HN 표시: Guardio – AI 에이전트 제어

Guardio is a control plane that sits between your AI Agent system and the external world. It catches and evaluates messages flowing to and from MCP tools and other APIs before they reach the real servers. You can enforce policies (allow, block, sanitize), require approval, simulate MCP responses and observe activity—all through a plugin system. | Connection type | Status | Notes | |---|---|---| | HTTP server | Supported | Guardio runs as an HTTP server; clients connect here. | | MCP tool (upstream) | Supported | Proxying to MCP servers over HTTP/SSE. | | stdio | On the way | Client transport. | | Other APIs / transports | On the way | Extensible for more protocols. | Today you run one Guardio instance that fronts all your external MCP tools and APIs (one proxy, many upstreams). Scaffold a new project with config and optional plugins: npx create-guardio You will be prompted for: - Guardio directory – e.g. guardio-project (default) - Guardio HTTP port – e.g. 3939 - Storage and events – optional; needed for dashboard and policy state. Choose SQLite (in-memory by default, or file guardio.sqlite ) or PostgreSQL. - Example custom policy plugin? – optional; scaffolds plugins/example - Install dashboard? – optional; adds @guardiojs/dashboard and adashboard run script The scaffold creates empty servers by default. A commented example in guardio.config.ts shows how to add an MCP server (e.g. { name: "nuvei-docs", type: "url", url: "https://mcp.nuvei.com/sse" } ). All built-in policy plugins (deny-tool-access, deny-regex-parameter) are included by default. Then: cd npm install # or: pnpm install, yarn, bun install, etc. npm run guardio Point your AI Agent or MCP client at http://127.0.0.1: . If you installed the dashboard, run pnpm run dashboard (or npm run dashboard ) and point it at the same Guardio base URL. A minimal Docker image is provided for the core Guardio HTTP server (package @guardiojs/guardio ). Build it from the packages/guardio directory: cd packages/guardio docker build -t guardio . Run the container, mounting your guardio.config.* into the container and mapping the HTTP port (defaults to 3939 unless overridden in config or via env): docker run --rm \ -p 3939:3939 \ -v "$(pwd)/guardio.config.ts:/config/guardio.config.ts:ro" \ guardio \ --config /config/guardio.config.ts The container: - Exposes port 3939 by default (override withGUARDIO_HTTP_PORT /GUARDIO_HTTP_HOST ). - Starts the Guardio CLI via node bin/guardio.mjs (you can pass any CLI args after the image name). AI Agents (MCP clients) connect to Guardio's HTTP server, not directly to the upstream MCP servers. Guardio is the single entry point. - SSE (stream) – Connect to http://:/{serverName}/sse for the MCP SSE stream. Use the server name from your config (e.g.nuvei-docs →/nuvei-docs/sse ). - Optional x-agent-name – Send this header on the SSE connection to give the agent a human-readable name. If omitted, Guardio generates one. The connection is assigned an agent id used for policy scoping. - POST messages – Send JSON-RPC to http://:/{serverName}/messages . You can sendx-agent-id (the id for the SSE connection) so policies can be applied per agent. So: one Guardio URL base, multiple paths like /{mcp-tool}/sse and /{mcp-tool}/messages for each configured upstream. In your config you define a servers array. Each entry has a name (unique, used in the URL path) and an url (the upstream MCP server's HTTP/SSE base URL). Guardio proxies: - GET /{name}/sse – to the upstream SSE endpoint (and manages the stream). - POST /{name}/messages – to the upstream after running policies (or returns a blocked result without forwarding). So each "MCP tool" or upstream is one entry in servers ; a single Guardio instance serves all of them. Plugins extend Guardio's behavior. Types: | Type | Role | |---|---| | Policy | Evaluate tools/call requests: allow, block, or modify arguments. Optional; no policies means all calls pass through. | | Storage | Persist state (e.g. policy assignments, agent list). Used by built-in policy config and dashboard. | | EventSink | Receive events for each processed request (e.g. ALLOWED/BLOCKED, tool name, policy). | | EventSinkStore | Store and query events; used by the dashboard for activity views. | Built-in plugins: - Policy: deny-tool-access ,deny-regex-parameter (both are added by default when you scaffold withcreate-guardio ) - Storage / EventSink / EventSinkStore: sqlite orpostgres - sqlite: config: { inMemory: true } (default) orconfig: { database: "guardio.sqlite" } for a file - postgres: config: { connectionString: "postgresql://user:pass@host:5432/dbname" } or discretehost ,port ,user ,password ,database ,ssl - sqlite: You register plugins in guardio.config.ts in the plugins array. Policy config for built-ins is typically managed at runtime (e.g. via the dashboard), not in the config file. Use a path-based plugin: in config add an entry with path pointing to a directory that contains index.js or index.mjs (build from index.ts if