Authensor MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add -e "CONTROL_PLANE_URL=${CONTROL_PLANE_URL}" -e "PRINCIPAL_ID=${PRINCIPAL_ID}" authensor -- npx safeclaw init --demo
Required:CONTROL_PLANE_URLPRINCIPAL_ID
README.md

The open-source safety stack for AI agents

Authensor The open-source safety stack for AI agents

Every agent action evaluated. Every decision auditable. Every tool governed.

Quickstart · Why Authensor · Architecture · Packages · OWASP Coverage · EU AI Act

The Problem

AI agents are shipping to production without guardrails. They call APIs, browse the web, execute code, and manage infrastructure — often with no policy enforcement, no approval workflows, and no audit trail.

  • 32% of MCP servers have at least one critical vulnerability (Enkrypt AI)
  • Agents fall for dark patterns 41% of the time (arxiv 2510.18113)
  • 88% of organizations have confirmed or suspected AI security incidents
  • EU AI Act high-risk deadline is August 2, 2026 — creating urgent compliance demand

Existing guardrails focus on what models say (prompt/response filtering). Authensor focuses on what agents do (action authorization, approval workflows, and cryptographic audit trails).

The Solution

Authensor is four open-source tools that together cover the full surface area of agent risk:

Tool What it guards How
Authensor Agent actions (API calls, tool use, data access) Policy engine + control plane with hash-chained receipts
SpiroGrapher Agent web browsing Compiles HTML to structured IR, detects dark patterns, constitutional rules
SafeClaw Local agent execution PreToolUse hook gating, deny-by-default, mobile approval workflows
SiteSitter Website safety monitoring Continuous governance for deployed sites

Quickstart

Self-hosted (recommended)

git clone https://github.com/authensor/authensor.git
cd authensor
docker compose up -d
# Control plane running at http://localhost:3000
# Admin token printed to logs: docker compose logs control-plane

That's it. Postgres starts, migrations run, a bootstrap admin key is created, and a default-safe policy (deny-by-default) is provisioned. Aegis content safety and Sentinel monitoring are enabled out of the box.

30 seconds: Run a safe local agent

npx safeclaw init --demo
npx safeclaw run "list my project files"
# Opens dashboard at localhost:7700 with policy enforcement + audit trail

Add to any agent (TypeScript)

import { Authensor } from '@authensor/sdk';

const authensor = new Authensor({
  controlPlaneUrl: 'http://localhost:3000',
  principalId: 'my-agent',
});

const result = await authensor.execute(
  'stripe.charges.create',
  'stripe://customers/cus_123/charges',
  async () => stripe.charges.create({ amount: 1000, currency: 'usd' }),
  { constraints: { maxAmount: 10000 } }
);
// Receipt created, policy enforced, action audited

Add to any agent (Python)

from authensor import Authensor

async with Authensor(
    control_plane_url="http://localhost:3000",
    principal_id="my-agent",
) as authensor:
    result = await authensor.execute(
        action_type="stripe.charges.create",
        resource="stripe://customers/cus_123/charges",
        executor=lambda: create_charge(),
        constraints={"max_amount": 10000},
    )

Framework adapters

Drop-in integration for popular agent frameworks:

// LangChain / LangGraph
import { AuthensorGuardrail } from '@authensor/langchain';
const guardrail = new AuthensorGuardrail({ controlPlaneUrl: '...' });

// OpenAI Agents SDK
import { AuthensorGuardrail } from '@authensor/openai';

// CrewAI
import { AuthensorGuardrail } from '@authensor/crewai';

// Vercel AI SDK
import { AuthensorGuardrail } from '@authensor/vercel-ai-sdk';

// Claude Agent SDK
import { AuthensorGuardrail } from '@authensor/claude-agent-sdk';

// Claude Code (hooks-based integration)
// See docs/claude-code-hooks.md

Why Authensor

vs. the landscape

| Capability | Authensor | AWS AgentCore + Cedar | Galileo Agent Control | NeMo Guardrails | Guardrails

Tools (1)

execute_actionExecutes an agent action with policy enforcement and audit logging.

Environment Variables

CONTROL_PLANE_URLrequiredThe URL of the Authensor control plane instance
PRINCIPAL_IDrequiredUnique identifier for the agent instance

Configuration

claude_desktop_config.json
{"mcpServers": {"authensor": {"command": "npx", "args": ["-y", "@authensor/mcp-server"], "env": {"CONTROL_PLANE_URL": "http://localhost:3000", "PRINCIPAL_ID": "claude-desktop"}}}}

Try it

Authorize the stripe.charges.create action for the customer account cus_123 with a limit of 10000.
Check the current policy enforcement status for my agent's file system access.
Review the audit trail for the last five tool invocations performed by the agent.
Apply the default-safe policy to all upcoming agent tool calls.

Frequently Asked Questions

What are the key features of Authensor?

Declarative YAML policy engine for allow/deny/escalate-to-human decisions. Cryptographic hash-chained audit receipts for every tool invocation. Built-in content safety scanning and monitoring. Pre-tool-use hook gating for local agent execution. Drop-in integration for LangChain, CrewAI, and Vercel AI SDK.

What can I use Authensor for?

Enforcing strict guardrails on AI agents performing financial transactions. Ensuring compliance with EU AI Act requirements for high-risk AI systems. Auditing agent behavior in production environments to prevent unauthorized API calls. Implementing human-in-the-loop approval workflows for sensitive infrastructure changes.

How do I install Authensor?

Install Authensor by running: git clone https://github.com/authensor/authensor.git && cd authensor && docker compose up -d

What MCP clients work with Authensor?

Authensor works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Authensor docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all ai-tools servers →

Related MCP Servers

Skill Seekers
The data layer for AI systems.
ai-tools11.1K stars
Context Mode
The other half of the context problem.
ai-tools5.6K stars
Semiotic
A React data visualization library designed for AI-assisted development.
ai-tools2.6K stars
RocketRide
Self-hosted, open-source AI pipeline platform for MCP tools
ai-tools1.6K stars
Context+
Semantic Intelligence for Large-Scale Engineering.
ai-tools1.5K stars
ShipSwift
AI-native SwiftUI component library — production-ready code for LLMs
ai-tools1.3K stars