npm - @frostbridge/imdl - Versions diffs - 0.1.0 - Mend

@frostbridge/imdl 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,107 @@
+# @frostbridge/imdl
+AI Agent Security CLI — monitor, govern, and protect AI coding agents across your organization.
+## What It Does
+IMDL (Intelligent Mediation & Detection Layer) sits between AI coding agents and your codebase, providing:
+- **Session monitoring** — Track every tool call, file access, and command execution
+- **Policy enforcement** — Block dangerous operations in real-time (Bifrost engine)
+- **Permission scanning** — Discover what permissions developers have granted to their AI agents
+- **MCP security** — Score and audit MCP servers for supply chain risks
+- **Shell interception** — Wrap terminal commands for policy evaluation
+Supports: Claude Code, Cursor, Windsurf, GitHub Copilot, Codex
+## Installation
+```bash
+# Requires Node.js 20+
+npm install -g @frostbridge/imdl
+```
+Since this is a private package, add an `.npmrc` with your team's read token:
+```
+//registry.npmjs.org/:_authToken=${FROSTBRIDGE_NPM_TOKEN}
+@frostbridge:registry=https://registry.npmjs.org/
+```
+## Quick Start
+```bash
+# Initialize — auto-detects installed agents and configures hooks
+imdl init
+# Check current status
+imdl status
+# Scan MCP servers for vulnerabilities
+imdl scan
+# View agent permissions across your machine
+imdl permissions
+```
+## Setup with Team
+```bash
+# Join your organization (token from admin)
+imdl init --token <setup-token>
+# Or configure API endpoint manually
+imdl init --api https://your-api.example.com
+```
+## Commands
+| Command | Description |
+|---------|-------------|
+| `imdl init` | Initialize monitoring for detected agents |
+| `imdl status` | Show current protection status |
+| `imdl scan` | Scan installed MCP servers for risks |
+| `imdl permissions` | Show all agent permissions on this machine |
+| `imdl permissions --report` | Send permission report to your org |
+| `imdl lock` | Generate an MCP allowlist from current installs |
+| `imdl tool-verify` | Verify tool integrity and behavior |
+| `imdl gateway` | AI Gateway management |
+## How It Works
+### Hook Mode (Claude Code, Codex)
+Installs into the agent's hook system (e.g., `~/.claude/hooks.json`). Every tool call is evaluated against your org's policies in <5ms before execution.
+### MCP Proxy Mode (Cursor, Windsurf, Copilot)
+Registers `@frostbridge/imdl-mcp-proxy` as a middleware between the editor and MCP servers. Intercepts tool calls transparently.
+### Shell Wrapper Mode
+`@frostbridge/imdl-shell-wrapper` wraps terminal sessions to catch dangerous commands before they execute.
+## Architecture
+```
+AI Agent → IMDL Hook/Proxy → Bifrost Policy Engine → Allow/Block
+                                    ↓
+                              Event Buffer → API → Dashboard
+```
+## Privacy
+- All policy evaluation happens locally (no network call in the critical path)
+- Session data is buffered and sent to your org's API endpoint
+- No telemetry to Frostbridge — your data stays in your infrastructure
+- Developers can view exactly what is monitored via `imdl status`
+## Requirements
+- Node.js 20+
+- macOS, Linux, or Windows
+- One or more supported AI agents installed
+## License
+Proprietary — Frostbridge Security, Inc.