Build safe AI agents with natural language and 0% policy violations
Part of Agent OS - Kernel-level governance for AI agents
npx agentos-mcp-servernpm: agentos-mcp-server
MCP Registry: io.github.imran-siddique/agentos
AgentOS MCP Server brings the complete Agent OS safety framework to any MCP-compatible AI assistant including Claude Desktop, GitHub Copilot, Cursor, and more. Create, deploy, and manage policy-compliant autonomous agents through natural conversation.
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Claude Desktop / Copilot / Cursor β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β "Create an agent that..." β β
β ββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββ
β MCP Protocol
βββββββββββββββΌββββββββββββββ
β π‘οΈ AgentOS MCP Server β
β β
β β’ 10 Tools β
β β’ Policy Engine β
β β’ Approval Workflows β
β β’ Audit Logging β
β β’ Template Library β
βββββββββββββββ¬ββββββββββββββ
β
βββββββββββββββββββββΌββββββββββββββββββββ
β β β
βββββββΌββββββ ββββββββΌβββββββ βββββββΌββββββ
β Agents β β Policies β β Audit β
β (Local) β β (Enforced) β β (Logged) β
βββββββββββββ βββββββββββββββ βββββββββββββ
User: Create an agent that processes customer feedback from support emails daily
Claude: β
Agent Created Successfully!
Agent: customer-feedback-processor
β
Data Source: Email inbox via IMAP
β
Processing: Sentiment analysis + categorization
β
Output: Daily summary to Slack
β
Schedule: Every day at 9 AM
Safety Policies Applied:
π‘οΈ PII Protection: Customer emails/names anonymized
π‘οΈ Rate Limiting: Max 1000 emails per run
π‘οΈ Human Review: Negative sentiment cases flagged
- 6 built-in policies (PII, rate-limiting, cost-control, data-deletion, secrets, human-review)
- Real-time policy evaluation
- Automatic blocking of violations
- Clear explanations and alternatives
- Risk-based approval requirements
- Multi-party approval for critical actions
- Email/Slack notifications
- Expiration handling
- Every action logged immutably
- Policy evaluations recorded
- Compliance report generation
- Export for auditors
- 10+ agent templates (data processor, email assistant, backup, scraper, etc.)
- 6+ policy templates (GDPR, SOC 2, HIPAA, PCI DSS, etc.)
- Industry-specific compliance frameworks
- SOC 2 - Security & availability controls
- GDPR - EU data protection
- HIPAA - Healthcare data privacy
- PCI DSS - Payment card security
- CCPA - California privacy
- NIST - Cybersecurity framework
- ISO 27001 - Information security
- FedRAMP - Federal authorization
Add to your claude_desktop_config.json:
Windows: %APPDATA%\Claude\claude_desktop_config.json
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Linux: ~/.config/Claude/claude_desktop_config.json
{
"mcpServers": {
"agentos": {
"command": "npx",
"args": ["-y", "agentos-mcp-server"],
"env": {
"AGENTOS_POLICY_MODE": "strict"
}
}
}
}Close and reopen Claude Desktop to load the MCP server.
Just ask Claude naturally:
"Create an agent that backs up my Documents folder to Google Drive every night"
Claude will:
- Create the agent with appropriate configuration
- Suggest safety policies based on the task
- Let you test before deployment
- Deploy with monitoring enabled
User: I need an agent that processes customer feedback from support emails daily
Claude: β
Agent Created Successfully!
Agent: customer-feedback-processor
ID: a1b2c3d4-e5f6-7890-abcd-ef1234567890
Status: draft
Language: python
Task:
Process customer feedback from support emails daily
Workflow Steps:
1. connect_email: email.connect
2. process_data: execute
3. output_results: output
Safety Policies Applied:
π‘οΈ PII Protection: Customer emails/names anonymized
π‘οΈ Rate Limiting: Max 1000 emails per run
π‘οΈ Human Review: Negative sentiment cases flagged
Next Steps:
1. Use `test_agent` to run a dry-run test
2. Use `attach_policy` to add more safety policies
3. Use `deploy_agent` when ready to run
User: Test this agent with a scenario of processing 100 emails
Claude: β
Test PASSED
Agent: customer-feedback-processor
Scenario: Process 100 customer emails
Mode: Dry Run (no changes)
Configuration Check: β
Valid
Workflow Check: β
Valid (3 steps)
Policy Evaluation: β
No violations detected
Warnings:
β οΈ PII access logged
Resource Estimates:
- Duration: ~30 seconds
- Cost: $0.05
Next Step: Use `deploy_agent` to deploy this agent.
User: Check if this agent is SOC 2 compliant
Claude: # Compliance Report: SOC2
Agent: customer-feedback-processor
Framework: SOC2
Date: 2026-01-30
## Summary
β
COMPLIANT
Score: 100% (4/4 controls passed)
## Control Assessment
β
CC6.1: Logical Access Controls
Restrict logical access to information assets
Evidence: Policy enforcement enabled, Access logging active
β
CC6.6: Security Event Monitoring
Detect and respond to security events
Evidence: Audit logging enabled, Event timestamps recorded
β
CC7.2: Incident Response
Respond to security incidents
Evidence: Human review enabled, Escalation procedures in place
β
CC8.1: Change Management
Manage changes to system components
Evidence: Deployment approval required, Version control enabled
User: Create a policy that blocks access to customer credit card data
Claude: β
Custom Policy Created
Policy: Block Access To Customer
ID: custom-a1b2c3d4
Category: security
Description:
Block access to customer credit card data
Rules Generated (1):
π custom_block_rule [high]
Block actions based on: block access to customer credit card data
Action: deny
Usage:
1. Attach to agent: `attach_policy` with policyId "custom-a1b2c3d4"
2. Test enforcement: `test_agent` with policy scenarios
3. View active policies: `get_agent_status`
| Tool | Description |
|---|---|
create_agent |
Create agent from natural language description |
attach_policy |
Attach safety policies to agents |
test_agent |
Dry-run test before deployment |
deploy_agent |
Deploy agent locally or to cloud |
get_agent_status |
Get agent status and metrics |
list_templates |
Browse agent and policy templates |
request_approval |
Create approval request for sensitive actions |
audit_log |
Query audit trail |
create_policy |
Create custom policy from description |
check_compliance |
Check against compliance frameworks |
Create a new AI agent from a natural language description with automatic policy recommendations.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
description |
string | β | Natural language description of agent task |
policies |
string[] | Policy templates to apply | |
approvalRequired |
boolean | Require human approval before execution | |
language |
string | python, typescript, javascript, go |
|
schedule |
string | Cron schedule for recurring execution |
Attach safety policies to an agent with conflict detection.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
agentId |
string | β | Agent ID to attach policy to |
policyId |
string | β | Policy template ID |
customRules |
object[] | Additional custom rules |
Run a dry-run test with simulated scenarios.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
agentId |
string | β | Agent ID to test |
scenario |
string | β | Test scenario description |
mockData |
object | Mock data for testing | |
dryRun |
boolean | Run without side effects (default: true) |
Deploy an agent to local or cloud environment.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
agentId |
string | β | Agent ID to deploy |
environment |
string | local or cloud |
|
autoStart |
boolean | Start immediately after deployment |
Check an agent against regulatory frameworks.
Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
agentId |
string | β | Agent ID to check |
framework |
string | β | SOC2, GDPR, HIPAA, PCI_DSS, CCPA, NIST, ISO27001, FEDRAMP |
generateReport |
boolean | Generate detailed report |
| Policy ID | Name | Description |
|---|---|---|
pii-protection |
PII Protection | Protects personally identifiable information (GDPR) |
rate-limiting |
Rate Limiting | Prevents resource abuse through rate limits |
cost-control |
Cost Control | Prevents runaway costs from automation |
data-deletion |
Data Deletion Safety | Prevents accidental data loss |
secrets-protection |
Secrets Protection | Prevents exposure of credentials |
human-review |
Human Review Required | Requires approval for sensitive actions |
| Template ID | Framework | Description |
|---|---|---|
gdpr-compliance |
GDPR | EU General Data Protection Regulation |
soc2-security |
SOC 2 | SOC 2 Type II security controls |
hipaa-healthcare |
HIPAA | Healthcare data privacy (PHI protection) |
pci-dss-payments |
PCI DSS | Payment card data security |
read-only-access |
Security | Restricts database to read-only |
production-safety |
Operations | Extra safeguards for production |
| Template | Description | Default Policies |
|---|---|---|
data-processor |
Processes and transforms data files | rate-limiting, cost-control |
web-scraper |
Scrapes websites for data collection | rate-limiting, cost-control |
report-generator |
Generates periodic reports | pii-protection, rate-limiting |
| Template | Description | Default Policies |
|---|---|---|
email-assistant |
Monitors and processes emails | pii-protection, human-review |
slack-bot |
Automated Slack notifications | human-review, rate-limiting |
| Template | Description | Default Policies |
|---|---|---|
backup-agent |
Backs up files to cloud storage | cost-control |
api-monitor |
Monitors API health and performance | rate-limiting |
file-organizer |
Organizes files based on rules | data-deletion |
| Template | Description | Default Policies |
|---|---|---|
database-analyst |
Queries databases and generates reports | data-deletion, pii-protection |
content-moderator |
Moderates user-generated content | human-review, pii-protection |
| Variable | Description | Default |
|---|---|---|
AGENTOS_API_KEY |
API key for cloud features | (none) |
AGENTOS_POLICY_MODE |
strict or permissive |
strict |
AGENTOS_DATA_DIR |
Local data directory | .agentos |
AGENTOS_LOG_LEVEL |
debug, info, warn, error |
info |
| Mode | Behavior |
|---|---|
| strict | Any policy violation blocks the action |
| permissive | Only critical violations block (warnings logged) |
All data is stored locally in the AGENTOS_DATA_DIR:
.agentos/
βββ agents/ # Agent configurations
β βββ {id}.json
βββ approvals/ # Approval requests
β βββ {id}.json
βββ audit/ # Audit logs (JSONL format)
βββ {date}.jsonl
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Claude Desktop β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Claude AI Model β β
β β Natural language understanding & orchestration β β
β ββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββ β
β β MCP Protocol β
β ββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββββ β
β β MCP Client β β
β β Tool discovery & request handling β β
β ββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββ
β stdio
βββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββ
β @agentos/mcp-server (Node.js) β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β MCP Server β β
β β Tool/Resource/Prompt handlers β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β ββββββββββββ ββββββββββββ ββββββββββββ βββββββββββββββββ β
β β Agent β β Policy β β Approval β β Audit β β
β β Manager β β Engine β β Workflow β β Logger β β
β ββββββββββββ ββββββββββββ ββββββββββββ βββββββββββββββββ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Template Library (50+ templates) β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β HTTPS (optional)
βββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββ
β AgentOS Cloud Platform (Future) β
β β’ Persistent storage β’ Multi-tenant β’ Enterprise β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Feature | Description |
|---|---|
| Policy Enforcement | All actions validated against policies before execution |
| Data Redaction | Sensitive data automatically redacted from logs |
| Secret Protection | Secrets never stored in plain text |
| Audit Trail | Complete immutable log for compliance |
| Human Approval | Required for high-risk operations |
| Local-First | All data stored locally by default |
# Clone the repository
git clone https://github.com/imran-siddique/agent-os
cd agent-os/packages/mcp-server
# Install dependencies
npm install
# Build
npm run build
# Run in stdio mode (for Claude Desktop)
npm start -- --stdio
# Run in HTTP mode (for development)
npm start -- --http --port 3000packages/mcp-server/
βββ src/
β βββ index.ts # Main entry point
β βββ cli.ts # CLI with --stdio/--http modes
β βββ server.ts # MCP server implementation
β βββ tools/ # 10 MCP tools
β β βββ create-agent.ts
β β βββ attach-policy.ts
β β βββ test-agent.ts
β β βββ deploy-agent.ts
β β βββ get-agent-status.ts
β β βββ list-templates.ts
β β βββ request-approval.ts
β β βββ audit-log.ts
β β βββ create-policy.ts
β β βββ check-compliance.ts
β βββ services/ # Core business logic
β β βββ agent-manager.ts
β β βββ policy-engine.ts
β β βββ approval-workflow.ts
β β βββ audit-logger.ts
β β βββ template-library.ts
β βββ prompts/ # MCP prompts
β βββ types/ # TypeScript definitions
βββ package.json
βββ tsconfig.json
βββ README.md
npm test
npm run test:coverage| Metric | Target |
|---|---|
| MCP server startup | <2 seconds |
| Tool response time | <500ms (p95) |
| Memory footprint | <100MB |
| Policy evaluation | <50ms |
MIT License - see LICENSE.
Build safe AI agents with AgentOS
GitHub Β· Documentation Β· Report Issue
Made with π‘οΈ by the Agent OS team