Haldir

Name: Haldir
Author: ExposureGuard

ExposureGuard/haldir

Add a guardian MCP layer so agents enforce identity boundaries, handle secrets safely, and leave an audit trail instead of ad hoc env var dumps in chat.

Overview

io.github.ExposureGuard/haldir is a Ship-phase MCP server that acts as a guardian layer for AI agents across identity, secrets, and audit.

What is this MCP server?

Guardian layer framing: identity, secrets, and audit exposed as MCP capabilities
Haldir title in registry—companion to ExposureGuard security tooling
PyPI package haldir v0.1.0 with stdio transport
Early-stage 0.1.0 release—verify tool list in repo before production reliance
MCP-native control plane for agent safety, not a standalone IAM product UI
Server version 0.1.0
PyPI identifier: haldir
Transport: stdio

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 3 GitHub stars.

What problem does it solve?

Your agent sessions scatter secrets and privileged actions without consistent identity checks or an audit trail you can trust.

Who is it for?

Builders shipping agent workflows that must gate secrets and log actions without building a custom security middleware first.

Skip if: Simple local coding with no secrets, or enterprises that already mandate a full IdP plus SIEM with no MCP extension path.

What do I get? / Deliverables

After registration, sensitive agent operations can flow through Haldir MCP tools with clearer identity, secret, and audit guardrails.

Stdio MCP guardian server wired into the agent
Agent workflows routed through identity and secret-aware tools where supported
Audit-oriented tool calls documented for compliance-style review

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Agent guardrails and secret hygiene matter most when you are shipping agent features that touch real credentials and production identities. Security subphase covers MCP servers whose primary job is protecting agent actions—not building product UI.

How it compares

Agent guardian MCP (identity/secrets/audit)—not a domain exposure scanner and not a code review skill.

Common Questions / FAQ

Who is io.github.ExposureGuard/haldir for?

Indie and small teams running autonomous coding agents that need a structured security layer for identity, secrets, and audit.

When should I use io.github.ExposureGuard/haldir?

When moving from prototype agents to Ship-ready flows that touch real credentials, service identities, or actions you must log.

How do I add io.github.ExposureGuard/haldir to my agent?

Install haldir from PyPI, configure stdio MCP in your agent client, and follow ExposureGuard/haldir GitHub docs for identity and secret tool setup.