Skip to main content
Glama
HumanGuardrail

HuGR Tools

Official

HuGR_Tools

630 tools · 37 deployable workers · one frozen kernel · 8,538 tests passing · 1,928 credential-gated integration tests skipped in CI · 0 failing.

A monorepo of MCP toolkits for Cloudflare Workers, built on a shared @hugr/kernel. Each toolkit is an independent JSON-RPC 2.0 server that plugs into any MCP host over HTTP.

MIT License CI


What is this?

A modular monolith of MCP tool servers. Provider packages share a single kernel (@hugr/kernel) that handles HTTP, auth, rate limiting, the error taxonomy, and JSON-RPC dispatch — written once, frozen. Each toolkit deploys as a standalone Cloudflare Worker and versions independently.

The workspace holds 39 packages:

  • 37 deployable Cloudflare Workers — 630 tools total:

    • 6 SaaS providers: cloudflare (84), stripe (50), vercel (40), sentry (27), pagerduty (34), supabase (35)

    • 26 AWS surface packages: 282 tools across the AWS API

    • 5 Datadog packages: apm, core, dashboards, logs, monitors — 78 tools

  • @hugr/kernel — the shared contract every worker builds on

  • 1 internal packageshared (Datadog family internals) — plus a ci/ helper directory.

Architecture: docs/ARCHITECTURE.md.


Related MCP server: MCP Startup Framework

Flagship tools — 25 composite tools

Most of the 630 are focused single-purpose primitives (typed, validated, fail-closed access to one provider endpoint — the baseline an agent needs). These 25 are the composite ones: one call fans out to several provider APIs and correlates them into a named verdictPROBABLE_CAUSE, TRUE_POSITIVE / FALSE_POSITIVE, GO / NO_GO, P1 / P2 / P3 — the output a senior analyst would produce, not a wrapped endpoint.

Each was selected by reading its handler implementation, not its description — every one below was confirmed to actually fan out and correlate. Each links to its handler and has a dedicated test suite beside it.

Security, threat & access forensics

Tool

What one call does

cf_campaign_ioc_investigation

Extracts IOCs from a threat campaign, enriches each via domain/IP intel, then cross-references them against your own attack surface to score exposure; clusters by ASN to reveal shared campaign infrastructure

cf_strategic_security_report

Correlates active security insights against observed threat campaigns (a threat-alignment score) and computes intel coverage-gaps into a CISO briefing

cf_dlp_violation_triage

A weighted false-positive model plus a two-stage verdict that overrides TRUE_POSITIVEINCONCLUSIVE when corroborating evidence (source device, active gateway rule) is absent

cf_client_side_threat_analysis

Scans a PageShield script's outbound connections for exfiltration signatures; escalates to Magecart when the script sits on a checkout/payment page

aws_iam_role_permission_blast_radius

Fans out ~40 IAM calls (role + inline/attached policies, every version) to score privilege-escalation exposure and flag "any principal can assume me" trust misconfig

supabase_network_threat_view

Real CIDR subnet arithmetic to test each active IP ban against the allowlist, surfacing ban∩allowlist overlaps as a misconfiguration signal

Incident response, RCA & observability

Tool

What one call does

root_cause (datadog)

Correlates 8 Datadog sources (events, metrics, spans, logs, monitors, SLOs, incidents, deps) in parallel around a timestamp; temporal RCA with graceful degradation per source

incident_timeline (datadog)

Merges 5 sources into one T+0 timeline, auto-detecting the incident start and deriving metric-shift / log-spike signals rather than dumping raw events

deploy_impact (datadog)

Equal before/after windows classify each metric REGRESSION / IMPROVEMENT / STABLE, with a confound guard that warns on other deploys inside the window

forecast_risk (datadog)

Extrapolates metric trend + SLO error-budget burn to project when a service breaches ("error_rate hits 5% in ~18h") — the only forward-looking tool

pd_deployment_rca

Ranks change events by temporal proximity to an incident and scores against an MTTR baseline into PROBABLE_CAUSE / POSSIBLE_CAUSE

pd_performance_report

Multi-dimensional (service / team / responder) analytics with >2×-median outlier detection and responder-burnout flags

cf_provider_outage_diagnosis

Builds a per-provider outage timeline through AI Gateway and computes a recovery verdict (RECOVERED / PARTIAL / STILL_DEGRADED) from pre-vs-post error rates

aws_ec2_instance_health_triage

Joins instance + status checks + EBS volumes + security groups into one health verdict — failed checks, unencrypted volumes, SSH/RDP open to 0.0.0.0/0

sentry_issue_triage_and_forensics

Adaptive drill-down into a single event: in-app stack frames, per-frame local variables, the breadcrumb trail, request/user context

sentry_replay_evidence_harvest

Matches a session replay's error IDs to Issue groups and grades escalation P1 / P2 / P3 — error-to-session forensics

Billing, fraud & tax

Tool

What one call does

stripe_quarterly_tax_reconciliation

Reconciles a quarter of invoices against tax registrations per jurisdiction, normalizing multi-currency VAT via FX; flags unregistered-with-liability

stripe_fraud_coverage_gap_analysis

Joins charges × early-fraud-warnings × disputes to score "disputed-without-EFW" gaps against Visa's real 0.1% monitoring threshold

stripe_failed_payment_recovery

Derives recovery viability (FULL / PARTIAL / NO via credit-balance math) crossed with the dunning ladder and card-expiry detection

stripe_transaction_dispute_evidence_chain

Adaptive forensic walk of the Issuing dispute↔transaction↔authorization chain; flags force-capture when the authorization was declined

Release, deploy & on-call gating

Tool

What one call does

vercel_check_gated_promotion

Aggregates blocking CI checks + alias-swap safety into a PASS / BLOCK production-promotion verdict with a typed blocker list

vercel_canary_health_snapshot

Resolves the canary from the active rolling-release stage and computes an adaptive gate (SPIKE_TRIAGE / STAGE_APPROVAL) with next-stage eligibility

pd_oncall_program_health_audit

Models rotation burden (hours per engineer across rotation layers), flags anyone >2× median, and scores escalation-policy compliance

Cloud cost & threat intel

Tool

What one call does

aws_rds_db_cost_optimizer

Correlates instances × reserved instances to recommend right-sizing (Graviton r5r6g, gp2gp3, previous-gen) and map RI coverage gaps by class

cf_weekly_threat_landscape

Computes week-over-week Radar deltas client-side (doubles the window, splits the series — no prior-week API exists) and merges BGP hijack / route-leak events into one report

The kernel itself is the other thing worth reading: a 3-tier auth verifier chain (RS256 → HMAC → fail-closed introspection, bearer tokens SHA-256-hashed before caching — hugr-auth.ts, ~1,400 lines of dedicated tests), distributed rate limiting over Durable Objects with deterministic sharding and anti-cascade fail-open (rate-limit.ts), and the full dispatch pipeline — CORS → pre-auth gate → auth → tier check → rate limit → Zod validation → provider build → format → audit (server.ts).


Auth & credentials

  • Fail-closed PAT introspection. Every worker validates the caller's PAT against an external introspection endpoint on each request. If that endpoint is unreachable, auth fails closed. Scopes are derived from the caller's plan server-side — never read from the token.

  • BYOK, zero stored secrets. Workers hold no provider credentials. The caller supplies provider creds via per-request headers; when they are absent, the call fails closed.

Self-hosting (no external auth service needed)

Platform auth is a pluggable IdentityProvider, and the bundled one resolves its mode from env, strongest-first: RS256 → HMAC → introspection (hugr-auth.ts). The introspection mode targets a multi-tenant deployment; a self-hoster needs none of it:

# 1. Set one secret on your worker (local HS256 verification, no network call)
wrangler secret put HUGR_INLINE_HMAC_SECRET

# 2. Mint your own tokens against it
tsx scripts/auth/mint-token.ts --alg HS256 --secret <secret> \
    --sub me --plan pro --scopes hugr:tools --ttl 3600

# Or asymmetric: generate a keypair, keep the private key, give workers only the public one
tsx scripts/auth/mint-token.ts gen-keypair --out-dir ./keys   # then set HUGR_INLINE_RS256_PUBLIC_KEY

Don't run a deployed worker with no auth at all: BYOK means callers bring their own provider keys, but an open worker on a public URL is a free proxy on your Cloudflare account. One HMAC secret is the floor.


Deploy

Each toolkit is a standard Cloudflare Worker. Run one locally with wrangler dev, or deploy to your own account with wrangler deploy --env <env>. Fill in account_id and your auth config (the introspect endpoint, or HUGR_INLINE_HMAC_SECRET for local HS256 verification — see below) in each packages/<pkg>/wrangler.toml; the committed values are placeholders.


Testing & evidence

The 37 workers was tested to exhaustion before release, and every claim traces to a dated record in this repo. Raw JSON for bench runs lives in scripts/load-test/results/.

What was tested

Record

Unit + integration — 8,538 passing, 1,928 credential-gated skips, 0 failing (v1.0.0 CI)

CI run 27887641262

Adversarial load, 20 scenarios (bench:evil) — e.g. 100,000 requests, 0 errors

docs/architecture/BENCHMARKS.md

Fault injection, 8 chaos scenarios (bench:chaos) — provider chaos, state corruption, memory pressure, clock skew, slow-network, schema floods

docs/architecture/CHAOS_BENCHMARKS.md

MCP spec conformance, 10 scenarios incl. the official SDK Client end-to-end (bench:mcp)

docs/architecture/MCP_CONFORMANCE.md

Mutation testing over kernel + shared, Stryker (bench:mutation) — full kill/survive breakdown published, including the unflattering rows

docs/architecture/MUTATION_BENCHMARKS.md

Also on record: security, observability, quality and supply-chain benches; Node 18 compat

docs/architecture/

These records are point-in-time (each is dated). Provider APIs drift; the credential-gated integration suites re-verify against live APIs whenever run with real credentials.


Quick start

# 1. Clone
git clone https://github.com/HumanGuardrail/HuGR_Tools.git
cd HuGR_Tools

# 2. Install (pnpm workspace)
pnpm install

# 3. Run all tests
pnpm -r test

# 4. Typecheck
pnpm -r typecheck

# 5. Run one package in dev mode (example: cloudflare)
pnpm -F @hugr/cloudflare dev

Requirements: Node >= 20 for development (CI runs Node 20; deploys use Node 22, required by wrangler 4). Worker code itself keeps Node 18 API compatibility, enforced by check:node18 — that is why the workspace engines floor reads >=18.17.


Per-package index

Each package has its own README.md with its full tool table, BYOK credential headers, and install snippet.

Package

Tools

Description

kernel

Shared infrastructure: ports, http, formatter, mcp, tool, identity

cloudflare

84

Cloudflare platform — zones, DNS, WAF, Workers, R2, analytics

stripe

50

Stripe payments, subscriptions, billing, disputes, payouts

vercel

40

Vercel deployments, domains, projects, logs, analytics

sentry

27

Sentry error tracking, issues, releases, performance

pagerduty

34

PagerDuty incidents, alerts, schedules, escalations

supabase

35

Supabase projects, databases, auth (GoTrue), edge functions

aws-ai

7

Bedrock + BedrockAgent

aws-audit

13

CloudTrail + Config

aws-backup

6

Backup + FSx + Glacier

aws-batch

6

AWS Batch

aws-cache

6

ElastiCache + Redshift

aws-cicd-ext

6

CodeArtifact + CodeCommit + CodeDeploy + Proton

aws-cloudwatch

14

CloudWatch + CloudWatchLogs

aws-containers

9

ECS + EKS

aws-cost

11

CostExplorer + Organizations

aws-data

10

Athena + EMR + Glue

aws-devops

18

AutoScaling + CodeBuild + CodePipeline + ECR + SSM + X-Ray

aws-dynamodb

13

DynamoDB

aws-ec2

17

EC2

aws-iam

11

IAM

aws-lambda

15

Lambda

aws-management

8

CloudFormation + ServiceCatalog + Support

aws-messaging

15

EventBridge + SFN + SNS + SQS

aws-ml

6

SageMaker

aws-network-ext

5

DirectConnect + GlobalAccelerator + EC2

aws-networking

16

APIGateway + CloudFront + ELB + Route53

aws-rds

12

RDS

aws-s3

16

S3

aws-security

19

GuardDuty + Inspector + KMS + SecretsManager + SecurityHub + WAFv2

aws-security-ext

8

Detective + FMS + Macie2 + SSO Admin

aws-storage

7

EFS

aws-streaming

8

Kafka + Kinesis + MQ

apm

17

Datadog APM

core

15

Datadog core metrics and infrastructure

dashboards

12

Datadog dashboards

logs

18

Datadog logs

monitors

16

Datadog monitors and alerts


Status & honest assessment

As a product. This space is commoditizing — major providers now ship official MCP servers, so a third-party 630-tool suite carries a real, ongoing maintenance surface. Each worker deploys to your own Cloudflare account; how you isolate environments (separate accounts vs. name suffixes) is your call.

As an engineering artifact. The notable part is the structure: 37 independently-deployable workers sharing one frozen kernel contract (HTTP, auth, rate limiting, error taxonomy, JSON-RPC dispatch — written once); a BYOK fail-closed credential model; an OpenAPI→MCP codegen step that generated the AWS surface; and the test / mutation / chaos / leak-hunt discipline behind it.

Built by an agent fleet. This toolkit was constructed by an orchestrated fleet of AI coding agents, each working a disjoint, file-scoped slice against the frozen kernel contract — which is exactly what made a parallel, machine-driven build tractable. Stated plainly rather than passed off as hand-crafted; the interesting engineering is the structure that let it work.

Test figures are from the v1.0.0 CI run on main (GitHub Actions run 27887641262, 2026-06-20): 8,538 passing, 1,928 skipped, 0 failing (kernel alone: 514). The skips are credential-gated provider-integration suites (describe.skipIf(!HAS_CREDS)) that run only with real provider credentials.


Reference

Document

Purpose

docs/ARCHITECTURE.md

High-level navigation hub — start here

docs/architecture/ADR-001-modular-monolith.md

Why modular monolith + shared kernel

docs/architecture/KERNEL_SPEC.md

Kernel API contracts (frozen)

CONTRIBUTING.md

Branching, commit format, ABORT rules, DoD

CHANGELOG.md

Version history


License

MIT — Copyright 2026 Gustavo Schneiter / HuGR

A
license - permissive license
-
quality - not tested
-
maintenance - not tested

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/HumanGuardrail/HuGR_Tools'

If you have feedback or need assistance with the MCP directory API, please join our Discord server