AxioRank Agent Verification =========================== Verify the AI agents that reach your Backdrop site's login, admin, search, AJAX, XML-RPC, and API endpoints, and challenge or block the ones that fail. Monitor…
AxioRank Agent Verification
===========================
Verify the AI agents that reach your Backdrop site's login, admin, search,
AJAX, XML-RPC, and API endpoints, and challenge or block the ones that fail.
Monitor and enforce modes, in-admin rule management, fail-open by design.
A thin client of the AxioRank inbound verify endpoint:
each protected request is forwarded as one authenticated POST to/api/gateway/verify-request and the verdict is applied in Backdrop. There is
no local model to run and no SDK to bundle. It is the Backdrop counterpart of
the AxioRank WordPress plugin and Drupal module.
Requirements
------------
This module has no dependencies beyond Backdrop core. To use it you need a free
AxioRank account (https://axiorank.com) and a website-surface site key
(axr_site_...). For the in-admin Agents page, the site key also needs the
management scope.
Installation
------------
- Install this module using the official Backdrop CMS instructions at
- Register a website surface in AxioRank and copy its site key.
- Visit the configuration page under Administration > Configuration >
$settings['axiorank_site_key'] = 'axr_site_...';
- Use Test connection to confirm AxioRank is reachable. Watch the verdicts in
Manage agent rules
------------------
The Agents tab (admin/config/services/axiorank/agents) reads and writes your
surface's real AxioRank inbound rules through a site-key-scoped API: set the
surface posture and add allow, challenge, or block rules per agent, category,
verification status, or risk, without leaving Backdrop. This needs a site key
with the management scope.
An API verifier, not a cached-page crawler blocker
--------------------------------------------------
hook_init does not run on fully page-cached requests, which are served before
Backdrop bootstraps. That is by design: this module governs the surface that
actually reaches PHP, your login, admin, search, AJAX, XML-RPC, and API
endpoints, plus any signed or bot-like request. To challenge crawlers on cached
pages, verify at the edge in front of the cache.
Issues
------
Bugs and feature requests should be reported in the
Issue Queue.
Current Maintainers
-------------------
- Tejaswi Suresh, for AxioRank.
- Seeking additional maintainers.
- Written and maintained by AxioRank, the security
License
-------
This project is GPL v2 software.
See the LICENSE.txt file in this directory for complete text.
-
agent-commerce-conformance
Open spec + reference verifier for Agent Commerce Conformance: prove an AI agent's purchase stayed within the user's signed mandate, verifiable offline. Zero-dep, MIT.
TypeScript ★ 1 14d agoExplain → -
mcpaudit
Scan any MCP server for prompt injection, tool poisoning, and leaked secrets. One command, no key. SARIF + GitHub Action.
TypeScript ★ 1 23d agoExplain → -
axiorank
Verify the AI agents that reach your Backdrop CMS login, admin, search, AJAX, XML-RPC, and API endpoints. Monitor and enforce modes, in-admin rule management, fail-open. The Backdrop counterpart of the AxioRank WordPress plugin and Drupal module.
PHP ★ 0 1d agoExplain → -
n8n-nodes-axiorank
AxioRank nodes for n8n: trigger on AI agent security events and act on them (approve or deny holds, quarantine agents, update alerts and incidents).
TypeScript ★ 0 3d agoExplain → -
gateway
The security gateway for AI agents. One local, OpenAI-compatible endpoint for every model provider, with guardrails on by default and a signed, offline-verifiable receipt on every response.
TypeScript ★ 0 6d agoExplain → -
grok-plugin
Govern your Grok coding agent: block destructive commands, secret exfiltration, and prompt-injected tool results locally and offline, then mint a signed Coding Session Seal. Install: grok plugin marketplace add AxioRank/grok-plugin
JavaScript ★ 0 8d agoExplain → -
agent-security-gateway
Open spec for the Agent Security Gateway (AGS-1): the five gates every agent action passes through (identity, policy, inspection, audit, proof), plus the reference proof artifact. Verifiable offline.
★ 0 10d agoExplain → -
claude-plugin
Govern your Claude Code agent: block destructive commands, secret exfiltration, and prompt-injected tool results locally and offline, then mint a signed Coding Session Seal. /plugin marketplace add AxioRank/claude-plugin
JavaScript ★ 0 12d agoExplain → -
codex-plugin
Govern your Codex agent: block destructive commands, secret exfiltration, and prompt-injected tool results locally and offline, then mint a signed Coding Session Seal. Install: codex plugin marketplace add AxioRank/codex-plugin
JavaScript ★ 0 12d agoExplain → -
cursor-plugin
Govern your Cursor agent: block destructive commands, secret exfiltration, and prompt-injected tool results locally and offline, then mint a signed Coding Session Seal.
JavaScript ★ 0 12d agoExplain → -
claude-plugins
Zero-Trust security plugin for Claude Code from AxioRank. Catch leaked secrets, prompt injection, PII, and destructive tool calls. No key required.
JavaScript ★ 0 27d agoExplain → -
enforcement-benchmark
Published, reproducible evidence behind the AxioRank enforcement benchmark (indirect-prompt-injection). Harness + corpora + raw verdicts + model adjudication transcripts.
Python ★ 0 27d agoExplain →
No repos match these filters.