AgentOpsSec
HomeProjectsDocsContribute
GitHub Install stack

Secure your agents
before they touch your tools.

AgentOpsSec is the open-source layer between your AI agents and everything they can break — MCP servers, your filesystem, your secrets, your bill.

Get startedBrowse projects GitHub
8
Open-source projects
MIT
License
100%
Local-first
~/projects/api $ mcp-doctor scan
1$ mcp-doctor scan
2→ scanning ~/.config/claude/mcp.json
3→ found 6 servers, 47 tools
4 
5✓ filesystem-mcp      scope: ~/projects   risk: low
6✓ postgres-mcp        read-only            risk: low
7! github-mcp          writes to any repo  risk: med
8✗ shell-mcp           unrestricted exec    risk: HIGH
9✗ secrets-mcp         reads .env, ~/.ssh   risk: HIGH
10 
11# 2 high-risk servers blocked.
12# run `mcp-doctor explain shell-mcp` for details.
2 safe1 warn2 high-risk · blocked
why this matters

Your AI agent has more access than your interns.

Modern coding agents read files, run shell commands, install packages, modify code, hit APIs, query databases, and open pull requests. Most of them do all of that with a single confirmation dialog.

You wouldn’t merge an intern’s PR without review. You wouldn’t give them root. You wouldn’t pay their AWS bill blind.

Agents need the same controls. Local-first. Open-source. Today.

  • What tools can it call?
  • Did it read .env or ~/.ssh?
  • Can the run be replayed?
  • What did it actually cost?
  • Did it skip the test suite?
  • Did it install a typosquat?
Live agent activity
watching
tooltargetverdictwhen
shell.execrm -rf ~/projects/api/dbblocked2s ago
fs.write/etc/hostsblocked11s ago
fs.read~/.aws/credentialsblocked23s ago
http.fetchhttps://pastebin.com/raw/…flagged41s ago
fs.write~/projects/api/src/auth.tsallowed52s ago
shell.execpnpm install left-pad-evilblocked1m ago
shell.execblocked
rm -rf ~/projects/api/db
2s ago
fs.writeblocked
/etc/hosts
11s ago
fs.readblocked
~/.aws/credentials
23s ago
http.fetchflagged
https://pastebin.com/raw/…
41s ago
fs.writeallowed
~/projects/api/src/auth.ts
52s ago
shell.execblocked
pnpm install left-pad-evil
1m ago
the stack

Eight open-source projects.
One coherent control plane.

All projects
01 · orchestrate

AgentOpsSec Stack

Run the AgentOpsSec stack from one CLI.

$ agentopssec init
02 · audit

MCP Doctor

Audit your MCP servers before your AI agent uses them.

$ npx mcp-doctor scan
03 · control

MCP Firewall

Let AI agents use tools without giving them your whole machine.

$ mcp-firewall run codex
04 · observe

Agent Flight Recorder

Debug, replay, and audit every AI agent run.

$ agent-flight run -- codex "fix tests"
05 · review

Agent Review

Review the agent's behavior, not just the code diff.

$ agent-review --from-git-diff
06 · score

MCP Radar

Trust scores for MCP servers.

$ mcp-radar score owner/repo
07 · isolate

Agent Sandbox

Run AI coding agents in a restricted local sandbox.

$ agent-sandbox run -- codex "fix tests"
08 · meter

Agent Cost Lens

Know what every AI agent run actually costs.

$ agent-cost today
the story
stack orchestrates the suite · mcp-doctor finds the risk · mcp-firewall blocks risky actions · agent-flight-recorder shows what happened · agent-review verifies the agent behaved · mcp-radar scores the ecosystem · agent-sandbox isolates local agent work · agent-cost-lens tracks the bill
start here

Audit your MCP servers in 10 seconds.

One command. No account. No telemetry. Reads your local Claude / Cursor / Cline config and tells you what your agent can actually do.

Read the docs Star on GitHub
install.sh
1# option 1: one-shot scan, no install
2npx @agentopssec/mcp-doctor scan
3 
4# option 2: install the orchestrator
5npm install -g agentopssec
6agentopssec init
7agentopssec start -- codex