AI Execution Security Layer

v1.0.0Securitystable

The Execution Security Layer for the Agentic Era. Providing deterministic 'Sudo' governance and audit logs for autonomous AI agents.

ai-safetyai-securityclaude-codegeminigemini-cli
Share:
192
Stars
0
Downloads
0
Weekly
0/5

What is AI Execution Security Layer?

AI Execution Security Layer is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to execution security layer for the agentic era. providing deterministic 'sudo' governance and audit logs for autonomous ai agents.

The Execution Security Layer for the Agentic Era. Providing deterministic 'Sudo' governance and audit logs for autonomous AI agents.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • The Execution Security Layer for the Agentic Era. Providing

Use Cases

Governance and sudo control for agents
Audit logs for autonomous AI
Deterministic permission management
node9-ai

Maintainer

LicenseNOASSERTION
Languagetypescript
Versionv1.0.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx node9-proxy

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use AI Execution Security Layer

Node9-Proxy is an execution security layer for AI agents that acts as a transparent gateway in front of MCP servers, enforcing deterministic permission policies and generating tamper-evident audit logs for every tool call. It supports Claude Code, Gemini CLI, Cursor, Windsurf, GitHub Copilot CLI, and any MCP-compatible agent, providing 'sudo'-style governance so teams can let agents run autonomously without sacrificing visibility or control. Security and compliance teams use it to define shield rule packs that block destructive operations like credential access, `rm -rf`, or unauthorized database mutations.

Prerequisites

  • Node.js 18+ installed
  • Homebrew (macOS/Linux) or npm for installation
  • An existing MCP server or AI agent to proxy
  • An MCP-compatible client (Claude Code, Gemini CLI, Cursor, etc.)
1

Install Node9

Install Node9 via Homebrew on macOS/Linux, or via npm for cross-platform use.

# macOS / Linux
brew tap node9-ai/node9 && brew install node9

# Any platform
npm install -g node9-ai
2

Initialize Node9 in your project

Run `node9 init` to auto-detect your installed agents and MCP servers, wiring them through the Node9 proxy automatically.

node9 init
3

Validate the configuration

Use the doctor command to confirm Node9 is correctly wired to your agents and MCP servers before activating it.

node9 doctor
4

Enable security shields for your threat model

Activate rule packs to block specific categories of dangerous operations. Multiple shields can be enabled simultaneously.

node9 shield enable project-jail   # Block credential/SSH file access
node9 shield enable bash-safe       # Prevent curl|bash, rm -rf patterns
node9 shield enable postgres        # Block destructive SQL commands
node9 shield enable aws             # Restrict S3/EC2/IAM mutations
node9 shield list                   # View all available shields
5

Configure an MCP server to run through Node9

Wrap any upstream MCP server by adding a Node9 gateway entry in your claude_desktop_config.json. Node9 intercepts all tool calls before they reach the upstream server.

{
  "mcpServers": {
    "postgres": {
      "command": "node9",
      "args": ["mcp", "--upstream", "npx -y @modelcontextprotocol/server-postgres postgresql://localhost/mydb"]
    }
  }
}
6

Monitor agent activity in real time

Use the monitor dashboard or tail command to watch live tool calls, then review historical sessions and costs.

node9 monitor           # Interactive real-time dashboard
node9 tail              # Live text stream of tool calls
node9 sessions          # Historical session review with costs
node9 report --period 7d  # Weekly summary report

AI Execution Security Layer Examples

Client configuration

Wrap an existing MCP server (e.g. postgres) through Node9 proxy in Claude Desktop

{
  "mcpServers": {
    "postgres-secured": {
      "command": "node9",
      "args": ["mcp", "--upstream", "npx -y @modelcontextprotocol/server-postgres postgresql://localhost/mydb"]
    }
  }
}

Prompts to try

These prompts test the agent while Node9 governs the execution and logs every call

- "Query the database for the top 10 most recent orders"
- "Show me which files the agent has access to in this project"
- "Generate a report of all tool calls made in the last 7 days"

Troubleshooting AI Execution Security Layer

node9 init does not detect my agent or MCP server

Ensure the agent CLI (e.g. `claude`, `gemini`) is on your PATH before running `node9 init`. Run `node9 doctor` afterward to see what was and was not detected.

Shield blocks a legitimate operation my agent needs

Run `node9 shield list` to see active shields, then disable the specific shield with `node9 shield disable <name>` or adjust the shield policy file to allowlist specific commands.

Upstream MCP server fails to connect through the proxy

Test the upstream server command directly in your terminal first to confirm it works standalone. Ensure the full upstream command string passed to `--upstream` is properly quoted and the server binary is on PATH.

Frequently Asked Questions about AI Execution Security Layer

What is AI Execution Security Layer?

AI Execution Security Layer is a Model Context Protocol (MCP) server that execution security layer for the agentic era. providing deterministic 'sudo' governance and audit logs for autonomous ai agents. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install AI Execution Security Layer?

Follow the installation instructions on the AI Execution Security Layer GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with AI Execution Security Layer?

AI Execution Security Layer works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is AI Execution Security Layer free to use?

Yes, AI Execution Security Layer is open source and available under the NOASSERTION license. You can use it freely in both personal and commercial projects.

AI Execution Security Layer Alternatives — Similar Security Servers

Looking for alternatives to AI Execution Security Layer? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "node9-proxy": { "command": "npx", "args": ["-y", "node9-proxy"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use AI Execution Security Layer?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides