@guardion/guardion 0.2.0 → 0.4.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Guardion AI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,202 @@
+# Guardion
+
+**Guardion — Agent runtime governance: DLP for MCPs and agents.**
+
+An MCP (Model Context Protocol) DLP proxy with policy-driven PII anonymization that wraps
+any MCP server — local (stdio) or remote (HTTP/SSE) — behind one secure interface, and
+governs Claude Code at the same time.
+
+## Overview
+
+Guardion adds a protective layer to your MCP setup. It auto-detects your existing MCP
+configuration files and routes each server through a local interposer that scans every
+tool **call** and **result** against a Guard policy — anonymizing PII/secrets in place
+(structure preserved) before data ever reaches the model or leaves to a tool.
+
+Key features:
+
+- **DLP / anonymization** — PII and secrets in tool input *and* output are redacted via your
+  Guard policy (email, phone, names, cards, SSNs, …); the model/server only sees tokens.
+- **Automatic configuration** — the CLI detects and updates MCP config files for **Cursor,
+  Claude Desktop, and Claude Code** (plus Windsurf, Cline, VS Code, `.mcp.json`).
+- **Works with everything** — local **stdio** servers and **remote HTTP/SSE** servers
+  (forward, reverse, and SSE bridging); discovers remote connectors for inventory.
+- **Transparent proxying** — tools, prompts, and resources pass through untouched except for
+  redacted text; multiple content blocks, `structuredContent`, images/blobs and `isError`
+  are preserved.
+- **Three modes** — `dlp` (anonymize, never block), `enforce` (block on a deny verdict +
+  anonymize), `monitor` (observe only).
+- **Beyond MCP** — Claude Code hooks (observability/enforcement) and shadow-AI discovery.
+
+## Quick Start
+
+```bash
+# Install the CLI
+npm install -g @guardion/guardion        # or use npx -y @guardion/guardion <cmd>
+
+# Guided setup — pick what to protect (MCP / Claude Code), paste your key, choose policy & mode
+guardion init
+
+# Auto-detect & DLP-protect every MCP config on this machine (Cursor, Claude Desktop, Claude Code)
+guardion install mcp
+```
+
+`guardion init` stores your config in `~/.guardion/config.yaml` (token in the OS keychain)
+and prints tailored next steps. Preview changes first with `guardion scan --mode mcp --dry-run`;
+undo any time with `guardion scan --mode mcp --revert`.
+
+## How It Works
+
+```
+ MCP host (Cursor / Claude Desktop / Claude Code)
+      │  JSON-RPC
+      ▼
+ guardion mcp  ── tool input/output leaves ─▶  Guard API (/v1/guard, your policy)
+      │  apply redaction in place             ◀── correction + redaction spans
+      ▼
+ real MCP server (stdio · HTTP · SSE)
+```
+
+Detection and redaction are delegated entirely to your **Guard policy** — *what* to redact
+(entity types) and *where* (tool input, output, or both) are configured centrally in the
+Guardion console, not in the plugin.
+
+## Usage
+
+### Direct usage with npx
+
+No install required — use directly in your Cursor / Claude Desktop / Claude Code MCP config.
+Prefix any server's command with `npx -y @guardion/guardion mcp`:
+
+```json
+{
+  "mcpServers": {
+    "protected_server": {
+      "command": "npx",
+      "args": [
+        "-y", "@guardion/guardion", "mcp", "--mode", "dlp", "--",
+        "npx", "-y", "@modelcontextprotocol/server-filesystem", "/path/to/files"
+      ],
+      "env": {
+        "GUARDION_TOKEN": "grd_your_api_key",
+        "GUARDION_POLICY": "data-protection"
+      }
+    }
+  }
+}
+```
+
+### Standalone usage
+
+```bash
+GUARDION_TOKEN=grd_... GUARDION_POLICY=data-protection \
+npx -y @guardion/guardion mcp --mode dlp -- npx -y @modelcontextprotocol/server-filesystem /path/to/files
+```
+
+## Configuration
+
+### Local servers (stdio)
+
+For local MCP servers that communicate via stdio, put the real command after `--`:
+
+```json
+{
+  "mcpServers": {
+    "protected_server": {
+      "command": "npx",
+      "args": ["-y", "@guardion/guardion", "mcp", "--mode", "dlp", "--", "node", "path/to/server.js"],
+      "env": { "GUARDION_TOKEN": "grd_...", "GUARDION_POLICY": "data-protection" }
+    }
+  }
+}
+```
+
+### Remote servers (HTTP / SSE)
+
+For remote MCP servers, use `--url` instead of `--`:
+
+```json
+{
+  "mcpServers": {
+    "protected_server": {
+      "command": "npx",
+      "args": ["-y", "@guardion/guardion", "mcp", "--mode", "dlp", "--url", "https://api.example.com/mcp"],
+      "env": { "GUARDION_TOKEN": "grd_...", "GUARDION_POLICY": "data-protection" }
+    }
+  }
+}
+```
+
+Add `--header "Authorization: Bearer …"` for authenticated remote servers, or `--listen 8900`
+to expose Guardion as a local proxy URL you can paste into Claude Desktop → Connectors.
+
+### Modes
+
+| `--mode`  | Behavior                                              |
+|-----------|-------------------------------------------------------|
+| `dlp`     | Anonymize PII via Guard corrections — **never blocks** (default) |
+| `enforce` | Block on a deny verdict **and** anonymize             |
+| `monitor` | Observe only — send for visibility, never modify      |
+
+### Environment variables
+
+| Variable               | Purpose                                                       |
+|------------------------|---------------------------------------------------------------|
+| `GUARDION_TOKEN`       | Your Guardion API key (or stored via `guardion token set`)    |
+| `GUARDION_POLICY`      | Policy slug whose PII / Data-Protection detector to apply     |
+| `GUARDION_API_URL`     | Guard API base URL (default `https://api.guardion.ai`)        |
+| `GUARDION_MODE`        | `dlp` \| `enforce` \| `monitor` (same as `--mode`)            |
+| `GUARDION_FAIL_CLOSED` | `true` to deny when Guard is unreachable (default: fail-open) |
+
+## Complete example for Cursor / Claude Desktop
+
+Add this to your MCP configuration file:
+
+```json
+{
+  "mcpServers": {
+    "guardion": {
+      "command": "npx",
+      "args": [
+        "-y", "@guardion/guardion", "mcp", "--mode", "dlp", "--server", "filesystem", "--",
+        "npx", "-y", "@modelcontextprotocol/server-filesystem", "/path/to/files"
+      ],
+      "env": {
+        "GUARDION_TOKEN": "grd_your_api_key",
+        "GUARDION_POLICY": "data-protection"
+      }
+    }
+  }
+}
+```
+
+…or skip the hand-editing and let the CLI do it for every app: `guardion install mcp`.
+
+## CLI
+
+| Command | What it does |
+|---------|--------------|
+| `guardion init` | Guided setup: pick what to protect, paste your key, choose a policy & mode |
+| `guardion install mcp` | Scan & DLP-protect every detected MCP config |
+| `guardion mcp [--mode …] [--policy …] -- <cmd>` / `--url <url>` | Wrap one MCP server |
+| `guardion scan [--mode full\|mcp\|tools\|agents\|skills]` | Discover MCP servers, tools, skills, shadow-AI agents/connectors; `--inventory` reports to Guard |
+| `guardion scan --mode mcp --dry-run \| --replace \| --revert` | Preview / apply / undo config protection |
+| `guardion claude-code [--mode hooks\|gateway\|full]` | Govern Claude Code via hooks |
+| `guardion token set\|get\|test\|clear` | Manage your API token |
+
+## Requirements
+
+- Node.js >= 18.0.0
+- A Guardion API key and a policy with the PII / Data-Protection detector enabled
+  (create one at [guardion.ai](https://guardion.ai))
+
+## License
+
+MIT
+
+## About
+
+Guardion secures your MCP clients and AI agents from data leaks (DLP / PII anonymization),
+prompt injection, tool poisoning, and risky actions.
+
+[www.guardion.ai](https://guardion.ai)

package/dist/bin/cli.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../bin/cli.ts"],"names":[],"mappings":""}