Hejdar
@ARKALDA
Hejdar MCP Server — runtime policy enforcement for AI agents
概览
What is Hejdar?
Hejdar is an MCP server that exposes the hejdar_evaluate tool to allow MCP-compatible AI agents (e.g., Claude, ChatGPT, Cursor) to check whether an intended action is permitted by organizational policy before executing it. It is a thin wrapper around the Hejdar API (POST /v1/evaluate) and contains no policy logic itself — all decisions come from the user's Hejdar organization's configured policies.
How to use Hejdar?
Install via pip install hejdar-mcp or run directly with uvx hejdar-mcp. Obtain an API key from app.hejdar.com (Settings → API Keys). Configure your MCP client (Claude Desktop, Claude Code, or direct stdio) by setting the HEJDAR_API_KEY environment variable and pointing to the hejdar-mcp command. Once configured, your agent can call hejdar_evaluate with parameters action_type, resource, and optional agent_name and context.
Key features of Hejdar
- Exposes
hejdar_evaluateas a single MCP tool. - Wraps the Hejdar API; no policy logic in the server.
- Supports five action types: READ, WRITE, DELETE, TRANSFER, EXECUTE.
- Returns decisions: ALLOW, DENY, or WOULD_DENY with reason and risk level.
- API key is read from environment variables only; never hardcoded.
- All API calls enforce TLS for secure communication.
Use cases of Hejdar
- Prevent an AI agent from deleting customer data without manager approval.
- Enforce that a code-generation agent can only read, not write, to production databases.
- Block a file-transfer agent from moving sensitive data to an unauthorized server.
- Alert on actions that would be denied (WOULD_DENY) for auditing purposes.
- Integrate runtime policy checks into any MCP-compatible client workflow.