Tork is AI agent governance middleware that sits between AI agents and the tools they call. It scans every interaction for PII, enforces configurable policies, and generates cryptographic compliance receipts.

Does Tork work with MCP?

Yes. Tork provides 48 MCP governance tools and a published MCP server that works with Claude, Cursor, Windsurf, and any MCP-compatible client.

What AI frameworks does Tork support?

Tork supports 116+ framework adapters including LangChain, CrewAI, AutoGen, OpenAI Agents, LlamaIndex, Semantic Kernel, Haystack, and more across 11 programming languages.

How much latency does Tork add?

Tork adds approximately 20ms per governance check via the cloud API. PII detection runs locally at sub-millisecond speeds via the Gravity Field engine.

How does Tork detect PII?

Tork detects 50+ PII types including emails, phone numbers, SSNs, credit cards, Medicare numbers, and regional formats across 13 countries. Detection uses a hybrid regex + NER approach running locally with sub-millisecond latency. Detected PII is redacted before reaching AI models.

Yes. Tork's core SDK is MIT licensed and available on GitHub. The open source core includes policy enforcement, PII detection, and local audit logs. Tork Cloud adds centralised dashboards, team management, SSO, and enterprise features.

How do I install Tork?

Install via your language's package manager: pip install tork (Python), npm install @tork-network/tork-js (JavaScript), go get github.com/torkjacobs/tork-go-sdk (Go), gem install tork-ruby (Ruby), cargo add tork-rust (Rust). Add 3 lines of code to start governing your AI agents.

Docs/CLI Tool

Command Line Interface

Tork CLI Tool

Scan MCP configurations for security vulnerabilities, validate policies, and integrate governance checks into your CI/CD pipelines.

Security Scanning

Detect vulnerabilities in configs

Policy Validation

Validate governance policies

Multiple Formats

Text, JSON, SARIF output

CI/CD Ready

GitHub Actions, GitLab CI

Installation

Install the Tork CLI from PyPI.

bash

# Install from PyPI
pip install tork-governance

# Verify installation
tork version

The CLI is included with the tork-governance package.

Available Commands

Command	Description
tork scan	Scan files/directories for security vulnerabilities
tork policy	Validate governance policies
tork init	Initialize a new policy directory with templates
tork version	Display version information

tork scan

Scan MCP configurations for security vulnerabilities.

Options

-o, --output	Output format: text, json, sarif (default: text)
-s, --severity	Minimum severity: critical, high, medium, low, info
-v, --verbose	Enable verbose output with recommendations

bash

# Scan a single configuration file
tork scan config/mcp.json

# Scan with verbose output
tork scan config/mcp.json --verbose

# Scan and output as JSON
tork scan config/mcp.json --output json

# Scan with minimum severity filter
tork scan config/mcp.json --severity high

Exit Codes

Exits with code 1 if critical or high severity findings are detected. Use this for CI/CD gates.

Output Formats

Choose the output format that fits your workflow.

text

$ tork scan ./config/

╭─────────────────────────────────────╮
│ Tork MCP Security Scanner           │
╰─────────────────────────────────────╯

Files scanned: 3
Scan duration: 0.15s

config/mcp.json
  [HIGH] MCP001: Unrestricted file access (line 12)
  [MEDIUM] MCP003: Missing authentication config (line 24)

config/claude.json
  [CRITICAL] MCP002: Shell command execution enabled (line 8)
  [LOW] MCP005: Verbose logging enabled (line 15)

┏━━━━━━━━━━━┳━━━━━━━┓
┃ Severity  ┃ Count ┃
┡━━━━━━━━━━━╇━━━━━━━┩
│ CRITICAL  │     1 │
│ HIGH      │     1 │
│ MEDIUM    │     1 │
│ LOW       │     1 │
└───────────┴───────┘

Total findings: 4

tork policy

Validate governance policy files.

bash

# Validate policies in a directory
tork policy --policy ./policies/

# Validate with verbose output
tork policy --policy ./policies/ --verbose

# Example output:
# Tork Policy Validator
# Validating policies at: ./policies/
# Loaded 5 policies

tork init

Initialize a new policy directory with templates.

bash

# Initialize policy directory with templates
tork init

# Specify custom output directory
tork init --output ./my-policies/

# Creates directory structure:
# ./policies/
#   └── (add your YAML policy files here)

Programmatic Evaluation

Use the Python SDK for real-time content evaluation.

For runtime governance in your applications, use the GovernanceEngine directly.

pythonevaluate.py

# Using the Python SDK to evaluate content
from tork.core.engine import GovernanceEngine
from tork.core.models import EvaluationRequest

# Initialize engine with API key
engine = GovernanceEngine(api_key="your_tork_api_key")

# Evaluate content
request = EvaluationRequest(
    agent_id="my-agent",
    action="user_input",
    payload={"content": "My email is user@example.com"}
)

result = engine.evaluate(request)

print(f"Decision: {result.decision}")      # ALLOW, DENY, or REDACT
print(f"Violations: {result.violations}")  # List of policy violations
print(f"Modified: {result.modified_payload}")  # Redacted content if applicable

Batch Processing

Scan multiple projects or files programmatically.

bashbatch_scan.sh

#!/bin/bash
# batch_scan.sh - Scan multiple projects

PROJECTS=(
  "/path/to/project1"
  "/path/to/project2"
  "/path/to/project3"
)

for project in "${PROJECTS[@]}"; do
  echo "Scanning: $project"
  tork scan "$project" --output json > "$project/tork-results.json"

  if [ $? -eq 1 ]; then
    echo "  [FAIL] Critical/High findings detected"
  else
    echo "  [PASS] No critical issues"
  fi
done

CI/CD Integration

Integrate security scanning into your pipelines

yaml.github/workflows/security.yml

name: Tork Security Scan

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  security-scan:
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: '3.11'

      - name: Install Tork
        run: pip install tork-governance

      - name: Run Security Scan
        run: tork scan . --output sarif > results.sarif
        continue-on-error: true

      - name: Upload SARIF results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

      - name: Check for Critical Issues
        run: |
          tork scan . --severity high
          if [ $? -eq 1 ]; then
            echo "Critical or high severity issues found!"
            exit 1
          fi

Custom Security Rules

Extend the scanner with your own security rules.

Create custom rules by extending SecurityRule to detect organization-specific security issues.

pythoncustom_rules.py

from tork.scanner import MCPScanner, SecurityRule, ScanSeverity, ScanFinding
import re

# Define a custom security rule
class CustomAPIKeyRule(SecurityRule):
    """Detect exposed API keys in configuration files."""

    id = "CUSTOM001"
    severity = ScanSeverity.CRITICAL
    title = "Exposed API Key"
    description = "API key found in configuration file"
    recommendation = "Move API keys to environment variables or secrets manager"

    # Pattern to match common API key formats
    API_KEY_PATTERN = re.compile(
        r'(api[_-]?key|apikey|secret[_-]?key|auth[_-]?token)["'\s]*[:=]["'\s]*([a-zA-Z0-9_-]{20,})',
        re.IGNORECASE
    )

    def check(self, file_path: str, content: str) -> list[ScanFinding]:
        findings = []

        for i, line in enumerate(content.split("\n"), 1):
            if self.API_KEY_PATTERN.search(line):
                findings.append(ScanFinding(
                    rule_id=self.id,
                    severity=self.severity,
                    title=self.title,
                    description=f"Potential API key exposed in configuration",
                    file_path=file_path,
                    line_number=i,
                    recommendation=self.recommendation,
                ))

        return findings

# Use custom rules with scanner
from tork.scanner.mcp_rules import get_all_mcp_rules

custom_rules = get_all_mcp_rules() + [CustomAPIKeyRule()]
scanner = MCPScanner(rules=custom_rules)

result = scanner.scan_directory("./config/")

Severity Levels

CRITICALImmediate security risk. Blocks CI/CD pipelines.

HIGHSignificant vulnerability. Blocks CI/CD pipelines.

MEDIUMPotential security issue. Should be addressed.

LOWMinor concern. Consider addressing.

INFOInformational finding. Best practice suggestion.

Best Practices

Run scans on every PR

Catch security issues before they reach main branch.

Use SARIF for GitHub integration

Upload results to GitHub Code Scanning for inline annotations.

Set severity thresholds

Block merges on critical/high, warn on medium/low.

Add pre-commit hooks

Catch issues locally before pushing to remote.

Store scan results as artifacts

Keep historical records for compliance and auditing.

Next Steps

Configure policies in the dashboard and explore SDK integrations.

Python SDK MCP Tools Configure Policies

Documentation

Learn to integrate TORK

Upgrade Plan

Current: free

Support

Get help from our team