UNWIND
A security layer for AI agents that monitors, checks, and records every action, providing a trust light, timeline, rewind, and ghost mode for testing without consequences.
README
UNWIND
Your agent can read email, write files, send messages, and call APIs. Do you know what it did while you were away?
See Everything. Rewind File Changes. Test Without Consequences.
UNWIND is a security layer for AI agents. Install it once, and every real-world action your agent takes — file writes, API calls, shell commands — is monitored, checked, and recorded. If something goes wrong, you'll know. If it changes a file, you can rewind it in one click.
Check on your agent from your phone. Green light means everything's fine. Amber means something needs your attention. Red means something was blocked.
No AI in the security path. Your agent doesn't know UNWIND exists.
<p align="center"> <img src="docs/screenshots/mobile-green.jpg" width="250" alt="All Clear — your agent is operating normally"> <img src="docs/screenshots/mobile-amber.jpg" width="250" alt="Review Recommended — your agent browsed the web"> <img src="docs/screenshots/mobile-red.jpg" width="250" alt="Alert — SSRF attack blocked"> </p>
Install
OpenClaw users — tell your agent:
Install the UNWIND security engine with
pip install unwind-mcp, then install the experimental OpenClaw adapter from this repo withopenclaw plugins install ./openclaw-adapter. Restart the gateway when done.
Or manually:
pip install unwind-mcp
openclaw plugins install ./openclaw-adapter
Just want to watch first? Ghost Mode shows you what your agent would do, without letting it do anything:
pip install ghostmode
ghostmode -- npx @modelcontextprotocol/server-filesystem ~/Documents
MCP clients (Claude Desktop, Cursor, Windsurf, VS Code):
pip install unwind-mcp
unwind serve -- npx @modelcontextprotocol/server-filesystem ~/Documents
Point your client at UNWIND instead of the upstream server. The agent doesn't know it's there.
What You Get
- Trust Light — a green, amber, or red indicator that tells you at a glance whether your agent is operating normally. Check it from your phone.
- Timeline — every action your agent took, when, and whether it was allowed. Expandable detail on each event. Scroll through it on mobile.
- Rewind — before every file write, UNWIND takes a snapshot. Changed your mind? One click to restore.
- While You Were Away — a summary of what happened while you weren't watching, with anything that needs your attention highlighted.
- Ghost Mode — test untrusted tools or risky prompts without consequences. Your agent thinks it worked, but nothing real changed.
Advanced controls: trusted source rules for scheduled tasks, 15-stage deterministic pipeline, tamper-evident audit chain.
Dashboard
Open http://your-machine:9001 from any browser — including your phone.
unwind dashboard
See what your agent is doing now, review what happened while you were away, undo file changes, toggle Ghost Mode, and verify the audit chain — all from one mobile-friendly page.
Compatibility
One core engine, multiple adapters. UNWIND works with OpenClaw, standard MCP clients, and any agent framework that can route tool calls through a proxy or sidecar.
| Platform | Integration |
|---|---|
| OpenClaw | Native plugin (fail-closed) |
| Claude Desktop, Cursor, Windsurf, VS Code | MCP stdio proxy (drop-in) |
| LangChain, CrewAI, AutoGPT, custom agents | HTTP sidecar API (~50 lines) |
Packages
pip install unwind-mcp gives you everything — pipeline, dashboard, Ghost Mode, CRAFT chain, rewind, CLI. One install.
The standalone packages below are for people who want just one piece:
| Package | What | Install |
|---|---|---|
| ghostmode | Dry-run proxy only (MIT, zero deps) | pip install ghostmode |
| craft-auth | Transport auth library only (zero deps) | pip install craft-auth && craft-auth demo |
Architecture
UNWIND is built on a six-layer security model, from immediate enforcement to deep cryptographic attestation:
| Layer | What it does | Status |
|---|---|---|
| UNWIND | 15-stage enforcement pipeline, flight recorder, trust light | Operational |
| Rollback | File-level smart snapshots with one-command undo | Operational |
| Ghost Mode | Dry-run sandbox with shadow VFS | Operational |
| CRAFT | Transport-layer auth + tamper-evident hash chain | Operational |
| CADENCE | Temporal anomaly detection (timing-based) | Live prototype |
| CRIP | Consent protocol for rhythm data | Verify |
Full architecture → · Pipeline stages → · Threat model →
CLI
unwind serve -- <command> MCP stdio proxy
unwind status Trust state + recent events
unwind log [--since TIME] Event timeline
unwind verify Hash chain integrity check
unwind undo last|ID|--since Rollback actions
unwind dashboard Web UI
unwind ask "question" Natural language query
unwind export json|html Export events
unwind anchor Chain checkpoint
unwind tamper-check Tamper detection report
Development
git clone https://github.com/unwind-mcp/unwind
cd unwind
pip install -e ".[dev]"
pytest # 1,859 tests
Contributing → · Security policy → · Changelog →
License
AGPL-3.0-or-later (Ghost Mode is MIT)
PyPI · Ghost Mode · CRAFT · Dashboard Demo · Architecture · Threat Model · Security Policy · Changelog
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.