️ AgentBrake
    participant Admin as 👩‍💻 Human Admin
    participant Tool as 🏢 Real Tool

    Agent->>Brake: Call Tool (read_file)
    Brake->>Brake: Check Policies (DLP, Budget)
    
    alt Policy Violation
        Brake--xAgent: 🚫 Blocked / Access Denied
    else Sensitive Action
        Brake->>Admin: 📩 Request Approval
        Admin-->>Brake: ✅ Approve
        Brake->>Tool: Forward Request
        Tool-->>Brake: Result
        Brake-->>Agent: Result
    else Safe Action
        Brake->>Tool: Forward Request
        Tool-->>Brake: Result
        Brake-->>Agent: Result
    end

⚙️ Configuration

Create an enterprise-config.yml (or mount it in Docker):

version: "3.0"
agent:
  name: "production-agent"
  trust_level: "sandbox"

policies:
  global:
    on_violation: "block"

  limits:
    budget:
      max_cost: 50.0
      warn_threshold: 0.8
    circuit_breaker:
      failure_threshold: 5
      reset_timeout_seconds: 60

  security:
    allowed_tools:
      - "read_file"
      - "search_web"
    
    # Granular DLP Rules
    granular_rules:
      - tool: "read_file"
        deny_if:
          arguments:
            path: ".*(password|secret|\\.env).*"
        action: "kill"

📦 Installation

Docker (Generic)

services:
  agent-brake:
    image: ujjwaljain16/agentbrake:latest
    volumes:
      # Mount your config to /app/agent-brake.yml (default lookup path)
      - ./my-config.yml:/app/agent-brake.yml:ro
    environment:
      # Or specify a custom path
      - AGENT_BRAKE_CONFIG=/app/custom-config.yml
    ports:
      - "3000:3000"

NPM

npm install
npm run build
# Wrap your MCP server
AGENT_BRAKE_CONFIG=./my-config.yml node dist/proxy/index.js node path/to/your/server.js

🛣️ Roadmap

  • [x] V1: Basic Allow/Block Policies
  • [x] V2: Regex DLP & Logging
  • [x] V3: Resilience (Circuit Breaker, Budget, HITL) & Docker
  • [ ] V4: Sandbox isolation & Multi-agent orchestration support

🤝 Contributing

Pull requests are welcome! Please run npm test before submitting.

📄 License

MIT © Ujjwal Jain