OpenEdison logo

OpenEdison

Organization
Edison-Watch

🔐 Firewall Your Data, Control Agents. Prevent agent data exfiltration. Gain visibility into AI's interactions with your data / systems of record / existing software. https://discord.gg/tXjATaKgTV

PublisherEdison-Watch
Repositoryopen-edison
LanguageTypeScript
Forks
22
Stars
280
Available tools
0
Transport typestdio, streamable-http
Categories
Auth Security
LicenseGPL-3.0
Links
GitHubHomepage
  • Connect tools to AI workflows

    OpenEdison exposes MCP capabilities that can be used by compatible AI clients and agents.

  • 0 available tools

    Browse the callable actions below, including names and descriptions when provided by the server.

  • Ready-to-copy setup

    Use the installation snippets to configure this server in your preferred MCP client.

  • Open source signals

    280 stars and 22 forks from the linked repository.

OpenEdison 🔒⚡️

Deterministic Agentic Data Firewall

Agentic AI breaks traditional data security. OpenEdison secures & unifies agent data access to stop data leaks by securing your agent's interactions with your data/software.

Gain visibility, monitor potential threats, and get alerts on the data your agent is reading/writing.

How is it different from other MCP Gateways? Read our MCP Gateway Comparison Blog and our OpenEdison release post.

OpenEdison helps address the lethal trifecta problem, which can increase risks of agent hijacking & data exfiltration by malicious actors.

Join our Discord for feedback, feature requests, and to discuss MCP security for your use case: discord.gg/tXjATaKgTV

Features ✨

  • 🛑 Data leak monitoring - Edison detects and blocks potential data leaks through configurable security controls
  • 🕰️ Controlled execution - Provides structured execution controls to reduce data exfiltration risks.
  • 🗂️ Easily configurable - Easy to configure and manage your MCP servers
  • 📊 Visibility into agent interactions - Track and monitor your agents and their interactions with connected software/data via MCP calls
  • 🔗 Simple API - REST API for managing MCP servers and proxying requests
  • 🐳 Docker support - Run in a container for easy deployment

Open-Edison integrates with LangGraph, LangChain, and plain Python agents by decorating your tools/functions with @edison.track(). This provides immediate observability and policy enforcement without invasive changes.

Read more in docs/langgraph_quickstart.md

About Edison.watch 🏢

Edison helps you gain observability, control, and policy enforcement for AI interactions with systems of records, existing company software and data. Reduce risks of AI-caused data leakage with streamlined setup for cross-system governance.

FeatureOpenEdison (Open Source)EdisonWatch (Commercial)
Single User
MCP Security Controls
Lethal Trifecta Detection
Tool/Resource Permissions
Multi-Tenancy
SIEM Integration
SSO (Single Sign-On)
Client Software for Auto-Enforcement

👉 Interested in EdisonWatch? Visit edison.watch or contact us.

Quick Start 🚀

The fastest way to get started:

bash
# Installs uv (via Astral installer) and launches open-edison with uvx.
# Note: This does NOT install Node/npx. Install Node if you plan to use npx-based tools like mcp-remote.
curl -fsSL https://raw.githubusercontent.com/Edison-Watch/open-edison/main/curl_pipe_bash.sh | bash

Run locally with uvx: uvx open-edison That will run the setup wizard if necessary.

If you need npx (for Node-based MCP tools like mcp-remote), install Node.js as well:

macOS

  • uv: curl -fsSL https://astral.sh/uv/install.sh | sh
  • Node/npx: brew install node

Linux

  • uv: curl -fsSL https://astral.sh/uv/install.sh | sh
  • Node/npx: sudo apt-get update && sudo apt-get install -y nodejs npm

Windows

  • uv: powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
  • Node/npx: winget install -e --id OpenJS.NodeJS

After installation, ensure that npx is available on PATH.

Prerequisites

  • Pipx/uvx
bash
# Using uvx
uvx open-edison

# Using pipx
pipx install open-edison
open-edison

Run with a custom config directory:

bash
open-edison run --config-dir ~/edison-config
# or via environment variable
OPEN_EDISON_CONFIG_DIR=~/edison-config open-edison run

There is a dockerfile for simple local setup.

bash
# Single-line:
git clone https://github.com/Edison-Watch/open-edison.git && cd open-edison && make docker_run

# Or
# Clone repo
git clone https://github.com/Edison-Watch/open-edison.git
# Enter repo
cd open-edison
# Build and run
make docker_run

The MCP server will be available at http://localhost:3000 and the api + frontend at http://localhost:3001. 🌐

  1. Clone the repository:
bash
git clone https://github.com/Edison-Watch/open-edison.git
cd open-edison
  1. Set up the project:
bash
make setup
  1. Edit config.json to configure your MCP servers. See the full file: config.json, it looks like:
json
{
  "server": { "host": "0.0.0.0", "port": 3000, "api_key": "..." },
  "logging": { "level": "INFO"},
  "mcp_servers": [
    { "name": "filesystem", "command": "uvx", "args": ["mcp-server-filesystem", "/tmp"], "enabled": true },
    { "name": "github", "enabled": false, "env": { "GITHUB_PERSONAL_ACCESS_TOKEN": "..." } }
  ]
}
  1. Run the server:
bash
make run
# or, from the installed package
open-edison run

The server will be available at http://localhost:3000. 🌐

Connect any MCP client to Open Edison (requires Node.js/npm for npx):

bash
npx -y mcp-remote http://localhost:3000/mcp/ --http-only --header "Authorization: Bearer your-api-key"

Or add to your MCP client config:

json
{
  "mcpServers": {
    "open-edison": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "http://localhost:3000/mcp/", "--http-only", "--header", "Authorization: Bearer your-api-key"]
    }
  }
}

Open-Edison comes preconfigured with ngrok for easy ChatGPT integration. Follow these steps to connect:

1. Set up ngrok Account

  1. Visit https://dashboard.ngrok.com to sign up for a free account
  2. Get your authtoken from the "Your Authtoken" page
  3. Create a domain name in the "Domains" page
  4. Set these values in your ngrok.yml file:
yaml
version: 3

agent:
  authtoken: YOUR_NGROK_AUTH_TOKEN

endpoints:
  - name: open-edison-mcp
    url: https://YOUR_DOMAIN.ngrok-free.app
    upstream:
      url: http://localhost:3000
      protocol: http1

2. Start ngrok Tunnel

bash
make ngrok-start

This will start the ngrok tunnel and make Open-Edison accessible via your custom domain.

3. Enable Developer Mode in ChatGPT

  1. Click on your profile icon in ChatGPT
  2. Select Settings
  3. Go to "Connectors" in the settings menu
  4. Select "Advanced Settings"
  5. Enable "Developer Mode (beta)"

4. Add Open-Edison to ChatGPT

  1. Click on your profile icon in ChatGPT
  2. Select Settings
  3. Go to "Connectors" in the settings menu
  4. Select "Create" next to "Browse connections"
  5. Set a name (e.g., "Open-Edison")
  6. Use your ngrok URL as the MCP Server URL (e.g., https://your-domain.ngrok-free.app/mcp/)
  7. Select "No authentication" in the Authentication menu
  8. Tick the "I trust this application" checkbox
  9. Press Create

5. Use Open-Edison in ChatGPT

Every time you start a new chat:

  1. Click on the plus sign in the prompt text box ("Ask anything")
  2. Hover over "... More"
  3. Click on "Developer Mode"
  4. "Developer Mode" and your connector name (e.g., "Open-Edison") will appear at the bottom of the prompt textbox

You can now use Open-Edison's MCP tools directly in your ChatGPT conversations! Do not forget to repeat step 5 everytime you start a new chat.

API Endpoints

See API Reference for full API documentation.

Setup 🧰

Setup from source as above.

Run ▶️

Server doesn't have any auto-reload at the moment, so you'll need to run & ctrl-c this during development.

bash
make run

Tests/code quality ✅

We expect make ci to return cleanly.

bash
make ci

Configuration ⚙️

The config.json file contains all configuration:

  • server.host - Server host (default: localhost)
  • server.port - Server port (default: 3000)
  • server.api_key - API key for authentication
  • logging.level - Log level (DEBUG, INFO, WARNING, ERROR)
  • mcp_servers - Array of MCP server configurations

Each MCP server configuration includes:

  • name - Unique name for the server
  • command - Command to run the MCP server
  • args - Arguments for the command
  • env - Environment variables (optional)
  • enabled - Whether to auto-start this server

🔐 How Edison reduces data leakages

Open Edison includes a comprehensive security monitoring system that tracks the "lethal trifecta" of AI agent risks, as described in Simon Willison's blog post:

  1. Private data access - Access to sensitive local files/data
  2. Untrusted content exposure - Exposure to external/web content
  3. External communication - Ability to write/send data externally

The configuration allows you to classify these risks across tools, resources, and prompts using separate configuration files.

In addition to trifecta, we track Access Control Level (ACL) for each tool call, that is, each tool has an ACL level (one of PUBLIC, PRIVATE, or SECRET), and we track the highest ACL level for each session. If a write operation is attempted to a lower ACL level, it can be blocked based on your configuration.

🧰 Tool Permissions (tool_permissions.json)

Defines security classifications for MCP tools. See full file: tool_permissions.json, it looks like:

json
{
  "_metadata": { "last_updated": "2025-08-07" },
  "builtin": {
    "get_security_status": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false, "acl": "PUBLIC" }
  },
  "filesystem": {
    "read_file": { "enabled": true, "write_operation": false, "read_private_data": true, "read_untrusted_public_data": false, "acl": "PRIVATE" },
    "write_file": { "enabled": true, "write_operation": true, "read_private_data": true, "read_untrusted_public_data": false, "acl": "PRIVATE" }
  }
}

Resource Permissions (resource_permissions.json)

Defines security classifications for resource access patterns. See full file: resource_permissions.json, it looks like:

json
{
  "_metadata": { "last_updated": "2025-08-07" },
  "builtin": { "config://app": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false } }
}

Prompt Permissions (prompt_permissions.json)

Defines security classifications for prompt types. See full file: prompt_permissions.json, it looks like:

json
{
  "_metadata": { "last_updated": "2025-08-07" },
  "builtin": { "summarize_text": { "enabled": true, "write_operation": false, "read_private_data": false, "read_untrusted_public_data": false } }
}

Wildcard Patterns ✨

All permission types support wildcard patterns:

  • Tools: server_name/* (e.g., filesystem/* matches all filesystem tools)
  • Resources: scheme:* (e.g., file:* matches all file resources)
  • Prompts: type:* (e.g., template:* matches all template prompts)

Security Monitoring 🕵️

All items must be explicitly configured - unknown tools/resources/prompts will be rejected for security.

Use the get_security_status tool to monitor your session's current risk level and see which capabilities have been accessed. When the lethal trifecta is achieved (all three risk flags set), further potentially dangerous operations are blocked.

Documentation 📚

📚 Complete documentation available in docs/

GPL-3.0 License - see LICENSE for details.

Installation

TypingMind
Prerequisites:

Node.js 18+

{
  "mcpServers": {
    "edison-watch-open-edison": {
      "command": "uvx",
      "args": [
        "open-edison"
      ]
    }
  }
}

Use OpenEdison MCP with multiple AI models

TypingMind connects MCP tools at the workspace level, so once OpenEdison is connected, you can use it with different AI models in TypingMind instead of setting it up separately for each model. You can run MCP locally on your device or connect to a remote MCP server URL.

Option 1: Use the local connector

Use this when the MCP server needs access to local files, apps, or private resources on your computer.

1

Open the MCP settings

In TypingMind, go to Settings, Advanced Settings, then Model Context Protocol and choose Setup Connector.

  1. Open TypingMind in your browser.
  2. Click the Settings icon.
  3. Go to Advanced Settings.
  4. Open the Model Context Protocol section.
  5. Click Setup Connector and choose This Device.
TypingMind MCP connector setup screen with This Device selected
2

Run the connector command

Choose This Device, copy the command from TypingMind, and run it in Terminal. Keep the process running while you use MCP.

  1. Copy the setup command shown by TypingMind.
  2. Open Terminal on macOS or Windows Terminal on Windows.
  3. Paste and run the command.
  4. Approve the package install if Terminal asks you to proceed.
  5. Keep the Terminal window running while using MCP tools.
3

Add OpenEdison as a server

When the connector status is Ready, click Edit Servers and paste the MCP server configuration.

  1. Wait until the connector status shows Ready.
  2. Click Edit Servers.
  3. Paste the OpenEdison MCP server configuration.
  4. Save the server list.
  5. Refresh if you want to confirm the connector is still ready.
TypingMind MCP settings showing active server and Edit Servers button
{
  "mcpServers": {
    "edison-watch-open-edison": {
      "command": "npx",
      "args": [
        "-y",
        "open-edison"
      ]
    }
  }
}
4

Use it across models

Save the server list, open Plugins, enable the OpenEdison MCP tools, then select any supported AI model in TypingMind and use the tools in chat or assign them to an AI agent.

  1. Open the Plugins page in TypingMind.
  2. Enable the OpenEdison MCP tools.
  3. Start a chat and choose the AI model you want to use.
  4. Use the MCP tools in chat or assign them to an AI agent.
  5. Switch to another AI model whenever needed without reconnecting MCP.
TypingMind chat using enabled MCP tools with a selected AI model
Can you use OpenEdison to help me with this task?
OpenEdison
Sure. I read it.
Here is what I found using OpenEdison.

Option 2: Add an MCP server URL

Use this when OpenEdison is already hosted remotely or your team wants one shared connector that multiple users can access.

1

Open MCP connectors

In TypingMind, go to Plugins, open MCP connectors, then choose Add URL.

  1. Open TypingMind in your browser.
  2. Go to Plugins.
  3. Open MCP connectors.
  4. Click Add URL.
TypingMind Add Custom MCP Server URL form
2

Paste the server URL

Enter your server URL in the Server URL field. Add a connection name, description, icon, custom HTTP headers, or OAuth client settings if the server requires them.

  1. Paste your server URL into the Server URL field.
  2. Enter a connection name for OpenEdison.
  3. Add a description and icon if you want it to be easier to identify.
  4. Add custom HTTP headers or OAuth client details if the server requires authentication.
3

Create the connection

Click Create connection, then return to the Plugins list and confirm the new MCP connection is active.

  1. Click Create connection.
  2. Return to the MCP connectors list.
  3. Confirm the OpenEdison connection appears as active.
  4. Refresh the plugin list if the connection does not appear immediately.
4

Switch models without reconnecting

Start a chat with your preferred model, enable the OpenEdison tools from Plugins, and switch to another model whenever needed. The MCP connection stays available to the TypingMind workspace.

  1. Start a new chat in TypingMind.
  2. Select the AI model you want to use.
  3. Enable the OpenEdison tools from Plugins.
  4. Ask the model to use the tool when needed.
  5. Switch to another AI model and reuse the same MCP connection.
TypingMind chat using enabled MCP tools with a selected AI model
Can you use OpenEdison to help me with this task?
OpenEdison
Sure. I read it.
Here is what I found using OpenEdison.

Frequently asked questions

What is the OpenEdison MCP server used for?

OpenEdison is an MCP server that lets compatible AI clients connect to external tools and context. In TypingMind, you can add this MCP server once and make its tools available in your AI workspace.

Can I use OpenEdison MCP with multiple AI models in TypingMind?

Yes. TypingMind connects MCP tools at the workspace level, so you can use OpenEdison with different AI models such as Claude, ChatGPT, Gemini, or other models you have configured in TypingMind without setting up the MCP server separately for each model.

Why use OpenEdison MCP with TypingMind?

TypingMind is one of the best frontends for LLM chat because it brings multiple AI models, prompts, plugins, AI agents, API keys, and MCP tools into one workspace. With OpenEdison connected, you can use its MCP tools across your preferred models while keeping your chat workflow organized in TypingMind.

How do I connect OpenEdison MCP to TypingMind?

OpenEdison can be connected in TypingMind with the local MCP connector or by adding a remote MCP server URL. Use the local connector when the server needs access to files, apps, or private resources on your device, and use a server URL when the MCP server is hosted remotely.

What tools does OpenEdison MCP provide in TypingMind?

OpenEdison exposes MCP capabilities that can be enabled from the TypingMind Plugins page and used in chat or assigned to AI agents.

Do I need to share my API keys with TypingMind to use OpenEdison MCP?

No. TypingMind is local-first and lets you keep your model providers, API keys, prompts, and MCP configuration under your control. If OpenEdison requires authentication, add the required headers, OAuth settings, or local configuration for that MCP server when you create the connection.

Related MCP Servers

View all
LaurieWired logo

GhidraMCP

LaurieWired
CommunityPopular

MCP Server for Ghidra

900
8.9K
0 tools
View details
0x4m4 logo

HexStrike AI

0x4m4
CommunityPopular

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

1.9K
8.7K
0 tools
View details
webflow logo

Webflow

webflow
CommunityPopular

Official Webflow MCP server. Manage sites, pages, CMS collections, and form submissions via Webflow's Data API. Publish drafts, update content, and automate site operations.

0
3.9K
16 tools
View details
integromat logo

Make.com (Integromat)

integromat
CommunityPopular

Official Make.com MCP server. Trigger scenarios, manage connections, and automate workflows across 2,000+ apps via Make's visual automation platform.

0
3.8K
16 tools
View details

Set up your own AI workspace now

Get notified about new features and future giveaways by subscribing to our newsletter 👇