Last updated
March 16, 2026
MCP profile
Bulwark
AI agent governance: content scanning, audit logs, policy evaluation, session management.
Security & IdentityPackageociOpen SourceExternal
Visibility
Public
ByRegistry
About This MCP Server
Bulwark sits between AI agents and external tools, enforcing policies, managing credentials, inspecting content, and maintaining a complete audit trail. One policy governs all your agents — Claude Code, OpenClaw, Codex, or any MCP/HTTP client.
Capabilities
Policy enforcement — YAML-based rules control which tools agents can use, with glob patterns, scope-based precedence, and hot-reloadCredential management — Agents never see real secrets. Bulwark injects credentials at the last mile, encrypted at rest with ageContent inspection — Scan requests and responses for secrets, PII, and prompt injection. Block or redact automaticallyAudit logging — Every action recorded in a tamper-evident SQLite database with blake3 hash chainsRate limiting — Token-bucket rate limits per session, operator, tool, or globally. Cost tracking with budget enforcementMCP-native — Works as an MCP gateway or HTTP forward proxy. Governance metadata on every tool call response
What Problems It Solves
- Start Claude Code. GitHub tools appear namespaced as github__list_issues, github__create_issue, etc.
- > "List the open issues in my repo"
- Open a second terminal:
- Every call is logged with the verdict, matched rule, and timing. Now try something destructive:
- Blocked. Sub-millisecond — policy evaluation happens in memory. The agent gets a structured error explaining which rule denied it.
Why Use Bulwark?
- Policy enforcement — YAML-based rules control which tools agents can use, with glob patterns, scope-based precedence, and hot-reload
- Credential management — Agents never see real secrets. Bulwark injects credentials at the last mile, encrypted at rest with age
- Content inspection — Scan requests and responses for secrets, PII, and prompt injection. Block or redact automatically
- Audit logging — Every action recorded in a tamper-evident SQLite database with blake3 hash chains
- Rate limiting — Token-bucket rate limits per session, operator, tool, or globally. Cost tracking with budget enforcement
- MCP-native — Works as an MCP gateway or HTTP forward proxy. Governance metadata on every tool call response
Specifications
Status
live
Industry
Security & Identity
Category
General
Server type
Package
Language
oci
License
Open Source
Verified
Yes
Hosting
Hosting Options
- Package
API
Integrate this server into your application. Choose a connection method below.
1
Install
Install command
oci
brew install bpolania/tap/bulwarkPerformance
Usage
Quick Reference
- Name
- Bulwark
- Function
- AI agent governance: content scanning, audit logs, policy evaluation, session management.
- Transport
- Package
- Language
- oci
- Install
- brew install bpolania/tap/bulwark
- Source
- External (Registry)
- License
- Open Source
Get started
Ready to integrate this MCP server?
Book a demo to see how this server fits your workflow, or explore the full catalog.