The WAF for agents. Pattern-based + heuristic firewall scans prompts, RAG documents, tool arguments, A2A payloads for OWASP LLM01 prompt injection BEFORE they reach a downstream agent. Curated from OWASP + academia + production incidents.
Project description
Agent Prompt Injection Firewall MCP
Buy Starter — £29/mo
Signed attestations + unlimited audits + email support. 👉 Subscribe at meok.ai — instant HMAC signing key + Stripe-managed billing.
Free tier remains MIT-licensed and zero-config. Upgrade only when you need signed compliance artefacts for audit.
WAF for AI agents — block prompt injection before it reaches the LLM
Agents that blindly forward user input + retrieved documents to other agents are the #1 production AI vulnerability (OWASP LLM01). This MCP is the pre-flight gate.
By MEOK AI Labs.
Quick Install
| Client | Install |
|---|---|
| Claude Desktop |  |
| Cursor |  |
| VS Code |  |
| Windsurf |  |
| Docker | docker run -p 8000:8000 agent-prompt-injection-firewall-mcp |
| pip | pip install agent-prompt-injection-firewall-mcp |
Install
pip install agent-prompt-injection-firewall-mcp
Tools
scan_promptdefine_custom_rulelist_rulesscan_logsign_firewall_attestation
Claude Desktop
{
"mcpServers": {
"agentpromptinjectionfirewall": { "command": "agent-prompt-injection-firewall-mcp" }
}
}
Tiers
- Free — generous daily limit (100-1,000 depending on operation)
- Pro £199/mo — unlimited + signed HMAC attestations with public verify URLs — subscribe
- Enterprise £1,499/mo — multi-tenant + custom predicate DSL + SIEM webhook push — subscribe
Why this exists
The EU AI Act (Aug 2026), DORA (live), ISO 42001, and OWASP LLM01 Top-10 all demand runtime controls for agent systems — not just deployment-time audits. This MCP is that runtime control layer, emitting cryptographically signed evidence your auditor accepts.
Related MEOK A2A MCPs
agent-policy-enforcement-mcp— per-pair IAMagent-handoff-certified-mcp— signed delegation chainagent-prompt-injection-firewall-mcp— prompt injection WAFagent-rate-limiter-mcp— fleet-wide quotaagent-audit-logger-mcp— hash-chained signed loga2a-governance-bridge-mcp— map A2A to compliance frameworksmeok-attestation-verify— independent cert verifier
License
MIT — MEOK AI Labs, 2026.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_prompt_injection_firewall_mcp-1.0.3.tar.gz.
File metadata
- Download URL: agent_prompt_injection_firewall_mcp-1.0.3.tar.gz
- Upload date:
- Size: 13.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f93b86116e4e05cf8f6d30e50075eb6eab1d69506cc87259062b82b68731dcb6
|
|
| MD5 |
f841c9bd7e8d5e977641d8847a9a2510
|
|
| BLAKE2b-256 |
9ffff48d143b1c0db5c29fe3e3be4cc889df3d64ce01abc534b862f3e69835d4
|
File details
Details for the file agent_prompt_injection_firewall_mcp-1.0.3-py3-none-any.whl.
File metadata
- Download URL: agent_prompt_injection_firewall_mcp-1.0.3-py3-none-any.whl
- Upload date:
- Size: 9.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4b3b0bf4b227878d711c11bf28e20dd17890b311b9d8677f5bc8ae3b341b3735
|
|
| MD5 |
c4d7558f1d3368620fd329828563aaf2
|
|
| BLAKE2b-256 |
83d57345d6b7c5e7914b96d0404ca98e127efd500d8d401db947ae3ed368c21b
|
