Helixar Security — Claude MCP Connector
Three agentic-AI security tools, exposed as a remote MCP server, listed in the Claude Connectors Directory.
| Tool | What it does |
|---|---|
helixar_inspect_mcp |
Scan an MCP server (URL or raw manifest JSON) against Sentinel detection rules. Returns risk score, findings, and a Claude-generated security brief. Quick mode is free + authless (top 8 rules). Deep mode runs all 26 rules with an API key. |
helixar_hdp_validate |
Validate an HDP delegation chain against IETF draft draft-helixar-hdp-agentic-delegation-00. Surfaces scope escalations, depth violations, expired hops, missing signatures. Every output cites the IETF draft + Zenodo DOI. |
helixar_triage_alert |
Triage a Vigil / ATP detection payload into a kill-chain stage (Preparation / Positioning / Expansion / Objective) with a Claude-generated narrative in your choice of executive, technical, or brief format. |
Quick start
npm install
npm test
npm run build
npm start # stdio MCP server
Add to Claude (custom connector)
The hosted server lives at https://mcp.helixar.ai. To use it before Anthropic lists it in the directory:
- Open Claude → Settings → Connectors → Add custom connector
- URL:
https://mcp.helixar.ai - Auth: OAuth 2.0 (Claude handles the flow)
- Save and refresh — the three tools appear in the tool picker.
For local development, point Claude Desktop at node /path/to/helixar-mcp/dist/server.js as a stdio server.
Architecture
- Language: TypeScript ESM (Node 20+)
- MCP SDK:
@modelcontextprotocol/sdk(official Anthropic) - Validation: Zod for tool input schemas
- Narration: Anthropic SDK with deterministic fallback when no API key is configured
- Hosting: Cloudflare Workers (
src/worker.ts, deployed tomcp.helixar.ai) - Auth: OAuth 2.0 + Dynamic Client Registration (required for directory listing)
Auth tiers
| Mode | Auth | Tools / scope | Purpose |
|---|---|---|---|
| Quick / public | none | inspect_mcp (top-8 rules), hdp_validate |
Maximum reach — zero-friction for community adoption |
| Authenticated | API key (OAuth2) | inspect_mcp deep mode (26 rules), triage_alert |
Pilot customers + paid tier |
Repository layout
src/
├── server.ts # MCP stdio entrypoint
├── worker.ts # Cloudflare Workers HTTP adapter (Phase 7)
├── lib/
│ ├── narrate.ts # Anthropic call + deterministic fallback
│ ├── sentinel-rules.ts # 26 Sentinel detection rules (top-8 quick + 18 deep)
│ ├── hdp-schema.ts # HDP chain types + 9 validation rules
│ └── vigil-parser.ts # Vigil/ATP payload normaliser + stage classifier
└── tools/
├── inspect-mcp.ts # helixar_inspect_mcp implementation
├── hdp-validate.ts # helixar_hdp_validate implementation
└── triage-alert.ts # helixar_triage_alert implementation
tests/
└── (mirrors src/)
IP protection
Per the implementation plan §6, internal detection methodology, Hunch Mode internals (IOB pipeline, weighted signals, anomaly scoring), Vigil sensor implementation, and exact thresholds are never exposed in this codebase. Public surface is rule IDs, severity buckets, public-safe detection categories, and remediation guidance only. CI includes a forbidden-symbol scan in lib/vigil-parser.ts to catch accidental leaks.
Links
- IETF draft:
draft-helixar-hdp-agentic-delegation-00 - Zenodo DOI:
10.5281/zenodo.19332023 - HDP SDK:
Helixar-AI/HDP - Sentinel checklist: https://checklist.helixar.ai
- Helixar: https://helixar.ai
License
Apache-2.0 — see LICENSE and NOTICE.
