guardian-safety-mcp
v0.1.1
Published
MCP server for Guardian Safety Gate — allow AI agents to evaluate and execute governed actions through a safety policy layer.
Maintainers
Readme
Guardian MCP Server
Model Context Protocol (MCP) server for Guardian Safety Gate — enables AI agents like Claude to evaluate and execute governed actions through a safety policy layer.
What is this?
This MCP server exposes Guardian's intent evaluation and execution API as native tools that AI agents can call. When an AI agent wants to perform a sensitive action (like sending a payment, deleting data, or issuing a refund), it can:
- Call
guardian_evaluateto check if the action is allowed by your policies - If allowed, perform the actual action
- Call
guardian_executeto confirm the execution back to Guardian for audit logging
Important: Guardian is a safety gate, not a self-driving controller. The AI can ask for permission and execute pre-approved actions, but it cannot approve intents, modify policies, or bypass human oversight. Those powers stay with humans.
Installation
For Claude Desktop
- Install the server globally:
npm install -g guardian-safety-mcp- Add to your Claude Desktop config file.
macOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows (direct download):
%APPDATA%\Claude\claude_desktop_config.jsonWindows (Microsoft Store version):
%LOCALAPPDATA%\Packages\Claude_pzs8oxrjxfjjc\LocalCache\Roaming\Claude\claude_desktop_config.json{
"mcpServers": {
"guardian": {
"command": "guardian-mcp",
"env": {
"GUARDIAN_API_KEY": "your-guardian-api-key",
"GUARDIAN_BASE_URL": "https://guardian-backend-orc1.onrender.com"
}
}
}
}Note: If
guardian-mcpis not found on Windows, use the full path:"command": "cmd", "args": ["/c", "C:\\Users\\YOUR_USERNAME\\AppData\\Roaming\\npm\\guardian-mcp.cmd"]
- Restart Claude Desktop
For Cursor / Other MCP Clients
Same installation, but refer to your client's MCP configuration docs.
Configuration
Set these environment variables:
GUARDIAN_API_KEY(required): Your Guardian API key from Settings → API KeysGUARDIAN_BASE_URL(optional): Guardian backend URL (defaults to production)
Available Tools
guardian_evaluate
Check an action with Guardian before executing it.
Parameters:
actionType(string, required): The type of action (e.g.payment.send,user.delete)payload(string, required): JSON string with the action datarequester(string, optional): Identifier for the trigger source (e.g.claude-desktop,[email protected])projectSlug(string, optional): Project slug to scope this intentidempotencyKey(string, optional): Unique key to prevent duplicate evaluationstestMode(boolean, optional): Run in test mode without consuming quota
Returns:
decision:ALLOW,DENY, orREQUIRE_APPROVALreason: Human-readable explanationintentRunId: ID for tracking this intent- Full Guardian API response
guardian_execute
Confirm that an already-approved intent was executed.
Parameters:
intentRunId(string, required): The intentRunId fromguardian_evaluatepayload(string, optional): The same payload used in the evaluate step
Returns:
- Confirmation of execution logged in Guardian
guardian_check_status
Check the current status of a pending intent.
Parameters:
intentRunId(string, required): The intentRunId to check
Returns:
- Current status and decision of the intent
Example Usage
When Claude wants to send a payment, it will:
- Evaluate the intent:
guardian_evaluate({
actionType: "payment.send",
payload: '{"amount": 1000, "recipient": "[email protected]"}',
requester: "claude-desktop"
})If ALLOW, Claude performs the actual payment via your payment API
Confirm execution:
guardian_execute({
intentRunId: "intent_abc123",
payload: '{"amount": 1000, "recipient": "[email protected]"}'
})All actions are logged in your Guardian dashboard with full audit trail.
Development
# Install dependencies
npm install
# Build
npm run build
# Test locally
node dist/index.jsLicense
MIT
