ledgermind
Allows CrewAI agents to wrap the CLI/JSON output as a tool for scanning and anomaly detection in LLM usage.
Forwards findings and anomaly reports to Jira via webhook for issue tracking and alerting.
Enables LangChain agents to incorporate LEDGERMIND's scanning and anomaly detection as a tool in their workflows.
Sends anomaly alerts and reports to Slack channels via webhook for real-time monitoring.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ledgermindscan demos/ for cost anomalies"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
LEDGERMIND
Local LLM cost & token forensics proxy with anomaly detection
AI Security & Governance โ securing LLMs, agents, and the MCP supply chain.
pip install cognis-ledgermind
ledgermind scan . # โ prioritized findings in seconds๐ Example output
Real, reproducible output from the tool โ runs offline:
$ ledgermind-emit --version
ledgermind 0.1.0$ ledgermind-emit --help
usage: ledgermind [-h] [--version] {audit} ...
Local LLM cost & token forensics with anomaly detection.
positional arguments:
{audit}
audit Audit an LLM request log (JSONL or JSON array).
options:
-h, --help show this help message and exit
--version show program's version number and exitBlocks above are real
ledgermindoutput โ reproduce them from a clone.
Sample result format (illustrative values โ run on your own data for real findings):
{
"finding": {
"id": "1234567890",
"category": "vulnerability",
"name": "Apache Log4j RCE",
"description": "A remote code execution vulnerability in Apache Log4j.",
"severity": "high",
"created_at": "2021-12-10T14:30:00Z"
},
"indicators": [
{
"type": "ip",
"value": "192.0.2.1"
},
{
"type": "domain",
"value": "example.com"
}
],
"recommendations": [
{
"text": "Update Apache Log4j to version 2.16.0 or later."
}
]
}Related MCP server: mcp-guardian
Usage โ step by step
Install (Python 3.8+, stdlib only):
pip install ledgermindAudit an LLM request log (JSONL or JSON array) for cost, tokens, and anomalies:
ledgermind audit logs.jsonlReports totals plus cost-by-model and cost-by-API-key breakdowns.
Override pricing and tune anomaly sensitivity:
ledgermind audit logs.jsonl --pricing custom_pricing.json --mad-threshold 3.0(
--pricingis merged over the built-in defaults;--mad-thresholdis the modified z-score cutoff.)Read the output as JSON:
ledgermind audit logs.jsonl --format json | jq '.total_cost_usd, .anomalies[]'Gate CI / cron on spend anomalies โ exit
2when any anomaly is detected:ledgermind audit logs.jsonl --fail-on-anomaly || echo "LLM spend anomaly detected"
Contents
Why ledgermind? ยท Features ยท Quick start ยท Example ยท Architecture ยท AI stack ยท How it compares ยท Integrations ยท Install anywhere ยท Related ยท Contributing
Why ledgermind?
Local LLM cost & token forensics proxy with anomaly detection โ without standing up heavyweight infrastructure.
ledgermind is single-purpose, scriptable, and self-hostable: point it at a target, get prioritized results in the format your workflow already speaks (table ยท JSON ยท SARIF), gate CI on it, and let agents drive it over MCP.
Features
โ Price Call
โ Load Events
โ Detect Anomalies
โ Build Report
โ Runs on Linux/macOS/Windows ยท Docker ยท devcontainer
โ Ports in Python, JavaScript, Go, and Rust (
ports/)
Quick start
pip install cognis-ledgermind
ledgermind --version
ledgermind scan . # scan current project
ledgermind scan . --format json # machine-readable
ledgermind scan . --fail-on high # CI gate (non-zero exit)Example
$ ledgermind scan .
[HIGH ] LED-001 example finding (./src/app.py)
[MEDIUM ] LED-002 another signal (./config.yaml)
2 findings ยท risk score 5 ยท 38msArchitecture
flowchart LR
IN[addresses + transactions] --> P[ledgermind<br/>cluster + trace]
P --> OUT[sanctions xref / report]Use it from any AI stack
ledgermind is interoperable with every popular way of using AI:
MCP server โ
ledgermind mcp(Claude Desktop, Cursor, Cognis.Studio, uncensored-fleet)OpenAI-compatible / JSON โ pipe
ledgermind scan . --format jsoninto any agent or LLMLangChain ยท CrewAI ยท AutoGen ยท LlamaIndex โ wrap the CLI/JSON as a tool in one line
CI / scripts โ exit codes + SARIF for non-AI pipelines
How it compares
Cognis ledgermind | BerriAI | |
Self-hostable, no account | โ | varies |
Single command, zero config | โ | โ ๏ธ |
JSON + SARIF for CI | โ | varies |
MCP-native (AI agents) | โ | โ |
Polyglot ports (JS/Go/Rust) | โ | โ |
Open license | โ COCL | varies |
Built in the spirit of BerriAI/litellm, re-framed the Cognis way. Missing a credit? Open a PR.
Integrations
Pipes into your stack: SARIF for code-scanning, JSON for anything, an MCP server (ledgermind mcp) for AI agents, and a webhook forwarder for SIEM/Slack/Jira. See docs/INTEGRATIONS.md.
Install โ every way, every platform
pip install "git+https://github.com/cognis-digital/ledgermind.git" # pip (works today)
pipx install "git+https://github.com/cognis-digital/ledgermind.git" # isolated CLI
uv tool install "git+https://github.com/cognis-digital/ledgermind.git" # uv
pip install cognis-ledgermind # PyPI (when published)
docker run --rm ghcr.io/cognis-digital/ledgermind:latest --help # Docker
brew install cognis-digital/tap/ledgermind # Homebrew tap
curl -fsSL https://raw.githubusercontent.com/cognis-digital/ledgermind/main/install.sh | shLinux | macOS | Windows | Docker | Cloud |
|
|
|
| DEPLOY.md (AWS/Azure/GCP/k8s) |
Related Cognis tools
aegisโ AI Agent Permission & Access Auditor โ surfaces the lethal trifecta of credentials + injection + reachpromptmirrorโ Prompt-injection & indirect-injection scanner for any LLM context inputadversaโ LLM red-team harness โ OWASP LLM Top 10 + MITRE ATLAS attack packsguardpostโ Runtime agent firewall โ PII redaction, rate limits, policy enforcementhallumarkโ LLM hallucination & grounding auditor for RAG systemsaicardโ Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards
Explore the suite โ ๐๏ธ all 170+ tools ยท โญ awesome-cognis ยท ๐ cognis-sources ยท ๐ค uncensored-fleet ยท ๐ง engram
Contributing
PRs, new rules, and demo scenarios are welcome under the collaboration-pull model โ see CONTRIBUTING.md and SECURITY.md.
โญ If
ledgermindsaved you time, star it โ it genuinely helps others find it.
Interoperability
{} composes with the 300+ tool Cognis suite โ JSON in/out and a shared
OpenAI-compatible /v1 backbone. See INTEROP.md for the
suite map, composition patterns, and reference stacks.
License
Source-available under the Cognis Open Collaboration License (COCL) v1.0 โ free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license (licensing@cognis.digital). See LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/cognis-digital/ledgermind'
If you have feedback or need assistance with the MCP directory API, please join our Discord server