{"author":{"name":"0xN0rD","url":"https://haldir.xyz"},"capabilities":{"prompts":{"listChanged":false},"resources":{"listChanged":false},"tools":{"listChanged":false}},"configSchema":{"properties":{"apiKey":{"description":"Haldir API key for authentication (starts with hld_). Create one via POST /v1/keys.","type":"string"},"baseUrl":{"default":"https://haldir.xyz","description":"Base URL of the Haldir API server. Defaults to https://haldir.xyz","type":"string"}},"required":["apiKey"],"type":"object"},"description":"Security and governance layer for AI agents. Enforces session-scoped permissions, manages encrypted secrets with access control, controls spend budgets, and logs every action to a tamper-evident audit trail with anomaly detection.","displayName":"Haldir \u2014 AI Agent Security Gateway","license":"MIT","mcpEndpoint":"https://haldir.xyz/mcp","name":"haldir","prompts":[{"description":"Audit an AI agent's recent actions for security concerns. Reviews the audit trail for anomalous patterns, excessive spending, scope violations, and suspicious behavior.","name":"security-audit"},{"description":"Check the remaining budget for an agent session and warn if spending is approaching the limit. Provides a summary of spend rate and estimated time until budget exhaustion.","name":"budget-check"}],"tags":["security","governance","ai-agents","permissions","audit","secrets","budget","compliance","least-privilege","mcp"],"tools":[{"description":"Create a new agent session with scoped permissions and an optional spend budget. Every AI agent must have an active session before it can access secrets, make payments, or perform auditable actions. You specify which scopes (e.g. read, write, admin) the agent is allowed, a TTL in seconds, and an optional USD spend limit.","name":"createSession"},{"description":"Retrieve the current state of an agent session including its scopes, spend budget, remaining balance, and validity status. Use this to check whether a session is still active before performing privileged operations, or to inspect how much budget remains.","name":"getSession"},{"description":"Immediately revoke an agent session, permanently disabling all permissions and blocking further actions under that session. Use this when an agent misbehaves, exceeds its mandate, or when a task is complete and the session should be cleaned up for security hygiene.","name":"revokeSession"},{"description":"Check whether a specific session has a given permission scope. Returns a boolean indicating if the action is allowed. Use this before performing any sensitive operation to enforce least-privilege access control without risking a 403 error on the actual call.","name":"checkPermission"},{"description":"Store an encrypted secret in the Haldir Vault with an optional scope requirement. Secrets are encrypted at rest using AES and can only be retrieved by sessions that hold the required scope. Use this to safely store API keys, tokens, credentials, or any sensitive data that agents need access to.","name":"storeSecret"},{"description":"Retrieve a decrypted secret from the Vault. If a session_id is provided, the session's scopes are checked against the secret's required scope before returning the value. This is the primary way agents access credentials \u2014 through policy-controlled, auditable retrieval.","name":"getSecret"},{"description":"Authorize a payment against an agent session's spend budget. The amount is deducted from the session's remaining budget if sufficient funds exist. If the payment would exceed the budget, it is denied. Every authorization is logged to the audit trail for full financial accountability.","name":"authorizePayment"},{"description":"Log an agent action to the tamper-evident audit trail with automatic anomaly detection. Every tool call, API request, or decision an agent makes should be logged here. The Watch module automatically flags suspicious patterns like rapid-fire actions, high-cost operations, or unusual tool usage. Returns whether the action was flagged.","name":"logAction"},{"description":"Query the audit trail to review all actions taken by agents. Filter by session ID, agent ID, tool name, or flagged-only entries. Returns a chronological list of logged actions with their costs, timestamps, and anomaly flags. Essential for compliance reviews and debugging agent behavior.","name":"getAuditTrail"},{"description":"Get a summary of total spend across agent sessions, broken down by session or agent. Returns total USD spent, number of transactions, and budget utilization. Use this to monitor cost control and detect runaway spending before budgets are exhausted.","name":"getSpend"}],"transport":"http","url":"https://haldir.xyz","version":"0.1.0"}