Skip to main content
Glama
cognis-digital

ledgermind

LEDGERMIND

Local LLM cost & token forensics proxy with anomaly detection

PyPI CI License: COCL 1.0 Suite

AI Security & Governance โ€” securing LLMs, agents, and the MCP supply chain.

pip install cognis-ledgermind
ledgermind scan .            # โ†’ prioritized findings in seconds

๐Ÿ”Ž Example output

Real, reproducible output from the tool โ€” runs offline:

$ ledgermind-emit --version
ledgermind 0.1.0
$ ledgermind-emit --help
usage: ledgermind [-h] [--version] {audit} ...

Local LLM cost & token forensics with anomaly detection.

positional arguments:
  {audit}
    audit     Audit an LLM request log (JSONL or JSON array).

options:
  -h, --help  show this help message and exit
  --version   show program's version number and exit

Blocks above are real ledgermind output โ€” reproduce them from a clone.

Sample result format (illustrative values โ€” run on your own data for real findings):

{
"finding": {
"id": "1234567890",
"category": "vulnerability",
"name": "Apache Log4j RCE",
"description": "A remote code execution vulnerability in Apache Log4j.",
"severity": "high",
"created_at": "2021-12-10T14:30:00Z"
},
"indicators": [
{
"type": "ip",
"value": "192.0.2.1"
},
{
"type": "domain",
"value": "example.com"
}
],
"recommendations": [
{
"text": "Update Apache Log4j to version 2.16.0 or later."
}
]
}

Related MCP server: mcp-guardian

Usage โ€” step by step

  1. Install (Python 3.8+, stdlib only):

    pip install ledgermind
  2. Audit an LLM request log (JSONL or JSON array) for cost, tokens, and anomalies:

    ledgermind audit logs.jsonl

    Reports totals plus cost-by-model and cost-by-API-key breakdowns.

  3. Override pricing and tune anomaly sensitivity:

    ledgermind audit logs.jsonl --pricing custom_pricing.json --mad-threshold 3.0

    (--pricing is merged over the built-in defaults; --mad-threshold is the modified z-score cutoff.)

  4. Read the output as JSON:

    ledgermind audit logs.jsonl --format json | jq '.total_cost_usd, .anomalies[]'
  5. Gate CI / cron on spend anomalies โ€” exit 2 when any anomaly is detected:

    ledgermind audit logs.jsonl --fail-on-anomaly || echo "LLM spend anomaly detected"

Contents

Why ledgermind?

Local LLM cost & token forensics proxy with anomaly detection โ€” without standing up heavyweight infrastructure.

ledgermind is single-purpose, scriptable, and self-hostable: point it at a target, get prioritized results in the format your workflow already speaks (table ยท JSON ยท SARIF), gate CI on it, and let agents drive it over MCP.

Features

  • โœ… Price Call

  • โœ… Load Events

  • โœ… Detect Anomalies

  • โœ… Build Report

  • โœ… Runs on Linux/macOS/Windows ยท Docker ยท devcontainer

  • โœ… Ports in Python, JavaScript, Go, and Rust (ports/)

Quick start

pip install cognis-ledgermind
ledgermind --version
ledgermind scan .                       # scan current project
ledgermind scan . --format json         # machine-readable
ledgermind scan . --fail-on high        # CI gate (non-zero exit)

Example

$ ledgermind scan .
  [HIGH    ] LED-001  example finding             (./src/app.py)
  [MEDIUM  ] LED-002  another signal              (./config.yaml)

  2 findings ยท risk score 5 ยท 38ms

Architecture

flowchart LR
  IN[addresses + transactions] --> P[ledgermind<br/>cluster + trace]
  P --> OUT[sanctions xref / report]

Use it from any AI stack

ledgermind is interoperable with every popular way of using AI:

  • MCP server โ€” ledgermind mcp (Claude Desktop, Cursor, Cognis.Studio, uncensored-fleet)

  • OpenAI-compatible / JSON โ€” pipe ledgermind scan . --format json into any agent or LLM

  • LangChain ยท CrewAI ยท AutoGen ยท LlamaIndex โ€” wrap the CLI/JSON as a tool in one line

  • CI / scripts โ€” exit codes + SARIF for non-AI pipelines

How it compares

Cognis ledgermind

BerriAI

Self-hostable, no account

โœ…

varies

Single command, zero config

โœ…

โš ๏ธ

JSON + SARIF for CI

โœ…

varies

MCP-native (AI agents)

โœ…

โŒ

Polyglot ports (JS/Go/Rust)

โœ…

โŒ

Open license

โœ… COCL

varies

Built in the spirit of BerriAI/litellm, re-framed the Cognis way. Missing a credit? Open a PR.

Integrations

Pipes into your stack: SARIF for code-scanning, JSON for anything, an MCP server (ledgermind mcp) for AI agents, and a webhook forwarder for SIEM/Slack/Jira. See docs/INTEGRATIONS.md.

Install โ€” every way, every platform

pip install "git+https://github.com/cognis-digital/ledgermind.git"    # pip (works today)
pipx install "git+https://github.com/cognis-digital/ledgermind.git"   # isolated CLI
uv tool install "git+https://github.com/cognis-digital/ledgermind.git" # uv
pip install cognis-ledgermind                                          # PyPI (when published)
docker run --rm ghcr.io/cognis-digital/ledgermind:latest --help        # Docker
brew install cognis-digital/tap/ledgermind                             # Homebrew tap
curl -fsSL https://raw.githubusercontent.com/cognis-digital/ledgermind/main/install.sh | sh

Linux

macOS

Windows

Docker

Cloud

scripts/setup-linux.sh

scripts/setup-macos.sh

scripts/setup-windows.ps1

docker run ghcr.io/cognis-digital/ledgermind

DEPLOY.md (AWS/Azure/GCP/k8s)

  • aegis โ€” AI Agent Permission & Access Auditor โ€” surfaces the lethal trifecta of credentials + injection + reach

  • promptmirror โ€” Prompt-injection & indirect-injection scanner for any LLM context input

  • adversa โ€” LLM red-team harness โ€” OWASP LLM Top 10 + MITRE ATLAS attack packs

  • guardpost โ€” Runtime agent firewall โ€” PII redaction, rate limits, policy enforcement

  • hallumark โ€” LLM hallucination & grounding auditor for RAG systems

  • aicard โ€” Auto-generated NIST AI RMF / EU AI Act Annex IV model & system cards

Explore the suite โ†’ ๐Ÿ—‚๏ธ all 170+ tools ยท โญ awesome-cognis ยท ๐Ÿ”— cognis-sources ยท ๐Ÿค– uncensored-fleet ยท ๐Ÿง  engram

Contributing

PRs, new rules, and demo scenarios are welcome under the collaboration-pull model โ€” see CONTRIBUTING.md and SECURITY.md.

โญ If ledgermind saved you time, star it โ€” it genuinely helps others find it.

Interoperability

{} composes with the 300+ tool Cognis suite โ€” JSON in/out and a shared OpenAI-compatible /v1 backbone. See INTEROP.md for the suite map, composition patterns, and reference stacks.

License

Source-available under the Cognis Open Collaboration License (COCL) v1.0 โ€” free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license (licensing@cognis.digital). See LICENSE.


F
license - not found
-
quality - not tested
B
maintenance

Maintenance

โ€“Maintainers
โ€“Response time
โ€“Release cycle
โ€“Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cognis-digital/ledgermind'

If you have feedback or need assistance with the MCP directory API, please join our Discord server