{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"npm_npm-cordon-cli","slug":"npm-cordon-cli","name":"cordon-cli","type":"cli","url":"https://www.npmjs.com/package/cordon-cli","page_url":"https://unfragile.ai/npm-cordon-cli","categories":["code-review-security"],"tags":["mcp","security","gateway","proxy","human-in-the-loop","audit-log","tool-call","ai-agent","cli","ai","llm","policy","cordon"],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"npm_npm-cordon-cli__cap_0","uri":"capability://safety.moderation.mcp.tool.call.interception.and.policy.enforcement","name":"mcp tool-call interception and policy enforcement","description":"Intercepts outbound tool calls from MCP clients before execution, evaluates them against declarative security policies (allowlists, denylists, parameter constraints), and blocks or permits execution based on policy rules. Operates as a proxy layer between the AI agent and MCP servers, inspecting call signatures, arguments, and metadata without modifying the MCP protocol itself.","intents":["I need to prevent my AI agent from calling dangerous tools like file deletion or external API calls without approval","I want to enforce parameter constraints on tool calls — e.g., only allow file operations within a specific directory","I need to whitelist which tools an AI agent can access based on its role or the task it's performing"],"best_for":["teams deploying AI agents in production environments with security-sensitive operations","enterprises requiring tool-call governance and compliance auditing","developers building multi-tenant AI systems where different agents need different tool access"],"limitations":["Policy evaluation adds latency to each tool call — synchronous blocking required before execution","No built-in machine learning-based anomaly detection — relies on static policy rules only","Policies must be manually authored; no automatic policy generation from usage patterns","Does not prevent indirect attacks via tool chaining or multi-step exploitation"],"requires":["Node.js 16+","MCP server compatible with stdio or SSE transport","Policy file in JSON or YAML format"],"input_types":["MCP tool-call requests (JSON-RPC 2.0 format)","policy configuration (JSON/YAML)","tool schema definitions"],"output_types":["allow/deny decision with reason","modified tool call (if parameter sanitization applied)","audit log entry"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-cordon-cli__cap_1","uri":"capability://safety.moderation.human.in.the.loop.approval.workflow.for.tool.calls","name":"human-in-the-loop approval workflow for tool calls","description":"Routes flagged or high-risk tool calls to a human reviewer for explicit approval before execution, with configurable risk scoring and escalation rules. Implements a queue-based approval system where pending calls are held until a human reviews and approves/rejects them, with timeout and fallback policies for unreviewed requests.","intents":["I want to require manual approval for sensitive operations like database writes or external API calls","I need to audit what my AI agent is trying to do before it actually does it","I want to implement a 'break glass' workflow where certain tool calls always require human sign-off"],"best_for":["regulated industries (finance, healthcare) where AI actions must be human-auditable","teams running autonomous agents that need oversight without full manual control","organizations building AI systems for non-technical stakeholders who need visibility"],"limitations":["Introduces blocking latency — tool execution is delayed until human approval, potentially minutes or hours","Requires operational overhead to staff approval queues and handle SLA expectations","No built-in escalation to multiple reviewers or consensus-based approval","Approval decisions are not automatically learned — each similar request requires re-approval"],"requires":["Node.js 16+","HTTP server or webhook endpoint for approval UI/API","Persistent queue storage (in-memory, Redis, or database)"],"input_types":["MCP tool-call requests with risk metadata","approval policy configuration","human reviewer decisions (approve/reject with reason)"],"output_types":["approval decision with timestamp and reviewer identity","audit trail linking decision to original request","execution permission or rejection response"],"categories":["safety-moderation","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-cordon-cli__cap_2","uri":"capability://safety.moderation.comprehensive.audit.logging.and.call.tracing","name":"comprehensive audit logging and call tracing","description":"Records all tool-call attempts (approved, denied, executed, failed) with full context including caller identity, tool name, arguments, decision rationale, execution result, and timestamps. Logs are structured and queryable, supporting export to SIEM systems, compliance databases, or audit dashboards for forensic analysis and compliance reporting.","intents":["I need to maintain a complete audit trail of what my AI agent attempted to do for compliance and debugging","I want to investigate security incidents by replaying the sequence of tool calls that led to a problem","I need to generate compliance reports showing that sensitive operations were properly authorized and logged"],"best_for":["regulated organizations requiring SOC 2, HIPAA, or PCI-DSS compliance","security teams investigating AI agent behavior anomalies","teams building multi-tenant systems needing per-tenant audit isolation"],"limitations":["Audit log volume can be high for agents making frequent tool calls — requires storage and indexing strategy","Logs contain sensitive data (tool arguments, results) — requires encryption and access controls","No built-in log retention policies or automatic archival — requires external log management","Query performance degrades with large log volumes without proper indexing"],"requires":["Node.js 16+","persistent storage backend (file system, database, or log aggregation service)","sufficient disk space for log retention policy"],"input_types":["MCP tool-call requests and responses","policy evaluation results","approval/rejection decisions","execution outcomes"],"output_types":["structured audit log entries (JSON format)","queryable log database","compliance reports (CSV, PDF)","SIEM-compatible log format (syslog, JSON Lines)"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-cordon-cli__cap_3","uri":"capability://automation.workflow.dynamic.policy.configuration.and.hot.reload","name":"dynamic policy configuration and hot-reload","description":"Allows security policies to be updated without restarting the gateway or interrupting active agent operations. Policies are loaded from configuration files or APIs, validated against a schema, and applied to new tool calls immediately upon update. Supports versioning and rollback of policy changes.","intents":["I need to quickly block a newly discovered dangerous tool without restarting my agent infrastructure","I want to adjust tool-call policies based on real-time threat intelligence or incident response","I need to test policy changes in a staging environment before rolling them out to production"],"best_for":["security teams responding to incidents and needing rapid policy updates","organizations with frequent policy changes due to regulatory updates or threat landscape shifts","teams running 24/7 agent systems where restarts are costly"],"limitations":["Hot-reload introduces race conditions if policies are updated while tool calls are in flight","No built-in policy versioning or audit trail of policy changes — requires external tracking","Policy validation is synchronous — invalid policies can block all tool calls until corrected","Distributed deployments require policy synchronization across multiple gateway instances"],"requires":["Node.js 16+","file system access or API endpoint for policy updates","policy schema definition (JSON Schema or similar)"],"input_types":["policy configuration files (JSON/YAML)","policy update API requests","policy schema definitions"],"output_types":["policy load confirmation with version","validation errors if policy is invalid","policy change audit log"],"categories":["automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-cordon-cli__cap_4","uri":"capability://safety.moderation.parameter.sanitization.and.constraint.enforcement","name":"parameter sanitization and constraint enforcement","description":"Inspects tool-call arguments against declared constraints (type, length, regex patterns, value ranges, allowed values) and either rejects calls that violate constraints or sanitizes arguments to safe values. Supports custom sanitization functions for domain-specific validation (e.g., path traversal prevention, SQL injection detection).","intents":["I want to prevent path traversal attacks by ensuring file operations only access whitelisted directories","I need to enforce maximum request sizes to prevent DoS attacks via oversized tool arguments","I want to validate that API keys or credentials passed to tools match expected formats"],"best_for":["teams building agents that interact with file systems or databases","security-conscious teams preventing injection attacks via tool arguments","organizations with strict input validation requirements"],"limitations":["Constraint definitions must be manually authored for each tool — no automatic constraint inference","Custom sanitization functions can introduce security bugs if not carefully reviewed","Sanitization can silently modify arguments, potentially changing agent intent","No protection against attacks that exploit tool logic rather than argument values"],"requires":["Node.js 16+","tool schema definitions with constraint metadata","custom sanitization functions (optional, for domain-specific validation)"],"input_types":["MCP tool-call arguments","constraint definitions (JSON Schema with custom validators)","sanitization function definitions"],"output_types":["validation pass/fail decision","sanitized arguments (if modification applied)","validation error details"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-cordon-cli__cap_5","uri":"capability://automation.workflow.tool.call.rate.limiting.and.quota.enforcement","name":"tool-call rate limiting and quota enforcement","description":"Enforces per-agent, per-tool, or global rate limits on tool-call frequency, preventing resource exhaustion and abuse. Supports multiple rate-limiting strategies (token bucket, sliding window, quota-based) with configurable time windows and burst allowances. Tracks usage across distributed agents via shared state.","intents":["I want to prevent my agent from making too many API calls and hitting rate limits or incurring excessive costs","I need to enforce fair resource sharing when multiple agents are using the same tools","I want to detect and block runaway agents that are making abnormally high numbers of tool calls"],"best_for":["teams running cost-sensitive agents that call expensive external APIs","multi-tenant systems where agents must share limited tool resources","security teams detecting and responding to agent misbehavior or compromise"],"limitations":["Rate limit enforcement adds per-call overhead for state lookup and update","Distributed rate limiting requires shared state store (Redis, database) — adds complexity and latency","No built-in adaptive rate limiting based on actual API limits or cost","Quota reset timing can be complex to coordinate across time zones and distributed systems"],"requires":["Node.js 16+","rate limit configuration (per-agent, per-tool, global)","shared state store for distributed deployments (Redis, database, or in-memory for single-instance)"],"input_types":["MCP tool-call requests","rate limit policy configuration","usage tracking data"],"output_types":["allow/deny decision based on quota","remaining quota information","rate limit exceeded error response"],"categories":["automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-cordon-cli__cap_6","uri":"capability://safety.moderation.tool.call.result.inspection.and.output.filtering","name":"tool-call result inspection and output filtering","description":"Inspects tool execution results before returning them to the agent, detecting and filtering sensitive data (credentials, PII, API keys) or suspicious patterns. Can redact, mask, or reject results based on configurable rules, preventing agents from exfiltrating sensitive information or being poisoned by malicious tool responses.","intents":["I want to prevent my agent from accidentally logging or exfiltrating database credentials returned by a tool","I need to detect if a tool has been compromised and is returning malicious payloads to my agent","I want to mask PII in tool results to comply with privacy regulations"],"best_for":["teams concerned about data exfiltration via agent logs or outputs","organizations handling sensitive data (PII, credentials, financial information)","security teams defending against compromised or malicious tools"],"limitations":["Output inspection adds latency to tool-call completion — synchronous processing required","Sensitive data detection relies on patterns or heuristics — can have false positives/negatives","Redaction can break agent logic if it removes data the agent expects","No protection against steganographic or encoded data exfiltration"],"requires":["Node.js 16+","output filtering rules (regex patterns, data type detectors, custom validators)","sensitive data patterns or PII detection library"],"input_types":["MCP tool-call results (JSON, text, binary)","output filtering rules","sensitive data patterns"],"output_types":["filtered/redacted tool result","detection alerts if suspicious patterns found","audit log of filtered data"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-cordon-cli__cap_7","uri":"capability://safety.moderation.agent.identity.and.authentication.verification","name":"agent identity and authentication verification","description":"Verifies the identity of agents making tool calls through multiple authentication methods (API keys, JWT tokens, mTLS certificates, OAuth) and enforces per-agent access control policies. Maps authenticated agents to roles or permissions that determine which tools they can access and under what constraints.","intents":["I want to ensure only authorized agents can call my tools, not arbitrary clients","I need to enforce different tool-access policies for different agents based on their role or trust level","I want to audit which agent made each tool call for accountability"],"best_for":["multi-agent systems where different agents have different tool access rights","organizations requiring strong agent authentication and authorization","teams building agent platforms with customer-provided agents"],"limitations":["Authentication adds per-call overhead for credential verification","Credential management (key rotation, revocation) requires operational infrastructure","No built-in federation with external identity providers — requires custom integration","Compromised agent credentials can grant unauthorized tool access until revoked"],"requires":["Node.js 16+","authentication method configuration (API keys, JWT, mTLS, OAuth)","agent identity and role database or directory service"],"input_types":["MCP tool-call requests with authentication credentials","agent identity and role definitions","access control policy configuration"],"output_types":["authenticated agent identity","authorization decision (allow/deny)","audit log with agent identity"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-cordon-cli__cap_8","uri":"capability://safety.moderation.tool.call.dependency.tracking.and.circular.call.prevention","name":"tool-call dependency tracking and circular-call prevention","description":"Tracks the call graph of tool invocations to detect circular dependencies (Tool A calls Tool B which calls Tool A) and prevent infinite loops. Maintains call stack context across the MCP gateway to identify when an agent is attempting to call a tool that's already in its execution path.","intents":["I want to prevent my agent from getting stuck in infinite loops of tool calls","I need to detect if a tool is maliciously calling itself or creating circular dependencies","I want to understand the dependency graph of tools to optimize agent behavior"],"best_for":["teams running autonomous agents with complex tool interactions","security teams detecting malicious or buggy tool behavior","organizations optimizing agent performance by understanding tool dependencies"],"limitations":["Circular-call detection adds per-call overhead for call-stack tracking","Does not prevent legitimate recursive tool calls (e.g., tree traversal) — requires configuration","Distributed agents make call-stack tracking complex — requires shared state or tracing infrastructure","No protection against indirect cycles through multiple intermediate tools"],"requires":["Node.js 16+","call-stack tracking mechanism (in-memory for single-instance, distributed tracing for multi-instance)","configuration for allowed recursion depth"],"input_types":["MCP tool-call requests","current call-stack context","recursion policy configuration"],"output_types":["circular-call detection alert","call-stack trace","execution rejection if circular call detected"],"categories":["safety-moderation","planning-reasoning"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":27,"verified":false,"data_access_risk":"high","permissions":["Node.js 16+","MCP server compatible with stdio or SSE transport","Policy file in JSON or YAML format","HTTP server or webhook endpoint for approval UI/API","Persistent queue storage (in-memory, Redis, or database)","persistent storage backend (file system, database, or log aggregation service)","sufficient disk space for log retention policy","file system access or API endpoint for policy updates","policy schema definition (JSON Schema or similar)","tool schema definitions with constraint metadata"],"failure_modes":["Policy evaluation adds latency to each tool call — synchronous blocking required before execution","No built-in machine learning-based anomaly detection — relies on static policy rules only","Policies must be manually authored; no automatic policy generation from usage patterns","Does not prevent indirect attacks via tool chaining or multi-step exploitation","Introduces blocking latency — tool execution is delayed until human approval, potentially minutes or hours","Requires operational overhead to staff approval queues and handle SLA expectations","No built-in escalation to multiple reviewers or consensus-based approval","Approval decisions are not automatically learned — each similar request requires re-approval","Audit log volume can be high for agents making frequent tool calls — requires storage and indexing strategy","Logs contain sensitive data (tool arguments, results) — requires encryption and access controls","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.28,"ecosystem":0.5000000000000001,"match_graph":0.25,"freshness":0.6,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.1,"match_graph":0.28,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-05-24T12:16:23.903Z","last_scraped_at":"2026-04-22T08:11:25.710Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=npm-cordon-cli","compare_url":"https://unfragile.ai/compare?artifact=npm-cordon-cli"}},"signature":"bbjXJZ7sE2Iq4LxsY/swcLzcIAe267EHrhoiqqEMCF7Y6Vf1C6CgfayfMp3Bb/6aYCldfJK7RoCuaMvGzLG3Bg==","signedAt":"2026-06-21T15:30:07.878Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/npm-cordon-cli","artifact":"https://unfragile.ai/npm-cordon-cli","verify":"https://unfragile.ai/api/v1/verify?slug=npm-cordon-cli","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}