Iron Cannon
БесплатноНе проверенAn MCP-powered compliance copilot for SaaS stacks, enabling structured audit workflows including stack detection, module wiremapping, implementation directives,
Описание
An MCP-powered compliance copilot for SaaS stacks, enabling structured audit workflows including stack detection, module wiremapping, implementation directives, code verification, and security/infrastructure/legal readiness gates.
README
An MCP-powered compliance copilot for SaaS stacks — especially Next.js / Cloudflare Workers + D1 + Stripe + Resend.
Iron Cannon gives AI agents (and humans) a structured audit workflow: detect the stack, generate a module wiremap, ship implementation directives, verify code patterns, and gate production / infrastructure / legal readiness. It runs locally as a Cloudflare Worker dev server and exposes tools over the Model Context Protocol (HTTP JSON-RPC).
Portfolio note: This project was dogfooded on real Cloudflare + Stripe apps but is paused before production SaaS launch. It is a strong demonstration of MCP tool design, rules engines, and agent guardrails — not a hosted compliance certification product.
What it does
| Tier | Tools | Purpose |
|---|---|---|
| Pro | T01–T08 | Stack discovery, wiremap, module directives, snippet verification, drift & recovery |
| Armor | T09–T11 | Security surfaces, infra checklists (cache, rate limits, stress testing) |
| IronClad | T12–T14 | Legal obligation map + spot-check verification |
Design philosophy: Iron Cannon is two modes in one product:
- Copilot — rich checklists and sequencing (high trust)
- Judge — pass/fail gates only after deliberate code snippets and verified modules (medium trust)
Architecture
┌─────────────────┐ HTTP /mcp ┌──────────────────────┐
│ Cursor / CLI │ ◄──────────────► │ apps/mcp-worker │
│ (MCP client) │ JSON-RPC 2.0 │ (Cloudflare Worker) │
└─────────────────┘ └──────────┬───────────┘
│
┌──────────▼───────────┐
│ @ironcannon/mcp-core │
│ T01–T14 tool runtime │
└──────────┬───────────┘
│
┌─────────────────────────────────┼─────────────────────────┐
│ │ │
@ironcannon/compose @ironcannon/compare @ironcannon/verify
(tier redaction) (pattern matching) (stack completeness)
Rules engine data lives under docs/engine/ as JSON specimens (fixtures, obligations, catalogs). npm run build:worker-bundle packs them into packages/mcp-core/src/generated/ for the Worker.
Quick start (local MCP)
Prerequisites
- Node.js 20+
- npm
1. Install & build
git clone https://github.com/DillonRich/Iron_Cannon.git
cd Iron_Cannon
npm install
npm run build:worker-bundle
2. Verify the engine
npm run g2:audit # package + smoke tests (HTTP optional)
npm run portfolio:preflight # scan for accidental live secrets
3. Start the MCP server
npm run ironcannon:serve
Server listens at http://127.0.0.1:8787 (/health, /mcp, /tools).
4. Connect Cursor (or any MCP client)
Copy mcp-config.example.json into your Cursor MCP settings and adjust paths per Cursor docs. Use one server URL with different x-ironcannon-tier headers (pro, armor, ironclad).
Toggle the MCP server off/on after starting ironcannon:serve.
CLI workflows
# Audit an external project (T01–T03 local, prints wiremapAttestation)
npm run ironcannon -- audit "C:/path/to/your-app"
# Golden path smoke (reference app)
npm run ironcannon -- ref-stack
npm run ironcannon -- ref-golden
# Full tiered harness (Pro → Armor → IronClad)
npm run ironcannon -- full
# Dogfood bundle: audit + fixture regression + MCP envelope test
npm run ironcannon:dogfood -- "C:/path/to/your-app"
# Single module verify
npm run ironcannon -- verify M12-stripe-webhook ./path/to/snippet.ts
Set tier: IRON_CANNON_TIER=armor npm run ironcannon -- ...
Agent workflow (summary)
- T01
analyze_project_stack— detect frontend, compute, DB, Stripe/Resend - T02
validate_stack_completeness— missing secrets / config hints - T03
generate_system_wiremap— module chain +wiremapAttestationtoken - T04
get_module_directives— per-module implementation guidance (+snippetHintfor verify-heavy modules) - T05
verify_module_compliance— must pass real code snippets (notAuditedif empty) - Armor: T09–T11 security + infrastructure gates
- IronClad: T12–T14 legal obligation map (T13 optional snippet verify)
Pass wiremapAttestation from T03 on all T04/T05/T11 calls.
Project layout
| Path | Description |
|---|---|
packages/mcp-core/ |
Core MCP tool runtime (T01–T14) |
packages/compose/ |
Tier-based response redaction |
packages/compare/ |
Pattern / obligation compare engine |
packages/verify/ |
Stack completeness checks |
apps/mcp-worker/ |
Cloudflare Worker HTTP surface |
scripts/ |
CLI (ironcannon.mjs), build, test harnesses |
docs/engine/ |
Rules JSON, fixtures, obligation index (not markdown) |
examples/golden-reference-app/ |
Minimal reference stack for T01–T05 |
Testing
npm run g2:audit # recommended smoke gate
npm run planning:guardian-retest # pattern equivalence fixtures
npm run g2:golden-full # full Pro + Armor + IronClad path
npm run planning:user-journey # 121 behavioral scenarios (slower)
Known limitations (honest)
- Stack coverage is strongest for Cloudflare Workers/Pages + Stripe + Resend — not universal.
- T05 / T11 judge mode requires deliberate snippets and
verifiedModules— not unattended certification. - Hosted deploy (Cloudflare production, D1 platform DB, Vectorize) is scaffolded but not required for local MCP.
- Legal (IronClad) outputs checklists and heuristics — not legal advice.
Security
See SECURITY.md. Dev-only API keys in docs/engine/phase1/fixtures/api-keys.dev.json are fake local tokens (ic_dev_*). Do not commit real .env files.
License
GNU AGPL v3 — see LICENSE. You may run this locally for audits and contribute improvements; if you offer this software as a network service, AGPL copyleft applies.
Author
Built as a portfolio project demonstrating MCP server design, structured agent guardrails, and compliance-oriented tooling for modern SaaS infrastructure.
Установка Iron Cannon
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/DillonRich/Iron_CannonFAQ
Iron Cannon MCP бесплатный?
Да, Iron Cannon MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Iron Cannon?
Нет, Iron Cannon работает без API-ключей и переменных окружения.
Iron Cannon — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Iron Cannon в Claude Desktop, Claude Code или Cursor?
Открой Iron Cannon на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Iron Cannon with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
