UNWIND

Your agent can read email, write files, send messages, and call APIs. Do you know what it did while you were away?

See Everything. Rewind File Changes. Test Without Consequences.

UNWIND is a security layer for AI agents. Install it once, and every real-world action your agent takes — file writes, API calls, shell commands — is monitored, checked, and recorded. If something goes wrong, you'll know. If it changes a file, you can rewind it in one click.

Check on your agent from your phone. Green light means everything's fine. Amber means something needs your attention. Red means something was blocked.

No AI in the security path. Your agent doesn't know UNWIND exists.

Install

OpenClaw users — tell your agent:

Install the UNWIND security engine with pip install unwind-mcp, then install the experimental OpenClaw adapter from this repo with openclaw plugins install ./openclaw-adapter. Restart the gateway when done.

Or manually:

pip install unwind-mcp
openclaw plugins install ./openclaw-adapter

Just want to watch first? Ghost Mode shows you what your agent would do, without letting it do anything:

pip install ghostmode
ghostmode -- npx @modelcontextprotocol/server-filesystem ~/Documents

MCP clients (Claude Desktop, Cursor, Windsurf, VS Code):

pip install unwind-mcp
unwind serve -- npx @modelcontextprotocol/server-filesystem ~/Documents

Point your client at UNWIND instead of the upstream server. The agent doesn't know it's there.

Related MCP server: ZugaShield

What You Get

• Trust Light — a green, amber, or red indicator that tells you at a glance whether your agent is operating normally. Check it from your phone.

• Timeline — every action your agent took, when, and whether it was allowed. Expandable detail on each event. Scroll through it on mobile.

• Rewind — before every file write, UNWIND takes a snapshot. Changed your mind? One click to restore.

• While You Were Away — a summary of what happened while you weren't watching, with anything that needs your attention highlighted.

• Ghost Mode — test untrusted tools or risky prompts without consequences. Your agent thinks it worked, but nothing real changed.

Advanced controls: trusted source rules for scheduled tasks, 15-stage deterministic pipeline, tamper-evident audit chain.

Dashboard

Open http://your-machine:9001 from any browser — including your phone.

unwind dashboard

See what your agent is doing now, review what happened while you were away, undo file changes, toggle Ghost Mode, and verify the audit chain — all from one mobile-friendly page.

Compatibility

One core engine, multiple adapters. UNWIND works with OpenClaw, standard MCP clients, and any agent framework that can route tool calls through a proxy or sidecar.

Compatibility matrix →

Packages

pip install unwind-mcp gives you everything — pipeline, dashboard, Ghost Mode, CRAFT chain, rewind, CLI. One install.

The standalone packages below are for people who want just one piece:

Architecture

UNWIND is built on a six-layer security model, from immediate enforcement to deep cryptographic attestation:

Full architecture → · Pipeline stages → · Threat model →

CLI

unwind serve -- <command>      MCP stdio proxy
unwind status                  Trust state + recent events
unwind log [--since TIME]      Event timeline
unwind verify                  Hash chain integrity check
unwind undo last|ID|--since    Rollback actions
unwind dashboard               Web UI
unwind ask "question"          Natural language query
unwind export json|html        Export events
unwind anchor                  Chain checkpoint
unwind tamper-check            Tamper detection report

CLI reference →

Development

git clone https://github.com/unwind-mcp/unwind
cd unwind
pip install -e ".[dev]"
pytest    # 1,859 tests

Contributing → · Security policy → · Changelog →

License

AGPL-3.0-or-later (Ghost Mode is MIT)

PyPI · Ghost Mode · CRAFT · Dashboard Demo · Architecture · Threat Model · Security Policy · Changelog