If you're shipping AI agents that touch real APIs, this is the governance layer you bolt on before production. Haldir wraps every MCP tool call with session-scoped permission checks, encrypted secrets the model never sees, a hash-chained audit trail for compliance, and optional human-in-the-loop approvals. The CLI gives you live dashboards, audit exports, and webhook delivery stats. Self-host with Docker Compose and Postgres, or point at their cloud. Integrates with LangChain, CrewAI, AutoGen, and Vercel AI SDK. Built for teams that need SOC2-ready evidence packs and can't afford to let an agent burn through rate limits or leak credentials in prompt context.
claude mcp add --transport stdio exposureguard-haldir uvx haldir