com.axiorank/axiorank
Official22 toolsAxioRank — Agent Firewall
Security gateway for AI agents: score tool calls, verify agent cards, enforce policy, audit.
Security gateway that scores tool calls, verifies agent cards, and enforces policies.
Captured live from the server via tools/list.
axiorank_score_tool_call
Inspect a proposed agent tool call BEFORE executing it. AxioRank scores its risk (0–100), runs content inspection (secrets, PII, destructive ops, prompt-injection, egress), applies your policies, records an audit log, and returns a decision: `allow`, `deny`, or `hold`. On `hold`, a human must approve. Poll `axiorank_check_approval` with the returned `approvalId`. Call this in your tool-use loop and refuse or wait on any non-`allow` decision. Requires the `gateway:write` scope.
Parameters (17)
- toolstringrequired
- argumentsobject
- phasestring
- resultTextstring
- promptTextstring
- completionTextstring
- contextstring
- costUsdnumber
- modelstring
- inputTokensinteger
- outputTokensinteger
- intentstring
- taintHandlestring
- passportboolean
- sourcestring
- traceIdstring
- stepIndexinteger
axiorank_verify_card
Vet a remote agent or tool's identity card (A2A Agent Card, MCP server card, OAuth metadata, x402, …) BEFORE connecting to it. Supply EITHER `url` (AxioRank fetches the card) OR an inline `document`. AxioRank verifies signatures, scores supply-chain risk, folds in cross-tenant threat intel, and returns `allow` / `review` / `deny` with the resolved identity, capabilities and auth. Use it as a connection preflight. Requires the `cards:verify` scope.
Parameters (3)
- urlstring
- documentany
- protocolstring
axiorank_check_approval
Poll the verdict of a held (`hold`) tool call. Pass the `approvalId` returned by `axiorank_score_tool_call`. Blocks briefly server-side and returns as soon as an operator approves/denies; otherwise returns the still-`pending` status so you can call again. Requires the `gateway:write` scope and the same agent key that made the original call.
Parameters (1)
- approvalIdstringrequired
The approvalId returned by axiorank_score_tool_call when the decision was 'hold'.
axiorank_get_protocol_coverage
List the agent-interop protocols AxioRank can govern (A2A, MCP, OAuth, x402, DIDs, robots.txt/llms.txt, AP2, …), grouped into six planes, each with coverage status (live/beta/planned) and direction (inbound/outbound/both). Use this to discover what AxioRank speaks before wiring up card verification or inbound bot management.
No parameters.
axiorank_get_health
Liveness/readiness probe for the AxioRank control plane (API + database reachability). Returns `status: ok|degraded`.
No parameters.
axiorank_list_agents
List the active agents in your AxioRank workspace (id, name, labels, quarantine + last-used status). Use this to find an agent's id before calling agent-specific tools. Requires the `agents:read` scope.
No parameters.
axiorank_get_agent
Fetch one agent's posture (quarantine state, labels, last-used, revocation) by id, scoped to your workspace. Requires the `agents:read` scope.
Parameters (1)
- agentIdstringrequired
The agent's UUID (from axiorank_list_agents).
axiorank_quarantine_agent
Reversible kill switch: quarantine an agent so the gateway DENIES all of its tool calls, or release it. Set `quarantine: false` to restore. Requires the `agents:write` scope.
Parameters (2)
- agentIdstringrequired
The agent's UUID (from axiorank_list_agents).
- quarantinebooleanrequired
true = quarantine (deny all its calls); false = release.
axiorank_revoke_agent
Permanently revoke an agent: its API keys stop authenticating immediately (incident response). Irreversible. Issue a new agent to restore access. Its audit history is kept. Requires the `agents:write` scope. Prefer `axiorank_quarantine_agent` for a reversible pause.
Parameters (1)
- agentIdstringrequired
The agent's UUID (from axiorank_list_agents).
axiorank_list_policies
List the outbound governance policies in your workspace (enabled or not), each with its tool pattern, action (allow/deny/require_approval/redact), risk threshold, priority and enabled flag. Requires the `policies:read` scope.
No parameters.
axiorank_get_policy
Fetch one outbound policy by id, scoped to your workspace. Requires the `policies:read` scope.
Parameters (1)
- policyIdstringrequired
The policy's UUID (from axiorank_list_policies).
axiorank_create_policy
Create an outbound governance policy. It is created DISABLED so an LLM can never arm enforcement unattended. Review it (axiorank_get_policy) then enable it with axiorank_update_policy. `toolPattern` is a glob over tool names; `action` is allow / deny / require_approval / redact (redact masks PII in a model completion). Requires the `policies:write` scope.
Parameters (8)
- namestringrequired
- toolPatternstringrequired
- actionstringrequired
- riskThresholdany
- signalCategoryany
- contextany
- priorityinteger
- enforcementModestring
axiorank_update_policy
Update an existing policy: enable/disable it, rename it, or change its priority. (Other fields are edited in the dashboard.) Requires the `policies:write` scope.
Parameters (4)
- policyIdstringrequired
The policy's UUID (from axiorank_list_policies).
- enabledboolean
Arm (true) or disarm (false) the policy.
- namestring
- priorityinteger
Lower runs first; ties broken by creation order.
axiorank_search_audit_logs
Search your workspace's governance audit trail, newest first, with filters: decision (allow/deny/hold), source (sdk/mcp), agentId, tool name (substring), minimum risk, and a time window (ISO `from`/`to`). Payloads are already secret-redacted. Use it to answer questions like "show denied tool calls in the last 24h". Requires the `logs:read` scope.
Parameters (8)
- decisionstring
- sourcestring
- agentIdstring
- toolstring
Case-insensitive substring of the tool name.
- minRiskinteger
- fromstring
ISO timestamp: inclusive lower bound on created_at.
- tostring
ISO timestamp: exclusive upper bound on created_at.
- limitinteger
axiorank_list_incidents
List security alerts/incidents in your workspace, newest first, filterable by status (open/acknowledged/resolved/suppressed), severity (low/medium/high/critical) and kind (high_risk/anomaly/auto_response/kill_chain/ml_threat). Requires the `logs:read` scope.
Parameters (4)
- statusstring
- severitystring
- kindstring
- limitinteger
axiorank_get_incident
Fetch the kill-chain finding behind an alert (the multi-step attack pattern, severity, and the contributing tool-call ids) by alert id. Returns null evidence for a non-kill-chain alert. Requires the `logs:read` scope.
Parameters (1)
- alertIdstringrequired
The alert/incident UUID (from axiorank_list_incidents).
axiorank_list_threat_intel
List external identities (card hosts/keys) flagged across the AxioRank network, with k-anonymity-gated aggregate counts (workspaces, sightings, deny/review, max risk). This is the shared cross-tenant feed, not your private data. Requires the `logs:read` scope.
No parameters.
axiorank_list_ml_assessments
List your workspace's most recent ML/LLM threat assessments (model verdict, threat class, confidence, recommendation) for tool calls and cards. Requires the `logs:read` scope.
Parameters (1)
- limitinteger
axiorank_get_usage
Report this billing period's usage for your workspace: plan tier, governed events used vs the monthly limit, and ML assessments used. Requires the `logs:read` scope.
No parameters.
axiorank_issue_token
Mint a short-lived, scoped `axr_tok_…` access token for an existing agent. This is the Zero-Trust credential the agent sends as `Authorization: Bearer <token>`. It expires within the hour and cannot be replayed afterwards. Durable static keys are issued in the dashboard, not here. Requires the `keys:write` scope.
Parameters (3)
- agentIdstringrequired
The agent's UUID (from axiorank_list_agents).
- scopesarray
Operational scopes for the token (gateway:write, cards:verify, logs:read).
- ttlSecondsinteger
Token lifetime in seconds (60–3600). Defaults to 900 (15 min).
axiorank_create_agent
Create a new agent in your workspace and return a SHORT-LIVED bootstrap token to start using it immediately (no durable secret is emitted). For long-term auth, add a static key or a federation binding in the dashboard. Requires the `agents:write` scope.
Parameters (5)
- namestringrequired
- descriptionstring
- labelsarray
- tokenScopesarray
Operational scopes for the token (gateway:write, cards:verify, logs:read).
- ttlSecondsinteger
Token lifetime in seconds (60–3600). Defaults to 900 (15 min).
axiorank_author_detector
Describe a risk in plain English and AxioRank's AI proposes a custom content detector (regex or keyword) and SAVES it DISABLED for your review. An LLM never arms detection unattended. Outbound content categories only (secret/pii/destructive/injection/egress). Requires the `policies:write` scope and an AI-assessments-enabled plan (Team+).
Parameters (1)
- descriptionstringrequired
What to detect, e.g. 'flag AWS secret access keys in tool arguments'.
README not available yet.
Install
claude_desktop_config.json
{
"mcpServers": {
"axiorank": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://app.axiorank.com/api/mcp-server/mcp"
]
}
}
}Desktop config is stdio-only; this bridges via mcp-remote. Native remote: Settings > Connectors.