npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

imara

v0.1.1

Published

Runtime governance layer for AI agents — audit trails, policy enforcement, and compliance for MCP tool calls

Downloads

25

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

kifarukubwakifarukubwa

Keywords

aiagentsgovernanceauditmcpcompliancepolicysecuritymodel-context-protocol

Readme

Imara

npm version CI License: Apache-2.0 Node.js

Runtime governance layer for AI agents. See every tool call. Enforce policies. Prove compliance.

Imara sits between your AI agent and the tools it uses, providing tamper-proof audit trails, policy enforcement, and a real-time dashboard — with zero config changes to your agent.

Get Started

One command. That's it.

npx imara

This will:

  • Auto-detect and wrap your MCP servers
  • Load a demo session so you can explore immediately
  • Open the dashboard at http://localhost:3838

What You Get

Transparent MCP Proxy

Imara wraps your existing MCP servers. Your agent doesn't know it's there. Every tool call flows through Imara, gets logged, and is evaluated against your policies.

Cryptographic Audit Trail

Every event is SHA-256 hash-chained. If anyone tampers with the log, the chain breaks. Run imara verify to check integrity at any time.

Policy Engine

Define rules in YAML. Block destructive operations, rate-limit writes, flag high-risk actions. Ships with sensible defaults out of the box.

- name: block-force-push-to-main
  priority: 10
  match:
    tools:
      - tool: git_push
      - tool: git_force_push
    arguments:
      - field: branch
        operator: in
        value: [main, master, production]
  action: deny
  reason: Force push to protected branches is not allowed

Real-Time Dashboard

Visual timeline of every agent action with policy decision badges, latency metrics, and session grouping. The risk summary tells you at a glance what your agents have been doing.

Zero-Config Setup

imara wrap reads your existing .mcp.json or Claude Desktop config, wraps every server entry to route through the proxy, and saves a backup. imara unwrap restores the original. No manual config editing.

CLI Commands

| Command | Description | |---------|-------------| | imara | Full setup: init + wrap + dashboard | | imara init | Initialize ~/.imara/ config and database | | imara wrap | Auto-patch MCP config to route through proxy | | imara unwrap | Restore original MCP config from backup | | imara tail | Live stream audit events in terminal | | imara tail -f | Follow mode — watch events as they happen | | imara dashboard | Open the web dashboard | | imara verify | Verify hash chain integrity | | imara status | Show monitoring stats |

How It Works

Your Agent          Imara Proxy              Real MCP Server
    │                    │                        │
    │── tools/call ────→ │                        │
    │                    │── evaluate policy       │
    │                    │── log audit event       │
    │                    │── tools/call ─────────→ │
    │                    │                        │
    │                    │ ←──── result ────────── │
    │                    │── log result + hash     │
    │ ←──── result ───── │                        │

Install

Use the CLI directly:

npx imara

Or install individual packages for programmatic use:

npm install @imara/core       # Types, schemas, hash chain
npm install @imara/policy     # Policy engine
npm install @imara/store      # Audit storage (SQLite)
npm install @imara/proxy      # MCP proxy

Architecture

Monorepo with clean package boundaries:

  • @imara/core — Types, Zod schemas, SHA-256 hash chaining
  • @imara/store — Audit event storage (SQLite for local, Postgres planned)
  • @imara/policy — TypeScript-native policy evaluation engine
  • @imara/proxy — MCP proxy with tool call interception
  • @imara/dashboard — Next.js web UI with timeline view

Why Imara?

AI agents are doing real work — reading files, executing code, calling APIs, pushing to git. But most teams have zero visibility into what their agents actually do.

Existing tools don't solve this:

  • Observability platforms (LangSmith, Langfuse) show traces but don't enforce policies
  • Security tools (Zenity, Lakera) focus on prompt injection, not runtime governance
  • Nothing provides compliance-grade audit trails for agent actions

Imara fills the gap: runtime governance with cryptographic proof.

Compliance Ready

Imara's audit trail maps to major compliance frameworks:

  • EU AI Act Art. 12 (record-keeping) & Art. 14 (human oversight)
  • SOC 2 CC6.1, CC8.1 (change management)
  • HIPAA audit controls
  • ISO 42001 AI management systems

Roadmap

  • [x] MCP proxy with transparent interception
  • [x] SHA-256 hash-chained audit trail
  • [x] YAML policy engine with glob matching
  • [x] Real-time dashboard with timeline view
  • [x] Zero-config imara wrap setup
  • [ ] Postgres store for team deployments
  • [ ] Team mode with multi-user access
  • [ ] Compliance report exports (EU AI Act, SOC 2)
  • [ ] Human-in-the-loop escalation workflows
  • [ ] SSE/WebSocket transport support
  • [ ] Docker Compose for server deployment

Development

git clone https://github.com/dnakitare/imara.git
cd imara
pnpm install
pnpm build
node packages/cli/dist/cli.js

Contributing

See CONTRIBUTING.md.

License

Apache 2.0 — see LICENSE.