HuGR Tools

HuGR Tools

A monorepo of MCP toolkits for Cloudflare Workers, providing over 630 tools across SaaS providers and AWS, with composite tools for security, incident response, billing, and cloud cost optimization.

Category
Visit Server

README

HuGR_Tools

630 tools · 37 deployable workers · one frozen kernel · 8,538 tests passing · 1,928 credential-gated integration tests skipped in CI · 0 failing.

A monorepo of MCP toolkits for Cloudflare Workers, built on a shared @hugr/kernel. Each toolkit is an independent JSON-RPC 2.0 server that plugs into any MCP host over HTTP.

MIT License CI


What is this?

A modular monolith of MCP tool servers. Provider packages share a single kernel (@hugr/kernel) that handles HTTP, auth, rate limiting, the error taxonomy, and JSON-RPC dispatch — written once, frozen. Each toolkit deploys as a standalone Cloudflare Worker and versions independently.

The workspace holds 39 packages:

  • 37 deployable Cloudflare Workers — 630 tools total:
    • 6 SaaS providers: cloudflare (84), stripe (50), vercel (40), sentry (27), pagerduty (34), supabase (35)
    • 26 AWS surface packages: 282 tools across the AWS API
    • 5 Datadog packages: apm, core, dashboards, logs, monitors — 78 tools
  • @hugr/kernel — the shared contract every worker builds on
  • 1 internal packageshared (Datadog family internals) — plus a ci/ helper directory.

Architecture: docs/ARCHITECTURE.md.


Flagship tools — 25 composite tools

Most of the 630 are focused single-purpose primitives (typed, validated, fail-closed access to one provider endpoint — the baseline an agent needs). These 25 are the composite ones: one call fans out to several provider APIs and correlates them into a named verdictPROBABLE_CAUSE, TRUE_POSITIVE / FALSE_POSITIVE, GO / NO_GO, P1 / P2 / P3 — the output a senior analyst would produce, not a wrapped endpoint.

Each was selected by reading its handler implementation, not its description — every one below was confirmed to actually fan out and correlate. Each links to its handler and has a dedicated test suite beside it.

Security, threat & access forensics

Tool What one call does
cf_campaign_ioc_investigation Extracts IOCs from a threat campaign, enriches each via domain/IP intel, then cross-references them against your own attack surface to score exposure; clusters by ASN to reveal shared campaign infrastructure
cf_strategic_security_report Correlates active security insights against observed threat campaigns (a threat-alignment score) and computes intel coverage-gaps into a CISO briefing
cf_dlp_violation_triage A weighted false-positive model plus a two-stage verdict that overrides TRUE_POSITIVEINCONCLUSIVE when corroborating evidence (source device, active gateway rule) is absent
cf_client_side_threat_analysis Scans a PageShield script's outbound connections for exfiltration signatures; escalates to Magecart when the script sits on a checkout/payment page
aws_iam_role_permission_blast_radius Fans out ~40 IAM calls (role + inline/attached policies, every version) to score privilege-escalation exposure and flag "any principal can assume me" trust misconfig
supabase_network_threat_view Real CIDR subnet arithmetic to test each active IP ban against the allowlist, surfacing ban∩allowlist overlaps as a misconfiguration signal

Incident response, RCA & observability

Tool What one call does
root_cause (datadog) Correlates 8 Datadog sources (events, metrics, spans, logs, monitors, SLOs, incidents, deps) in parallel around a timestamp; temporal RCA with graceful degradation per source
incident_timeline (datadog) Merges 5 sources into one T+0 timeline, auto-detecting the incident start and deriving metric-shift / log-spike signals rather than dumping raw events
deploy_impact (datadog) Equal before/after windows classify each metric REGRESSION / IMPROVEMENT / STABLE, with a confound guard that warns on other deploys inside the window
forecast_risk (datadog) Extrapolates metric trend + SLO error-budget burn to project when a service breaches ("error_rate hits 5% in ~18h") — the only forward-looking tool
pd_deployment_rca Ranks change events by temporal proximity to an incident and scores against an MTTR baseline into PROBABLE_CAUSE / POSSIBLE_CAUSE
pd_performance_report Multi-dimensional (service / team / responder) analytics with >2×-median outlier detection and responder-burnout flags
cf_provider_outage_diagnosis Builds a per-provider outage timeline through AI Gateway and computes a recovery verdict (RECOVERED / PARTIAL / STILL_DEGRADED) from pre-vs-post error rates
aws_ec2_instance_health_triage Joins instance + status checks + EBS volumes + security groups into one health verdict — failed checks, unencrypted volumes, SSH/RDP open to 0.0.0.0/0
sentry_issue_triage_and_forensics Adaptive drill-down into a single event: in-app stack frames, per-frame local variables, the breadcrumb trail, request/user context
sentry_replay_evidence_harvest Matches a session replay's error IDs to Issue groups and grades escalation P1 / P2 / P3 — error-to-session forensics

Billing, fraud & tax

Tool What one call does
stripe_quarterly_tax_reconciliation Reconciles a quarter of invoices against tax registrations per jurisdiction, normalizing multi-currency VAT via FX; flags unregistered-with-liability
stripe_fraud_coverage_gap_analysis Joins charges × early-fraud-warnings × disputes to score "disputed-without-EFW" gaps against Visa's real 0.1% monitoring threshold
stripe_failed_payment_recovery Derives recovery viability (FULL / PARTIAL / NO via credit-balance math) crossed with the dunning ladder and card-expiry detection
stripe_transaction_dispute_evidence_chain Adaptive forensic walk of the Issuing dispute↔transaction↔authorization chain; flags force-capture when the authorization was declined

Release, deploy & on-call gating

Tool What one call does
vercel_check_gated_promotion Aggregates blocking CI checks + alias-swap safety into a PASS / BLOCK production-promotion verdict with a typed blocker list
vercel_canary_health_snapshot Resolves the canary from the active rolling-release stage and computes an adaptive gate (SPIKE_TRIAGE / STAGE_APPROVAL) with next-stage eligibility
pd_oncall_program_health_audit Models rotation burden (hours per engineer across rotation layers), flags anyone >2× median, and scores escalation-policy compliance

Cloud cost & threat intel

Tool What one call does
aws_rds_db_cost_optimizer Correlates instances × reserved instances to recommend right-sizing (Graviton r5r6g, gp2gp3, previous-gen) and map RI coverage gaps by class
cf_weekly_threat_landscape Computes week-over-week Radar deltas client-side (doubles the window, splits the series — no prior-week API exists) and merges BGP hijack / route-leak events into one report

The kernel itself is the other thing worth reading: a 3-tier auth verifier chain (RS256 → HMAC → fail-closed introspection, bearer tokens SHA-256-hashed before caching — hugr-auth.ts, ~1,400 lines of dedicated tests), distributed rate limiting over Durable Objects with deterministic sharding and anti-cascade fail-open (rate-limit.ts), and the full dispatch pipeline — CORS → pre-auth gate → auth → tier check → rate limit → Zod validation → provider build → format → audit (server.ts).


Auth & credentials

  • Fail-closed PAT introspection. Every worker validates the caller's PAT against an external introspection endpoint on each request. If that endpoint is unreachable, auth fails closed. Scopes are derived from the caller's plan server-side — never read from the token.
  • BYOK, zero stored secrets. Workers hold no provider credentials. The caller supplies provider creds via per-request headers; when they are absent, the call fails closed.

Self-hosting (no external auth service needed)

Platform auth is a pluggable IdentityProvider, and the bundled one resolves its mode from env, strongest-first: RS256 → HMAC → introspection (hugr-auth.ts). The introspection mode targets a multi-tenant deployment; a self-hoster needs none of it:

# 1. Set one secret on your worker (local HS256 verification, no network call)
wrangler secret put HUGR_INLINE_HMAC_SECRET

# 2. Mint your own tokens against it
tsx scripts/auth/mint-token.ts --alg HS256 --secret <secret> \
    --sub me --plan pro --scopes hugr:tools --ttl 3600

# Or asymmetric: generate a keypair, keep the private key, give workers only the public one
tsx scripts/auth/mint-token.ts gen-keypair --out-dir ./keys   # then set HUGR_INLINE_RS256_PUBLIC_KEY

Don't run a deployed worker with no auth at all: BYOK means callers bring their own provider keys, but an open worker on a public URL is a free proxy on your Cloudflare account. One HMAC secret is the floor.


Deploy

Each toolkit is a standard Cloudflare Worker. Run one locally with wrangler dev, or deploy to your own account with wrangler deploy --env <env>. Fill in account_id and your auth config (the introspect endpoint, or HUGR_INLINE_HMAC_SECRET for local HS256 verification — see below) in each packages/<pkg>/wrangler.toml; the committed values are placeholders.


Testing & evidence

The 37 workers was tested to exhaustion before release, and every claim traces to a dated record in this repo. Raw JSON for bench runs lives in scripts/load-test/results/.

What was tested Record
Unit + integration — 8,538 passing, 1,928 credential-gated skips, 0 failing (v1.0.0 CI) CI run 27887641262
Adversarial load, 20 scenarios (bench:evil) — e.g. 100,000 requests, 0 errors docs/architecture/BENCHMARKS.md
Fault injection, 8 chaos scenarios (bench:chaos) — provider chaos, state corruption, memory pressure, clock skew, slow-network, schema floods docs/architecture/CHAOS_BENCHMARKS.md
MCP spec conformance, 10 scenarios incl. the official SDK Client end-to-end (bench:mcp) docs/architecture/MCP_CONFORMANCE.md
Mutation testing over kernel + shared, Stryker (bench:mutation) — full kill/survive breakdown published, including the unflattering rows docs/architecture/MUTATION_BENCHMARKS.md
Also on record: security, observability, quality and supply-chain benches; Node 18 compat docs/architecture/

These records are point-in-time (each is dated). Provider APIs drift; the credential-gated integration suites re-verify against live APIs whenever run with real credentials.


Quick start

# 1. Clone
git clone https://github.com/HumanGuardrail/HuGR_Tools.git
cd HuGR_Tools

# 2. Install (pnpm workspace)
pnpm install

# 3. Run all tests
pnpm -r test

# 4. Typecheck
pnpm -r typecheck

# 5. Run one package in dev mode (example: cloudflare)
pnpm -F @hugr/cloudflare dev

Requirements: Node >= 20 for development (CI runs Node 20; deploys use Node 22, required by wrangler 4). Worker code itself keeps Node 18 API compatibility, enforced by check:node18 — that is why the workspace engines floor reads >=18.17.


Per-package index

Each package has its own README.md with its full tool table, BYOK credential headers, and install snippet.

Package Tools Description
kernel Shared infrastructure: ports, http, formatter, mcp, tool, identity
cloudflare 84 Cloudflare platform — zones, DNS, WAF, Workers, R2, analytics
stripe 50 Stripe payments, subscriptions, billing, disputes, payouts
vercel 40 Vercel deployments, domains, projects, logs, analytics
sentry 27 Sentry error tracking, issues, releases, performance
pagerduty 34 PagerDuty incidents, alerts, schedules, escalations
supabase 35 Supabase projects, databases, auth (GoTrue), edge functions
aws-ai 7 Bedrock + BedrockAgent
aws-audit 13 CloudTrail + Config
aws-backup 6 Backup + FSx + Glacier
aws-batch 6 AWS Batch
aws-cache 6 ElastiCache + Redshift
aws-cicd-ext 6 CodeArtifact + CodeCommit + CodeDeploy + Proton
aws-cloudwatch 14 CloudWatch + CloudWatchLogs
aws-containers 9 ECS + EKS
aws-cost 11 CostExplorer + Organizations
aws-data 10 Athena + EMR + Glue
aws-devops 18 AutoScaling + CodeBuild + CodePipeline + ECR + SSM + X-Ray
aws-dynamodb 13 DynamoDB
aws-ec2 17 EC2
aws-iam 11 IAM
aws-lambda 15 Lambda
aws-management 8 CloudFormation + ServiceCatalog + Support
aws-messaging 15 EventBridge + SFN + SNS + SQS
aws-ml 6 SageMaker
aws-network-ext 5 DirectConnect + GlobalAccelerator + EC2
aws-networking 16 APIGateway + CloudFront + ELB + Route53
aws-rds 12 RDS
aws-s3 16 S3
aws-security 19 GuardDuty + Inspector + KMS + SecretsManager + SecurityHub + WAFv2
aws-security-ext 8 Detective + FMS + Macie2 + SSO Admin
aws-storage 7 EFS
aws-streaming 8 Kafka + Kinesis + MQ
apm 17 Datadog APM
core 15 Datadog core metrics and infrastructure
dashboards 12 Datadog dashboards
logs 18 Datadog logs
monitors 16 Datadog monitors and alerts

Status & honest assessment

As a product. This space is commoditizing — major providers now ship official MCP servers, so a third-party 630-tool suite carries a real, ongoing maintenance surface. Each worker deploys to your own Cloudflare account; how you isolate environments (separate accounts vs. name suffixes) is your call.

As an engineering artifact. The notable part is the structure: 37 independently-deployable workers sharing one frozen kernel contract (HTTP, auth, rate limiting, error taxonomy, JSON-RPC dispatch — written once); a BYOK fail-closed credential model; an OpenAPI→MCP codegen step that generated the AWS surface; and the test / mutation / chaos / leak-hunt discipline behind it.

Built by an agent fleet. This toolkit was constructed by an orchestrated fleet of AI coding agents, each working a disjoint, file-scoped slice against the frozen kernel contract — which is exactly what made a parallel, machine-driven build tractable. Stated plainly rather than passed off as hand-crafted; the interesting engineering is the structure that let it work.

Test figures are from the v1.0.0 CI run on main (GitHub Actions run 27887641262, 2026-06-20): 8,538 passing, 1,928 skipped, 0 failing (kernel alone: 514). The skips are credential-gated provider-integration suites (describe.skipIf(!HAS_CREDS)) that run only with real provider credentials.


Reference

Document Purpose
docs/ARCHITECTURE.md High-level navigation hub — start here
docs/architecture/ADR-001-modular-monolith.md Why modular monolith + shared kernel
docs/architecture/KERNEL_SPEC.md Kernel API contracts (frozen)
CONTRIBUTING.md Branching, commit format, ABORT rules, DoD
CHANGELOG.md Version history

License

MIT — Copyright 2026 Gustavo Schneiter / HuGR

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured