Bulwark

Name: Bulwark
Author: bpolania

bpolania/bulwark

Run policy checks, content scans, and audited agent sessions when you need guardrails around what Claude or Codex can say and do in production.

Overview

Bulwark is a MCP server for the Ship phase that governs AI agents with content scanning, policy evaluation, audit logs, and session management.

What is this MCP server?

Content scanning on agent inputs and outputs against configurable policies
Audit logs for operator review and compliance trails
Policy evaluation engine driven by bulwark.yaml configuration
Session management with operator tokens (bwk_sess_...) for authenticated control
stdio MCP transport via OCI image ghcr.io/bpolania/bulwark:v0.2.0
Server version 0.2.0
stdio transport via OCI image ghcr.io/bpolania/bulwark:v0.2.0
Two configured environment variables: BULWARK_CONFIG and BULWARK_SESSION_TOKEN

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 4 GitHub stars.

What problem does it solve?

Autonomous coding agents can leak policy-breaking content or run without a traceable session boundary unless you bolt on governance outside the chat UI.

Who is it for?

Indie builders shipping customer-facing agents who need lightweight policy and audit hooks without building a custom compliance platform.

Skip if: Teams that only need local linting on code or who have no agent surface area requiring content or session governance.

What do I get? / Deliverables

After you register Bulwark, your agent stack can enforce policies from YAML, log decisions, and tie operator actions to authenticated sessions.

Policy-evaluated agent interactions with configurable scanning
Persisted audit log stream for governance review
Managed operator sessions bound to secret session tokens

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Governance and policy enforcement sit in Ship so builders harden agents before users touch autonomous workflows. Content scanning, policy evaluation, and session controls are classic security-layer concerns for agent deployments.

How it compares

Agent governance MCP server with audit and policy tooling, not a general-purpose LLM proxy or a static security scanner skill.

Common Questions / FAQ

Who is Bulwark for?

Bulwark is for solo builders and small teams running Claude Code or similar agents who need scanning, policies, and audit trails around autonomous sessions.

When should I use Bulwark?

Use Bulwark when you are in Ship or hardening agent workflows and need configurable rules, logged evaluations, and operator session tokens before going live.

How do I add Bulwark to my agent?

Add the stdio MCP server using the OCI package ghcr.io/bpolania/bulwark:v0.2.0 with arguments mcp start, set BULWARK_CONFIG to your bulwark.yaml path, and supply BULWARK_SESSION_TOKEN for operator auth.

Bulwark

bpolania/bulwark

Run policy checks, content scans, and audited agent sessions when you need guardrails around what Claude or Codex can say and do in production.

Overview

Bulwark is a MCP server for the Ship phase that governs AI agents with content scanning, policy evaluation, audit logs, and session management.

What is this MCP server?

Content scanning on agent inputs and outputs against configurable policies
Audit logs for operator review and compliance trails
Policy evaluation engine driven by bulwark.yaml configuration
Session management with operator tokens (bwk_sess_...) for authenticated control
stdio MCP transport via OCI image ghcr.io/bpolania/bulwark:v0.2.0
Server version 0.2.0
stdio transport via OCI image ghcr.io/bpolania/bulwark:v0.2.0
Two configured environment variables: BULWARK_CONFIG and BULWARK_SESSION_TOKEN

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 4 GitHub stars.

What problem does it solve?

Autonomous coding agents can leak policy-breaking content or run without a traceable session boundary unless you bolt on governance outside the chat UI.

Who is it for?

Indie builders shipping customer-facing agents who need lightweight policy and audit hooks without building a custom compliance platform.

Skip if: Teams that only need local linting on code or who have no agent surface area requiring content or session governance.

What do I get? / Deliverables

After you register Bulwark, your agent stack can enforce policies from YAML, log decisions, and tie operator actions to authenticated sessions.

Policy-evaluated agent interactions with configurable scanning
Persisted audit log stream for governance review
Managed operator sessions bound to secret session tokens

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Agent governance MCP server with audit and policy tooling, not a general-purpose LLM proxy or a static security scanner skill.

Common Questions / FAQ

Who is Bulwark for?

Bulwark is for solo builders and small teams running Claude Code or similar agents who need scanning, policies, and audit trails around autonomous sessions.

When should I use Bulwark?

Use Bulwark when you are in Ship or hardening agent workflows and need configurable rules, logged evaluations, and operator session tokens before going live.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Bulwark for?

When should I use Bulwark?

How do I add Bulwark to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Bulwark for?

When should I use Bulwark?

How do I add Bulwark to my agent?