hejdar-mcp
Runtime policy enforcement for AI agents. Evaluate every agent action against your organization's policies before execution, with observe and enforce modes.
README
hejdar-mcp
MCP server for Hejdar — runtime policy enforcement for AI agents.
This server exposes hejdar_evaluate as an MCP tool. Any MCP-compatible agent (Claude, ChatGPT, Cursor, custom) can call it to check whether an action is permitted by organizational policy before executing it.
The MCP server is a thin wrapper around the Hejdar API (POST /v1/evaluate). It contains no policy logic — all decisions come from your Hejdar organization's configured policies.
Quick Start
1. Install
pip install hejdar-mcp
Or run directly with uvx:
uvx hejdar-mcp
2. Get your API key
Sign up at app.hejdar.com and create an API key in Settings → API Keys.
3. Configure your MCP client
Claude Desktop
Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json on macOS, %APPDATA%\Claude\claude_desktop_config.json on Windows):
{
"mcpServers": {
"hejdar": {
"command": "uvx",
"args": ["hejdar-mcp"],
"env": {
"HEJDAR_API_KEY": "hejdar_sk_your_key_here"
}
}
}
}
Claude Code
Add to your Claude Code MCP settings:
{
"mcpServers": {
"hejdar": {
"command": "uvx",
"args": ["hejdar-mcp"],
"env": {
"HEJDAR_API_KEY": "hejdar_sk_your_key_here"
}
}
}
}
Direct (stdio)
export HEJDAR_API_KEY=hejdar_sk_your_key_here
hejdar-mcp
Getting Started
- Install:
pip install hejdar-mcporuvx hejdar-mcp - Get an API key — contact us at hello@hejdar.com or visit hejdar.com
- Configure your MCP client (see configuration example above)
Tool: hejdar_evaluate
Evaluate an agent action against your organization's security policies.
Input:
| Parameter | Type | Required | Description |
|---|---|---|---|
action_type |
string | Yes | READ, WRITE, DELETE, TRANSFER, or EXECUTE |
resource |
string | Yes | Target resource, e.g. customer_database |
agent_name |
string | No | Name of the calling agent, e.g. hr-assistant |
context |
object | No | Free-form metadata (department, user_id, reason, etc.) |
Output:
{
"decision": "DENY",
"policy_id": "pol_abc123",
"reason": "Deletion of customer data requires manager approval",
"risk_level": "HIGH"
}
decision is one of: ALLOW, DENY, WOULD_DENY.
System Prompt Pattern
For best results, add this to your agent's system prompt:
You have access to the hejdar_evaluate tool. Before performing any action
that reads, writes, deletes, transfers data, or executes commands on
external systems, you MUST call hejdar_evaluate first.
If hejdar_evaluate returns DENY or WOULD_DENY, do NOT proceed with the
action. Instead, inform the user that the action was blocked by policy
and include the reason provided.
Environment Variables
| Variable | Required | Default | Description |
|---|---|---|---|
HEJDAR_API_KEY |
Yes | — | Your Hejdar API key |
HEJDAR_API_URL |
No | https://api.hejdar.com |
API base URL (for self-hosted) |
Security
- API key is read from environment variables only — never hardcoded or exposed in tool I/O
- All inputs are validated and sanitized before forwarding to the API
- Error responses never leak internal details, API keys, or stack traces
- All API calls enforce TLS
Development
git clone https://github.com/ARKALDA/hejdar-mcp.git
cd hejdar-mcp
pip install -e ".[dev]"
pytest
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.