Mcp Server

Runtime authority for AI agents: credential mediation, spend cap, approval gates, audit log.

Marchward MCP Server is a runtime authority layer for AI agents, published on npm as @marchward/mcp-server (version 0.2.4). It is designed to sit between an AI agent and the resources or APIs it calls, enforcing controls that keep agent behavior within defined boundaries.

The server addresses four specific concerns. Credential mediation means the agent does not hold raw API keys directly; instead Marchward brokers those credentials at runtime, reducing the risk of key exposure in agent-generated outputs or logs. Spend caps allow operators to place an upper limit on resource or financial consumption, so a runaway agent cannot exhaust a budget before a human intervenes. Approval gates introduce human-in-the-loop checkpoints at defined decision points, requiring explicit sign-off before an agent proceeds with consequential actions. The audit log records agent activity so operators can review what happened, when, and under what authorization.

Configuration requires two environment variables: MARCHWARD_API_URL, pointing to the Marchward service endpoint, and MARCHWARD_API_KEY, supplying the authentication credential for that service. The server communicates over stdio transport, meaning it integrates with MCP-compatible agent runtimes that support that channel.

No tools are exposed directly to the agent through this server; its value is the policy enforcement and governance layer it provides rather than a set of callable functions. This server is not a database connector, not a code execution environment, and not a search or retrieval tool.

Use cases

  • Enforce spend caps on an AI agent that calls paid third-party APIs to prevent runaway costs
  • Broker credentials so an agent runtime never receives raw API keys directly
  • Add approval gates requiring human sign-off before an agent takes irreversible actions
  • Maintain a tamper-evident audit log of all actions taken by an AI agent during a session
  • Centrally manage runtime authorization policies across multiple AI agents from one Marchward endpoint

When to use it

  • When an AI agent interacts with paid APIs and needs a hard spend limit enforced at runtime
  • When compliance or security policy requires an audit trail of all agent actions
  • When human-in-the-loop approval is required before an agent executes consequential operations
  • When credentials must be brokered rather than embedded directly in agent configuration
  • When deploying agents via an MCP-compatible runtime that supports stdio transport

When not to use it

  • When the agent runtime does not support stdio transport
  • When no Marchward service endpoint (MARCHWARD_API_URL) is available, as the server requires it to function
  • When the use case requires the MCP server to expose callable tools to the agent — this server provides none
  • When a lightweight local-only solution is needed with no dependency on an external Marchward API service