HuGR Tools
OfficialProvides tools for threat campaign IOC investigation, strategic security report, DLP violation triage, client-side threat analysis, provider outage diagnosis, and weekly threat landscape.
Provides tools for root cause analysis, incident timeline, deploy impact analysis, and forecast risk assessment by correlating multiple Datadog sources.
Provides tools for deployment RCA, performance report, and on-call program health audit with outlier detection and burnout flags.
Provides tools for issue triage and forensics with adaptive drill-down into events, and replay evidence harvest grading escalation P1/P2/P3.
Provides tools for quarterly tax reconciliation, fraud coverage gap analysis, failed payment recovery, and transaction dispute evidence chain.
Provides tools for network threat view with CIDR subnet arithmetic to detect ban-allowlist overlaps.
Provides tools for check-gated production promotion and canary health snapshot with adaptive stage approval.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@HuGR Toolsinvestigate the latest security alert from Cloudflare"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
HuGR_Tools
630 tools · 37 deployable workers · one frozen kernel · 8,538 tests passing · 1,928 credential-gated integration tests skipped in CI · 0 failing.
A monorepo of MCP toolkits for Cloudflare Workers, built on a shared @hugr/kernel. Each toolkit is an independent JSON-RPC 2.0 server that plugs into any MCP host over HTTP.
What is this?
A modular monolith of MCP tool servers. Provider packages share a single kernel (@hugr/kernel) that handles HTTP, auth, rate limiting, the error taxonomy, and JSON-RPC dispatch — written once, frozen. Each toolkit deploys as a standalone Cloudflare Worker and versions independently.
The workspace holds 39 packages:
37 deployable Cloudflare Workers — 630 tools total:
6 SaaS providers: cloudflare (84), stripe (50), vercel (40), sentry (27), pagerduty (34), supabase (35)
26 AWS surface packages: 282 tools across the AWS API
5 Datadog packages: apm, core, dashboards, logs, monitors — 78 tools
@hugr/kernel— the shared contract every worker builds on1 internal package —
shared(Datadog family internals) — plus aci/helper directory.
Architecture: docs/ARCHITECTURE.md.
Related MCP server: MCP Startup Framework
Flagship tools — 25 composite tools
Most of the 630 are focused single-purpose primitives (typed, validated, fail-closed access to one provider endpoint — the baseline an agent needs). These 25 are the composite ones: one call fans out to several provider APIs and correlates them into a named verdict — PROBABLE_CAUSE, TRUE_POSITIVE / FALSE_POSITIVE, GO / NO_GO, P1 / P2 / P3 — the output a senior analyst would produce, not a wrapped endpoint.
Each was selected by reading its handler implementation, not its description — every one below was confirmed to actually fan out and correlate. Each links to its handler and has a dedicated test suite beside it.
Security, threat & access forensics
Tool | What one call does |
Extracts IOCs from a threat campaign, enriches each via domain/IP intel, then cross-references them against your own attack surface to score exposure; clusters by ASN to reveal shared campaign infrastructure | |
Correlates active security insights against observed threat campaigns (a threat-alignment score) and computes intel coverage-gaps into a CISO briefing | |
A weighted false-positive model plus a two-stage verdict that overrides | |
Scans a PageShield script's outbound connections for exfiltration signatures; escalates to Magecart when the script sits on a checkout/payment page | |
Fans out ~40 IAM calls (role + inline/attached policies, every version) to score privilege-escalation exposure and flag "any principal can assume me" trust misconfig | |
Real CIDR subnet arithmetic to test each active IP ban against the allowlist, surfacing ban∩allowlist overlaps as a misconfiguration signal |
Incident response, RCA & observability
Tool | What one call does |
| Correlates 8 Datadog sources (events, metrics, spans, logs, monitors, SLOs, incidents, deps) in parallel around a timestamp; temporal RCA with graceful degradation per source |
| Merges 5 sources into one T+0 timeline, auto-detecting the incident start and deriving metric-shift / log-spike signals rather than dumping raw events |
| Equal before/after windows classify each metric |
| Extrapolates metric trend + SLO error-budget burn to project when a service breaches ("error_rate hits 5% in ~18h") — the only forward-looking tool |
Ranks change events by temporal proximity to an incident and scores against an MTTR baseline into | |
Multi-dimensional (service / team / responder) analytics with >2×-median outlier detection and responder-burnout flags | |
Builds a per-provider outage timeline through AI Gateway and computes a recovery verdict ( | |
Joins instance + status checks + EBS volumes + security groups into one health verdict — failed checks, unencrypted volumes, SSH/RDP open to | |
Adaptive drill-down into a single event: in-app stack frames, per-frame local variables, the breadcrumb trail, request/user context | |
Matches a session replay's error IDs to Issue groups and grades escalation |
Billing, fraud & tax
Tool | What one call does |
Reconciles a quarter of invoices against tax registrations per jurisdiction, normalizing multi-currency VAT via FX; flags unregistered-with-liability | |
Joins charges × early-fraud-warnings × disputes to score "disputed-without-EFW" gaps against Visa's real 0.1% monitoring threshold | |
Derives recovery viability ( | |
Adaptive forensic walk of the Issuing dispute↔transaction↔authorization chain; flags force-capture when the authorization was declined |
Release, deploy & on-call gating
Tool | What one call does |
Aggregates blocking CI checks + alias-swap safety into a | |
Resolves the canary from the active rolling-release stage and computes an adaptive gate ( | |
Models rotation burden (hours per engineer across rotation layers), flags anyone >2× median, and scores escalation-policy compliance |
Cloud cost & threat intel
Tool | What one call does |
Correlates instances × reserved instances to recommend right-sizing (Graviton | |
Computes week-over-week Radar deltas client-side (doubles the window, splits the series — no prior-week API exists) and merges BGP hijack / route-leak events into one report |
The kernel itself is the other thing worth reading: a 3-tier auth verifier chain (RS256 → HMAC → fail-closed introspection, bearer tokens SHA-256-hashed before caching — hugr-auth.ts, ~1,400 lines of dedicated tests), distributed rate limiting over Durable Objects with deterministic sharding and anti-cascade fail-open (rate-limit.ts), and the full dispatch pipeline — CORS → pre-auth gate → auth → tier check → rate limit → Zod validation → provider build → format → audit (server.ts).
Auth & credentials
Fail-closed PAT introspection. Every worker validates the caller's PAT against an external introspection endpoint on each request. If that endpoint is unreachable, auth fails closed. Scopes are derived from the caller's plan server-side — never read from the token.
BYOK, zero stored secrets. Workers hold no provider credentials. The caller supplies provider creds via per-request headers; when they are absent, the call fails closed.
Self-hosting (no external auth service needed)
Platform auth is a pluggable IdentityProvider, and the bundled one resolves its mode from env, strongest-first: RS256 → HMAC → introspection (hugr-auth.ts). The introspection mode targets a multi-tenant deployment; a self-hoster needs none of it:
# 1. Set one secret on your worker (local HS256 verification, no network call)
wrangler secret put HUGR_INLINE_HMAC_SECRET
# 2. Mint your own tokens against it
tsx scripts/auth/mint-token.ts --alg HS256 --secret <secret> \
--sub me --plan pro --scopes hugr:tools --ttl 3600
# Or asymmetric: generate a keypair, keep the private key, give workers only the public one
tsx scripts/auth/mint-token.ts gen-keypair --out-dir ./keys # then set HUGR_INLINE_RS256_PUBLIC_KEYDon't run a deployed worker with no auth at all: BYOK means callers bring their own provider keys, but an open worker on a public URL is a free proxy on your Cloudflare account. One HMAC secret is the floor.
Deploy
Each toolkit is a standard Cloudflare Worker. Run one locally with wrangler dev, or deploy to your own account with wrangler deploy --env <env>. Fill in account_id and your auth config (the introspect endpoint, or HUGR_INLINE_HMAC_SECRET for local HS256 verification — see below) in each packages/<pkg>/wrangler.toml; the committed values are placeholders.
Testing & evidence
The 37 workers was tested to exhaustion before release, and every claim traces to a dated record in this repo. Raw JSON for bench runs lives in scripts/load-test/results/.
What was tested | Record |
Unit + integration — 8,538 passing, 1,928 credential-gated skips, 0 failing (v1.0.0 CI) | |
Adversarial load, 20 scenarios ( | |
Fault injection, 8 chaos scenarios ( | |
MCP spec conformance, 10 scenarios incl. the official SDK | |
Mutation testing over kernel + shared, Stryker ( | |
Also on record: security, observability, quality and supply-chain benches; Node 18 compat |
These records are point-in-time (each is dated). Provider APIs drift; the credential-gated integration suites re-verify against live APIs whenever run with real credentials.
Quick start
# 1. Clone
git clone https://github.com/HumanGuardrail/HuGR_Tools.git
cd HuGR_Tools
# 2. Install (pnpm workspace)
pnpm install
# 3. Run all tests
pnpm -r test
# 4. Typecheck
pnpm -r typecheck
# 5. Run one package in dev mode (example: cloudflare)
pnpm -F @hugr/cloudflare devRequirements: Node >= 20 for development (CI runs Node 20; deploys use Node 22, required by wrangler 4). Worker code itself keeps Node 18 API compatibility, enforced by check:node18 — that is why the workspace engines floor reads >=18.17.
Per-package index
Each package has its own README.md with its full tool table, BYOK credential headers, and install snippet.
Package | Tools | Description |
— | Shared infrastructure: ports, http, formatter, mcp, tool, identity | |
84 | Cloudflare platform — zones, DNS, WAF, Workers, R2, analytics | |
50 | Stripe payments, subscriptions, billing, disputes, payouts | |
40 | Vercel deployments, domains, projects, logs, analytics | |
27 | Sentry error tracking, issues, releases, performance | |
34 | PagerDuty incidents, alerts, schedules, escalations | |
35 | Supabase projects, databases, auth (GoTrue), edge functions | |
7 | Bedrock + BedrockAgent | |
13 | CloudTrail + Config | |
6 | Backup + FSx + Glacier | |
6 | AWS Batch | |
6 | ElastiCache + Redshift | |
6 | CodeArtifact + CodeCommit + CodeDeploy + Proton | |
14 | CloudWatch + CloudWatchLogs | |
9 | ECS + EKS | |
11 | CostExplorer + Organizations | |
10 | Athena + EMR + Glue | |
18 | AutoScaling + CodeBuild + CodePipeline + ECR + SSM + X-Ray | |
13 | DynamoDB | |
17 | EC2 | |
11 | IAM | |
15 | Lambda | |
8 | CloudFormation + ServiceCatalog + Support | |
15 | EventBridge + SFN + SNS + SQS | |
6 | SageMaker | |
5 | DirectConnect + GlobalAccelerator + EC2 | |
16 | APIGateway + CloudFront + ELB + Route53 | |
12 | RDS | |
16 | S3 | |
19 | GuardDuty + Inspector + KMS + SecretsManager + SecurityHub + WAFv2 | |
8 | Detective + FMS + Macie2 + SSO Admin | |
7 | EFS | |
8 | Kafka + Kinesis + MQ | |
17 | Datadog APM | |
15 | Datadog core metrics and infrastructure | |
12 | Datadog dashboards | |
18 | Datadog logs | |
16 | Datadog monitors and alerts |
Status & honest assessment
As a product. This space is commoditizing — major providers now ship official MCP servers, so a third-party 630-tool suite carries a real, ongoing maintenance surface. Each worker deploys to your own Cloudflare account; how you isolate environments (separate accounts vs. name suffixes) is your call.
As an engineering artifact. The notable part is the structure: 37 independently-deployable workers sharing one frozen kernel contract (HTTP, auth, rate limiting, error taxonomy, JSON-RPC dispatch — written once); a BYOK fail-closed credential model; an OpenAPI→MCP codegen step that generated the AWS surface; and the test / mutation / chaos / leak-hunt discipline behind it.
Built by an agent fleet. This toolkit was constructed by an orchestrated fleet of AI coding agents, each working a disjoint, file-scoped slice against the frozen kernel contract — which is exactly what made a parallel, machine-driven build tractable. Stated plainly rather than passed off as hand-crafted; the interesting engineering is the structure that let it work.
Test figures are from the v1.0.0 CI run on main (GitHub Actions run 27887641262, 2026-06-20): 8,538 passing, 1,928 skipped, 0 failing (kernel alone: 514). The skips are credential-gated provider-integration suites (describe.skipIf(!HAS_CREDS)) that run only with real provider credentials.
Reference
Document | Purpose |
High-level navigation hub — start here | |
Why modular monolith + shared kernel | |
Kernel API contracts (frozen) | |
Branching, commit format, ABORT rules, DoD | |
Version history |
License
MIT — Copyright 2026 Gustavo Schneiter / HuGR
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/HumanGuardrail/HuGR_Tools'
If you have feedback or need assistance with the MCP directory API, please join our Discord server