Zero Trust security middleware for AI Agents - JIT token vending, policy enforcement, and content moderation
Security Middleware for AI Agents - Zero Trust Architecture with JIT Token Vending
Molt Guard is a TypeScript library that acts as a security layer between AI agents and their tools. It implements a Zero Trust architecture where the agent never directly holds sensitive credentials - instead, it requests permission and receives ephemeral tokens just-in-time.
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│ │ │ │ │ │
│ AI Agent │─────▶│ Molt Guard │─────▶│ External APIs │
│ (OpenClaw) │ │ (Interceptor) │ │ (Stripe, AWS) │
│ │◀─────│ │◀─────│ │
└─────────────────┘ └─────────────────┘ └─────────────────┘
│
│
▼
┌───────────────────────┐
│ │
│ Guard Server │
│ (The Brain) │
│ │
│ • Policy Engine │
│ • Content Moderation │
│ • Token Vending │
│ • Audit Logging │
│ │
└───────────────────────┘
npm install molt-guard
import { guard } from 'molt-guard';
// 1. Initialize the guard
await guard.init();
// 2. Protect your tools
const protectedTools = guard.protectAll(myToolsList);
// 3. Use them normally - they're secured!
await protectedTools.stripe.charge({ amount: 1000 });
Every tool call is converted into a GuardRequest:
interface GuardRequest {
intent: string; // Human-readable intent
toolName: string; // Name of the tool being called
parameters: object; // Arguments to the tool
metadata: {
userId: string;
budgetUsed: number;
userRole?: UserRole;
cost?: number;
};
}
The Guard Server responds with a decision:
interface GuardResponse {
decision: 'ALLOW' | 'DENY' | 'FLAG';
jitToken?: JitToken; // Ephemeral credential if allowed
moderationNotes: string; // Explanation of the decision
decisionId: string; // For audit trail
}
Just-In-Time tokens are ephemeral credentials:
interface JitToken {
token: string;
type: 'AWS' | 'STRIPE' | 'MOLTBOOK';
expiresAt: number;
scopes?: string[];
// AWS-specific fields
accessKeyId?: string;
secretAccessKey?: string;
sessionToken?: string;
}
import { guard } from 'molt-guard';
await guard.init();
const stripeApi = {
charge: async (params) => { /* ... */ },
refund: async (params) => { /* ... */ },
};
// Wrap with security
const securedStripe = guard.protect(stripeApi, 'financial_policy');
// Set user context
guard.setContext({
userId: 'user_123',
userRole: UserRole.ADMIN,
});
// Use normally - Guard intercepts and validates
await securedStripe.charge({ amount: 1000 });
import { Protected } from 'molt-guard';
class PaymentService {
@Protected('financial_policy')
async processPayment(amount: number): Promise<void> {
// Implementation
}
}
await guard.init({
policy: {
strictMode: true,
budget: {
dailyLimit: 500,
perRequestLimit: 50,
},
moderation: {
detectPii: true,
analyzeSentiment: true,
minSentimentScore: 0, // Only positive content
},
},
});
const awsToken = await guard.vendToken(ServiceType.AWS, {
userId: 'user_123',
toolName: 'deploy_lambda',
intent: 'Deploy new function',
});
// Use the temporary credentials
const s3Client = new S3Client({
credentials: {
accessKeyId: awsToken.accessKeyId!,
secretAccessKey: awsToken.secretAccessKey!,
sessionToken: awsToken.sessionToken!,
},
});
stripe.charge()stripe.charge() arguments and executesPolicies are defined in JSON:
{
"version": "1.0.0",
"strictMode": false,
"budget": {
"dailyLimit": 1000,
"perRequestLimit": 100
},
"moderation": {
"detectPii": true,
"detectOffensive": true,
"analyzeSentiment": true
},
"rules": [
{
"id": "rule-001",
"name": "Block negative posts",
"targetTools": ["post_to_moltbook"],
"conditions": [],
"action": {
"decision": "ALLOW",
"requireModeration": true
}
}
],
"allowlistedTools": ["read_file", "search_web"],
"denylistedTools": ["delete_all", "format_disk"]
}
# Guard configuration
MOLT_GUARD_JWT_SECRET=your-secure-secret
MOLT_GUARD_API_KEY=your-api-key
# AWS (for JIT token vending)
AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...
MOLT_GUARD_AWS_ROLE_ARN=arn:aws:iam::123456789012:role/AgentRole
# Stripe
STRIPE_SECRET_KEY=sk_live_...
# Moltbook
MOLTBOOK_API_KEY=...
MOLTBOOK_APP_ID=...
guard.init(options?)Initialize the Molt Guard system.
guard.protect(tool, policyName?)Wrap a single tool with security checks.
guard.protectAll(tools, policyName?)Wrap multiple tools at once.
guard.setContext(context)Set the current user/session context.
guard.evaluate(request)Directly evaluate a GuardRequest.
guard.vendToken(service, context)Vend a JIT token for a service.
guard.updatePolicy(policy)Dynamically update the policy.
MIT
FAQs
Zero Trust security middleware for AI Agents - JIT token vending, policy enforcement, and content moderation
We found that molt-guard demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
OpenAI rotated macOS signing certificates after a malicious Axios package reached its CI pipeline in a broader software supply chain attack.
Security News
Open source is under attack because of how much value it creates. It has been the foundation of every major software innovation for the last three decades. This is not the time to walk away from it.
Security News
Socket CEO Feross Aboukhadijeh breaks down how North Korea hijacked Axios and what it means for the future of software supply chain security.