# haldir Haldir is a security and governance layer for AI agents. Session-scoped permissions (Gate), encrypted secret storage (Vault), and tamper-evident audit logging (Watch). ## Quick Start ```bash # Connect this server (installs CLI if needed) npx -y @smithery/cli@latest mcp add haldir/haldir # Browse available tools npx -y @smithery/cli@latest tool list haldir/haldir # Get full schema for a tool npx -y @smithery/cli@latest tool get haldir/haldir createSession # Call a tool npx -y @smithery/cli@latest tool call haldir/haldir createSession '{}' ``` ## Direct MCP Connection Endpoint: `https://haldir--haldir.run.tools` **Optional config:** - `apiKey` (query) — Your Haldir API key. Create one free at haldir.xyz ## Tools (10) - `createSession` — Create a new agent session with scoped permissions and an optional spend budget. Every AI agent must have an active ses… - `getSession` — Retrieve the current state of an agent session including its scopes, spend budget, remaining balance, and validity stat… - `revokeSession` — Immediately revoke an agent session, permanently disabling all permissions and blocking further actions under that sess… - `checkPermission` — Check whether a specific session has a given permission scope. Returns a boolean indicating if the action is allowed. U… - `storeSecret` — Store an encrypted secret in the Haldir Vault with an optional scope requirement. Secrets are encrypted at rest using A… - `getSecret` — Retrieve a decrypted secret from the Vault. If a session_id is provided, the session's scopes are checked against the s… - `authorizePayment` — Authorize a payment against an agent session's spend budget. The amount is deducted from the session's remaining budget… - `logAction` — Log an agent action to the tamper-evident audit trail with automatic anomaly detection. Every tool call, API request, o… - `getAuditTrail` — Query the audit trail to review all actions taken by agents. Filter by session ID, agent ID, tool name, or flagged-only… - `getSpend` — Get a summary of total spend across agent sessions, broken down by session or agent. Returns total USD spent, number of… ```bash # Get full input/output schema for a tool npx -y @smithery/cli@latest tool get haldir/haldir ``` ## Prompts (2) - `security-audit` (session_id) — Audit an AI agent's recent actions for security concerns. Reviews the audit trail for anomalous patterns, excessive spe… - `budget-check` (session_id) — Check the remaining budget for an agent session and warn if spending is approaching the limit. Provides a summary of sp…