Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-figuard-figuard-mcp": {
"args": [
"-y",
"figuard-mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A travel-booking agent hit a Stripe timeout. It retried. Then retried again. The customer's card was charged three times for the same flight before an engineer noticed the anomaly in the logs — 40 minutes later.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'figuard-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked figuard-mcp against OSV.dev.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml / security
Dynamic problem-solving through sequential thought chains
Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.
Persistent memory using a knowledge graph
Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.
MCP Security Weekly
Get CVE alerts and security updates for io.github.figuard/figuard-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A travel-booking agent hit a Stripe timeout and retried twice. The customer's card was charged three times for the same flight before anyone noticed — 40 minutes later.
No alert fired. No limit existed. The agent had a valid API key and no concept of "I already did this."
FiGuard gives agents bounded resources — money, tokens, API calls, GPU hours, any unit you define — and they ask permission before consuming them. You set the ceiling, the retry rules, and the idempotency policy once. Every attempt, authorized or denied, lands in an append-only audit log.
That exact failure is in the stress harness: a retried charge produces 0 double-charges, and 100 agents racing one budget produce 0 overspends — verified against the ledger, reproducibly (make bench).
Your framework decides what to do next. FiGuard decides whether the resource-consuming action is allowed.
Your agent code (LangChain · LangGraph · CrewAI · any runtime)
orchestrates — decides what to do next
↓ agent wants to spend / call / execute
figuard.authorize()
checks: limit · category · velocity · dedup
↓ AUTHORIZED — action proceeds
Stripe · OpenAI · any API or service
executes — real money or resource consumed
↓ action completes
figuard.confirm()
settles reservation — ledger updated
LangChain / LangGraph — FiGuard authorizes each tool call before it executes. A budget-exhausted agent stops cleanly instead of running up cost — even across parallel nodes in a LangGraph.
CrewAI — Each crew member gets a delegation token with its own cap. A runaway specialist is stopped at its limit without affecting the rest of the crew.
OpenAI Agents SDK / MCP — Wrap tools with @guarded_function_tool or add the FiGuard MCP server — every tool call is pre-flight authorized before it reaches the API.
Not using a framework? — The raw SDK works anywhere — a Python script, a background job, a serverless function. If it calls an API that costs money or consumes a bounded resource, FiGuard fits.
Try it now — no setup, no signup:
→ pip install figuard — runs locally on your machine, nothing hosted (Quickstart)
→ Run in Colab — or try it in the browser
→ Live dashboard
FiGuard is the authorization and ledger layer — not a payment processor, not a policy DSL, not an adversarial-agent firewall. Full scope →
Tested with:
| Framework | Versions | Python |
|---|---|---|
| LangChain | ≥ 0.3.0 | 3.9 – 3.12 |
| LangGraph | ≥ 0.2.0 | 3.10 – 3.12 |
| CrewAI | ≥ 0.102 | 3.10 – 3.12 |
| OpenAI Agents SDK | ≥ 0.0.5 | 3.10 – 3.12 |
| TypeScript SDK | Node ≥ 18 | — |
| MCP server | Claude Code, Cursor, Claude Desktop | — |
pip install figuard
from figuard import FiGuardClient
# Zero-config, zero-infra — runs enforcement locally (embedded SQLit
... [View full README on GitHub](https://github.com/figuard/figuard-core#readme)