{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"npm_npm-getcordoncore","slug":"npm-getcordoncore","name":"@getcordon/core","type":"mcp","url":"https://www.npmjs.com/package/@getcordon/core","page_url":"https://unfragile.ai/npm-getcordoncore","categories":["mcp-servers","code-review-security"],"tags":["mcp","security","gateway","proxy","human-in-the-loop","audit-log","tool-call","ai-agent","ai","llm","policy","cordon"],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"npm_npm-getcordoncore__cap_0","uri":"capability://tool.use.integration.mcp.tool.call.interception.and.policy.enforcement","name":"mcp tool-call interception and policy enforcement","description":"Intercepts tool calls from MCP clients before execution, applies configurable security policies (allowlists, denylists, parameter validation rules), and either permits or blocks execution based on policy evaluation. Implements a proxy pattern that sits between the MCP client and server, inspecting the tool name, parameters, and context to enforce organizational security boundaries without modifying the underlying MCP protocol.","intents":["Prevent LLM agents from calling dangerous tools or APIs without explicit approval","Enforce parameter constraints on tool calls (e.g., max file size, allowed domains)","Block tool calls that violate organizational security policies before they reach production systems","Implement role-based access control for which agents can invoke which tools"],"best_for":["Teams deploying LLM agents in production environments with security requirements","Organizations using MCP servers that expose sensitive APIs or data operations","Developers building AI systems that need compliance-aware tool execution"],"limitations":["Policy evaluation adds latency to each tool call (exact overhead depends on policy complexity)","Policies are statically defined at proxy initialization — no runtime policy updates without restart","Does not provide cryptographic signing or attestation of tool calls, only blocking/allowing"],"requires":["Node.js 18+","MCP-compatible client and server","Policy configuration file or programmatic policy definition"],"input_types":["MCP tool call requests (JSON-RPC format)","Tool metadata (name, parameters, description)","Security policy definitions (JSON or programmatic)"],"output_types":["Approved/blocked decision","Tool call result (if approved)","Audit log entry","Error response (if blocked)"],"categories":["tool-use-integration","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_1","uri":"capability://automation.workflow.human.in.the.loop.approval.workflow.for.tool.calls","name":"human-in-the-loop approval workflow for tool calls","description":"Routes tool calls flagged by policy rules to a human reviewer queue, pausing execution until explicit approval or rejection is provided. Implements a callback-based workflow where blocked or high-risk calls are held in a state machine, allowing async human review via API or UI integration, then resuming or aborting the original MCP request based on the decision.","intents":["Require human approval before LLM agents execute sensitive operations (e.g., database writes, API calls to external services)","Implement a review queue for tool calls that exceed certain risk thresholds","Allow non-technical stakeholders to approve or reject AI-driven actions in real-time","Maintain audit trails showing which humans approved which tool calls"],"best_for":["Regulated industries (finance, healthcare, legal) requiring human oversight of AI decisions","Teams building customer-facing AI agents that need approval gates before state-changing operations","Organizations with compliance requirements for AI-driven actions"],"limitations":["Introduces latency — tool calls are blocked until human approval, potentially seconds to minutes","Requires external state management or persistence layer to track pending approvals across restarts","No built-in UI for approval — integrators must build their own approval interface or use webhooks","Timeout handling is not specified — unclear what happens if approval is never provided"],"requires":["Node.js 18+","Mechanism to notify humans (webhook, email, API polling, or custom integration)","State persistence (in-memory, database, or message queue)","MCP client that supports async/streaming responses"],"input_types":["Flagged MCP tool calls","Risk metadata (policy rule that triggered, severity level)","Approval decision (approve/reject) with optional reason"],"output_types":["Approval request notification","Pending approval state","Approval/rejection decision","Resumed or aborted tool call execution"],"categories":["automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_10","uri":"capability://tool.use.integration.tool.call.request.response.schema.validation.and.type.checking","name":"tool call request/response schema validation and type checking","description":"Validates MCP tool call requests and responses against schema definitions, ensuring type correctness and structural integrity. Implements schema-based validation where tool definitions include parameter schemas and response schemas, and the proxy validates incoming requests and outgoing responses against these schemas. Supports JSON Schema or similar schema formats and provides detailed validation error messages.","intents":["Catch malformed tool calls before they reach tool implementations","Validate tool responses to ensure they conform to expected structure","Provide detailed error messages for debugging schema mismatches","Enforce type safety across the MCP boundary"],"best_for":["Teams with strict schema requirements","Systems where tool definitions are formally specified","Developers debugging tool call failures"],"limitations":["Schema validation adds latency — may impact proxy performance for high-volume workloads","Schemas must be manually defined or inferred from tool definitions","Complex schema validation (e.g., cross-field constraints) may require custom code","Schema mismatches may be difficult to debug without detailed error messages"],"requires":["Node.js 18+","Tool schema definitions (JSON Schema or similar)","Schema validation library (e.g., ajv)"],"input_types":["MCP tool call requests","Tool call responses","Schema definitions"],"output_types":["Validation result (valid/invalid)","Validation error details"],"categories":["tool-use-integration","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_11","uri":"capability://tool.use.integration.tool.call.routing.and.load.balancing.across.multiple.mcp.servers","name":"tool call routing and load balancing across multiple mcp servers","description":"Routes tool calls to appropriate MCP servers based on tool availability, load, or custom routing rules, implementing a load balancing strategy that distributes calls across multiple server instances. Supports round-robin, least-connections, and custom routing algorithms. Maintains health checks on server instances and automatically removes unhealthy servers from the routing pool.","intents":["Distribute tool call load across multiple MCP server instances for scalability","Implement failover by routing calls away from unhealthy servers","Route specific tools to specialized servers based on tool type or capability","Optimize tool call latency by routing to geographically closest servers"],"best_for":["High-volume systems requiring horizontal scaling of tool execution","Multi-region deployments needing geographic routing","Teams with specialized tool servers (e.g., separate servers for different tool categories)"],"limitations":["Routing state must be synchronized across proxy instances — requires coordination mechanism","Health checks add overhead and latency — may impact proxy responsiveness","Custom routing logic may be complex to implement and debug","No built-in support for stateful tool calls — routing decisions must be idempotent"],"requires":["Node.js 18+","Multiple MCP server instances","Routing configuration (algorithm, health check parameters)","Optional: service discovery mechanism (DNS, Consul, Kubernetes)"],"input_types":["Tool call requests","Server health information","Routing configuration"],"output_types":["Routed tool call request","Tool call result from selected server"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_2","uri":"capability://data.processing.analysis.comprehensive.audit.logging.of.tool.calls.and.policy.decisions","name":"comprehensive audit logging of tool calls and policy decisions","description":"Logs all tool call attempts, policy evaluations, approval decisions, and execution results to a structured audit trail with timestamps, actor information, and decision rationale. Implements a logging pipeline that captures both successful and blocked calls, enabling forensic analysis, compliance reporting, and security investigations. Logs are structured (JSON) for easy querying and integration with SIEM systems.","intents":["Generate compliance audit trails for regulated industries (SOC 2, HIPAA, PCI-DSS)","Investigate security incidents by reviewing which tool calls were attempted and blocked","Track which AI agents or users triggered which tool calls for accountability","Generate reports on policy violations and approval patterns for security reviews"],"best_for":["Compliance-heavy organizations requiring detailed audit trails","Security teams investigating AI-driven incidents or anomalies","Teams building customer-facing AI systems with transparency requirements"],"limitations":["Audit logs are only as good as the information captured — does not retroactively add context to past calls","Log storage and retention are not managed by the proxy — requires external log aggregation (e.g., ELK, Datadog, CloudWatch)","No built-in log encryption or tamper-proofing — relies on downstream storage security","High-volume tool calls may generate large log volumes, requiring careful retention policies"],"requires":["Node.js 18+","Log destination (stdout, file, HTTP endpoint, or logging service)","Optional: log aggregation service (ELK, Datadog, Splunk, CloudWatch)"],"input_types":["Tool call requests","Policy evaluation results","Approval decisions","Tool call results (success/failure)"],"output_types":["Structured audit log entries (JSON)","Queryable audit trail","Compliance reports"],"categories":["data-processing-analysis","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_3","uri":"capability://automation.workflow.declarative.policy.definition.and.composition","name":"declarative policy definition and composition","description":"Allows security policies to be defined declaratively (likely JSON or YAML) with support for composing multiple rules (allowlists, denylists, parameter constraints, rate limits) into a cohesive policy. Policies are evaluated against tool call metadata at runtime, supporting logical operators (AND, OR) and context-aware conditions (e.g., 'allow only if user role is admin'). Policies are loaded at proxy startup and can be versioned for audit purposes.","intents":["Define which tools are allowed/blocked without writing code","Specify parameter constraints (e.g., max file size, allowed domains) declaratively","Implement role-based access control for tool calls based on agent or user identity","Version and audit policy changes over time"],"best_for":["Security teams managing tool access policies across multiple environments","Organizations with non-technical policy owners who need to define security rules","Teams requiring policy versioning and change tracking for compliance"],"limitations":["Policy language expressiveness is limited — complex conditional logic may require custom code","No runtime policy updates — policies are loaded at startup, requiring proxy restart to apply changes","Policy conflicts or overlaps are not automatically detected — misconfiguration can lead to unexpected behavior","No built-in policy testing or simulation — difficult to validate policies before deployment"],"requires":["Node.js 18+","Policy file in supported format (JSON, YAML, or programmatic API)","Understanding of policy syntax and semantics"],"input_types":["Policy definitions (JSON/YAML or programmatic objects)","Tool metadata (name, parameters, description)"],"output_types":["Parsed policy rules","Policy evaluation results (allow/block/require-approval)"],"categories":["automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_4","uri":"capability://safety.moderation.context.aware.tool.call.filtering.based.on.agent.user.identity","name":"context-aware tool call filtering based on agent/user identity","description":"Evaluates tool call requests in the context of the requesting agent or user identity, applying identity-based access control rules. Extracts identity information from MCP request metadata (e.g., client ID, user ID, role) and uses it to make allow/block decisions, enabling fine-grained access control where different agents have different tool permissions. Supports role-based access control (RBAC) and attribute-based access control (ABAC) patterns.","intents":["Restrict certain tools to specific agents or user roles (e.g., only admins can delete data)","Implement least-privilege access where agents can only call tools they need","Audit which agents attempted to call which tools for security investigations","Enforce organizational access control policies at the MCP layer"],"best_for":["Multi-tenant systems where different users/agents have different tool permissions","Organizations implementing least-privilege access for AI agents","Teams with complex organizational hierarchies requiring fine-grained access control"],"limitations":["Identity information must be provided by the MCP client — no built-in identity resolution","Does not integrate with external identity providers (LDAP, OAuth, SAML) — requires custom integration","Identity context is static at request time — cannot dynamically update permissions based on real-time conditions","No built-in role hierarchy or inheritance — all role relationships must be explicitly defined"],"requires":["Node.js 18+","MCP client that provides identity information in request metadata","Identity/role definitions (hardcoded, file-based, or external service)"],"input_types":["MCP tool call requests with identity metadata","Identity/role definitions","Access control policies (RBAC or ABAC rules)"],"output_types":["Allow/block decision based on identity","Audit log entry with identity information"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_5","uri":"capability://safety.moderation.parameter.validation.and.sanitization.for.tool.calls","name":"parameter validation and sanitization for tool calls","description":"Validates and optionally sanitizes parameters in tool calls before execution, enforcing constraints like type checking, value ranges, string length limits, and regex patterns. Implements a schema-based validation approach where tool parameters are validated against a schema definition, rejecting calls with invalid parameters and optionally logging violations. Supports both strict validation (reject invalid calls) and lenient modes (log and allow).","intents":["Prevent injection attacks by validating and sanitizing tool parameters","Enforce business logic constraints (e.g., max file size, allowed domains) at the proxy layer","Reject malformed tool calls before they reach the underlying tool implementation","Detect and log suspicious parameter values for security analysis"],"best_for":["Teams building AI systems that call untrusted or legacy tools","Security-conscious organizations wanting defense-in-depth parameter validation","Systems where tool parameters come from untrusted sources (e.g., LLM-generated)"],"limitations":["Validation schemas must be manually defined — no automatic schema inference from tool definitions","Complex validation logic (e.g., cross-parameter constraints) may require custom code","Sanitization is lossy — may modify parameters in ways that break tool functionality","No built-in support for context-aware validation (e.g., 'max file size depends on user tier')"],"requires":["Node.js 18+","Parameter validation schemas (JSON Schema or custom format)","Tool parameter metadata (types, constraints)"],"input_types":["Tool call parameters","Validation schemas"],"output_types":["Validation result (valid/invalid)","Sanitized parameters (if applicable)","Validation error details"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_6","uri":"capability://automation.workflow.rate.limiting.and.quota.enforcement.for.tool.calls","name":"rate limiting and quota enforcement for tool calls","description":"Enforces rate limits and quotas on tool calls, tracking usage per agent/user/tool and blocking calls that exceed configured limits. Implements a quota tracking system (likely using in-memory counters or external state store) that increments on each call and checks against configured limits before allowing execution. Supports multiple quota dimensions (per-minute, per-hour, per-day, per-user, per-tool) and graceful degradation (reject, queue, or throttle).","intents":["Prevent resource exhaustion from runaway AI agents making excessive tool calls","Implement fair-use policies where different users/agents have different quota limits","Protect downstream tools from being overwhelmed by high-volume tool calls","Track and report on tool call usage for billing or capacity planning"],"best_for":["Multi-tenant systems with shared tool resources","Organizations protecting expensive or rate-limited downstream APIs","Teams implementing fair-use policies for AI agent access"],"limitations":["Rate limiting state must be persisted — in-memory counters are lost on restart, requiring external state store","Distributed rate limiting is complex — requires coordination across multiple proxy instances","No built-in support for quota refunds or adjustments — once a quota is consumed, it cannot be recovered","Quota dimensions are static — cannot dynamically adjust limits based on real-time conditions"],"requires":["Node.js 18+","Rate limit configuration (limits per dimension)","Optional: external state store (Redis, database) for distributed rate limiting"],"input_types":["Tool call requests","Rate limit configuration","Current usage counters"],"output_types":["Allow/block decision based on quota","Remaining quota information","Rate limit exceeded error (if applicable)"],"categories":["automation-workflow","safety-moderation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_7","uri":"capability://tool.use.integration.proxy.request.response.transformation.and.middleware.pipeline","name":"proxy request/response transformation and middleware pipeline","description":"Provides a middleware pipeline architecture for transforming MCP requests and responses, allowing custom logic to be injected at various stages (pre-policy, post-policy, pre-execution, post-execution). Implements a chain-of-responsibility pattern where middleware components can inspect, modify, or reject requests/responses before they proceed to the next stage. Supports both built-in middleware (logging, metrics, validation) and custom middleware.","intents":["Inject custom logic into the tool call pipeline without modifying the proxy core","Transform tool parameters or results (e.g., redact sensitive data from results)","Implement custom security checks or business logic at specific pipeline stages","Integrate with external systems (metrics, logging, tracing) via middleware"],"best_for":["Teams needing to extend the proxy with custom logic","Organizations with complex security or business requirements","Developers building specialized tool call processing pipelines"],"limitations":["Middleware execution adds latency — each middleware component adds processing time","Middleware ordering matters — incorrect ordering can lead to unexpected behavior","No built-in middleware composition or conflict resolution — developers must manage dependencies","Middleware errors can break the entire pipeline — requires careful error handling"],"requires":["Node.js 18+","Understanding of middleware architecture and pipeline patterns","Custom middleware implementation (if extending beyond built-in middleware)"],"input_types":["MCP requests","MCP responses","Middleware configuration"],"output_types":["Transformed requests/responses","Middleware execution results"],"categories":["tool-use-integration","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_8","uri":"capability://safety.moderation.tool.call.result.filtering.and.output.redaction","name":"tool call result filtering and output redaction","description":"Filters and redacts sensitive information from tool call results before returning them to the MCP client, implementing data loss prevention (DLP) rules that identify and mask/remove sensitive data patterns. Uses pattern matching (regex, keyword lists) or semantic analysis to detect sensitive data (PII, credentials, API keys) in tool results and redacts or blocks them based on policy. Supports both automatic redaction and manual review workflows.","intents":["Prevent sensitive data (PII, credentials, API keys) from leaking through tool results","Implement data loss prevention (DLP) policies at the proxy layer","Redact sensitive information from audit logs and monitoring systems","Comply with data protection regulations (GDPR, CCPA) by limiting data exposure"],"best_for":["Organizations handling sensitive data (healthcare, finance, legal)","Teams with strict data protection requirements","Systems where tool results may contain unintended sensitive information"],"limitations":["Pattern-based redaction is imperfect — may miss novel sensitive data patterns or produce false positives","Semantic analysis (if used) adds latency and requires external models","Redaction is lossy — once data is redacted, it cannot be recovered","No built-in support for context-aware redaction (e.g., 'redact PII only for non-admin users')"],"requires":["Node.js 18+","Redaction patterns or rules (regex, keyword lists, or semantic model)","Optional: external DLP service or model for semantic analysis"],"input_types":["Tool call results","Redaction rules/patterns"],"output_types":["Redacted results","Redaction audit trail"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"npm_npm-getcordoncore__cap_9","uri":"capability://data.processing.analysis.metrics.collection.and.observability.for.tool.calls","name":"metrics collection and observability for tool calls","description":"Collects metrics on tool call execution (latency, success rate, policy violations, approval times) and exposes them for monitoring and alerting. Implements a metrics pipeline that tracks key performance indicators (KPIs) like tool call volume, policy block rate, approval queue depth, and execution latency. Supports integration with monitoring systems (Prometheus, CloudWatch, Datadog) via standard metrics formats.","intents":["Monitor tool call performance and identify bottlenecks","Track policy violation rates and security incidents","Measure approval workflow efficiency (queue depth, approval time)","Generate dashboards and alerts for operational visibility"],"best_for":["Operations teams monitoring AI system health","Security teams tracking policy violations and anomalies","Teams implementing SLOs for tool call execution"],"limitations":["Metrics collection adds overhead — may impact proxy latency for high-volume workloads","Metrics are only as good as the instrumentation — missing metrics provide incomplete visibility","No built-in alerting — requires integration with external monitoring systems","Metrics retention and aggregation are not managed by the proxy — requires external storage"],"requires":["Node.js 18+","Metrics exporter (Prometheus, CloudWatch, Datadog, or custom)","Monitoring infrastructure to collect and visualize metrics"],"input_types":["Tool call requests and results","Policy evaluation results","Approval workflow events"],"output_types":["Structured metrics (counters, gauges, histograms)","Metrics in standard format (Prometheus, CloudWatch, etc.)"],"categories":["data-processing-analysis","automation-workflow"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":32,"verified":false,"data_access_risk":"high","permissions":["Node.js 18+","MCP-compatible client and server","Policy configuration file or programmatic policy definition","Mechanism to notify humans (webhook, email, API polling, or custom integration)","State persistence (in-memory, database, or message queue)","MCP client that supports async/streaming responses","Tool schema definitions (JSON Schema or similar)","Schema validation library (e.g., ajv)","Multiple MCP server instances","Routing configuration (algorithm, health check parameters)"],"failure_modes":["Policy evaluation adds latency to each tool call (exact overhead depends on policy complexity)","Policies are statically defined at proxy initialization — no runtime policy updates without restart","Does not provide cryptographic signing or attestation of tool calls, only blocking/allowing","Introduces latency — tool calls are blocked until human approval, potentially seconds to minutes","Requires external state management or persistence layer to track pending approvals across restarts","No built-in UI for approval — integrators must build their own approval interface or use webhooks","Timeout handling is not specified — unclear what happens if approval is never provided","Schema validation adds latency — may impact proxy performance for high-volume workloads","Schemas must be manually defined or inferred from tool definitions","Complex schema validation (e.g., cross-field constraints) may require custom code","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.05,"quality":0.34,"ecosystem":0.6000000000000001,"match_graph":0.25,"freshness":0.6,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-05-24T12:16:23.903Z","last_scraped_at":"2026-05-03T14:23:57.887Z","last_commit":null},"community":{"stars":null,"forks":null,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=npm-getcordoncore","compare_url":"https://unfragile.ai/compare?artifact=npm-getcordoncore"}},"signature":"DWEO59Z7ZBiy3Hwsz9hklJRFrEsWFnhguyTWc5S1SytH0RF+ds/0asL8IEx8C24ole7rWt7umjnHIiyRRLTiCQ==","signedAt":"2026-06-19T18:19:54.091Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/npm-getcordoncore","artifact":"https://unfragile.ai/npm-getcordoncore","verify":"https://unfragile.ai/api/v1/verify?slug=npm-getcordoncore","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}