An open-source SIEM and MCP audit proxy. Intercept, audit, and block unauthorized tool executions — before they touch your infrastructure.
$ npx agentmetry initOne lightweight daemon between your agent and its tools. Zero cloud dependency. Telemetry stays local.
Secure any Model Context Protocol server. Agentmetry sits between agent and tool — every call is inspected before it executes.
Automatically maps agent behavior to adversarial tactics. Every bash call and tool invocation gets a TTP label your SOC already speaks.
Runs on-box. Prevents agents from reading .env files, SSH keys, or proprietary source — and blocks exfiltration to untrusted endpoints.
Native bash commands and MCP tool calls are routed through the local audit proxy.
Each event is parsed, matched to MITRE ATT&CK TTPs, and scanned by the local DLP engine.
Allow, warn, or block in-line. Every decision is recorded to the local SIEM stream.
Free. Open source. MIT licensed. Runs on your machine, not ours.