runtime-guard
OfficialServer Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| AIRG_AGENT_ID | No | Agent identifier used for per-agent policy overrides (e.g., 'claude-desktop'). | |
| AIRG_LOG_PATH | No | Absolute path to the activity.log file where allowed and blocked actions are recorded. | |
| AIRG_WORKSPACE | Yes | Absolute path to the default project root for agent operations. Command execution and file tools are scoped to this directory by default. | |
| AIRG_POLICY_PATH | Yes | Absolute path to the policy.json configuration file. | |
| AIRG_SERVER_COMMAND | No | Absolute path to the airg-server executable. | |
| AIRG_REPORTS_DB_PATH | No | Absolute path to the reports.db database file used for the dashboard and event logs. | |
| AIRG_APPROVAL_DB_PATH | No | Absolute path to the approvals.db database file used for human-in-the-loop workflows. | |
| AIRG_APPROVAL_HMAC_KEY_PATH | No | Absolute path to the HMAC key file used for verifying the approvals database. |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {
"listChanged": false
} |
| resources | {
"subscribe": false,
"listChanged": false
} |
| experimental | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| server_infoA | Return runtime identity details for this AIRG server instance. Includes build id, active workspace root, and resolved base directory. |
| restore_backupC | Restore files from a recorded AIRG backup manifest. Supports dry-run planning and token-gated apply mode when restore confirmation is required by policy. |
| execute_commandA | Execute a shell command after full AIRG policy and approval checks. The command is evaluated against network/workspace containment, command-tier policy, Script Sentinel continuity checks, and optional confirmation gates before execution. |
| read_fileB | Read a text file from the workspace after path-policy enforcement. |
| write_fileB | Write full file content with policy checks, logging, and backup support. |
| edit_fileC | Apply targeted text replacements in an existing file with backups. |
| delete_fileB | Delete a single file after policy checks and optional pre-delete backup. |
| list_directoryB | List directory entries with metadata, honoring path and depth policy. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/runtimeguard/runtime-guard'
If you have feedback or need assistance with the MCP directory API, please join our Discord server