Documentation

Install, connect, and run HydraSentry

HydraSentry secures the memory layer before your agent acts. Install the MCP server, point your client at it, optionally bring your own model key, and every risky retrieval is scored, blocked, and certified. Everything below is real and copy-ready.

01

Install

HydraSentry ships as a stdio MCP server. Install it from PyPI with pip (Python 3.11+):

INSTALL THE MCP SERVER
pip install hydrasentry-mcp
02

Connect your agent

Point any MCP-compatible client (Claude Desktop, Cursor, your own runtime) at the installed server by adding it to your MCP client config. No account, no sign-in, no key to mint.

ADD TO YOUR MCP CLIENT CONFIG
{
  "mcpServers": {
    "hydrasentry": {
      "command": "hydrasentry-mcp"
    }
  }
}

Restart your MCP client. From then on, every risky memory your agent retrieves is scored, certified, and lands in the public incident console. Open the console to watch findings arrive.

03

The 7 MCP tools

The gateway exposes a fixed surface of seven tools. The read tools run unauthenticated; the write tools require the shared MCP secret, so a poisoned skill can never quarantine memory or schedule scans on its own. This is the firewall: the unsafe action is gated before your agent can fire it.

scan_contextreadRun a context-integrity scenario and return the risk result.
replay_attackwriteReplay a poisoning attack scenario end to end.
verify_skillwriteStatically scan a SkillMake SKILL.md for unsafe instructions.
quarantine_memorywriteQuarantine a poisoned memory chunk in an owned tenant.
generate_reportwriteGenerate a Markdown finding report for a run.
schedule_scanwriteSchedule a simulated future regression scan by name.
list_findingsreadList recorded findings.
04

Bring your own model key (optional)

By default, real runs use the platform model. To run against your own model and key instead, open Settings and paste a provider key. It is stored only in your browser's localStorage and sent per-request on a run; it is never persisted on our backend. Grab a key from your provider:

05

Usage

The fastest way to see HydraSentry work is the live attack on the homepage: it replays the same task on clean vs poisoned context, traces the taint through the memory graph, blocks the unsafe action through MCP, and seals the block into a Memory Integrity Certificate. Then explore the cockpit:

  • Context Graph - run a live HydraDB query_paths traversal and inspect the tainted path
  • MCP Gateway - call the seven tools and watch the firewall gate the write tools
  • OWASP ASI Top-10 - the self-verified coverage map, recomputed against the running code
  • Results Center - the finding, the certificate, and the downloadable evidence report
06

Public API

Every value-path surface is backed by a public endpoint you can call directly. The live backend base URL is:

BACKEND BASE URL
https://backend-three-puce-75.vercel.app
POST/runs/judge-demoThe canonical poisoned-memory run. Returns the 87 / HIGH / BLOCK artifact.
POST/runs/realA genuine run: live model baseline vs poisoned answers + a computed risk score and band.
POST/graph/real-queryA live HydraDB query_paths traversal of the poisoned tenant; returns the real graph.
GET/standards/asi06The self-verified OWASP ASI06 (Memory Poisoning) control mapping.
GET/mcp/manifestThe MCP server manifest: the seven tools and the resources they expose.

The full MCP tool surface is also reachable over HTTP under /mcp/* (one route per tool); the write tools require the X-MCP-Secret header.

Run the live attackOpen the console