Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls
Project description
Kavach - MCP Security Middleware
Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls using pattern-based rule scanning.
Quick Start
# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate
# Run the example
cd example
python3 app.py
Architecture
Core Components:
middleware.py-KavachMiddleware: Main entry point. Processes tool calls and returns allow/block decisions.engine.py-DetectionEngine: Scans text against rules and collects violations.rules.py-KAVACH_RULES: Rule definitions for detecting prompt injection, PII, API keys, etc.types.py-Rule: Data class defining rule structure (id, name, severity, patterns).
How It Works
from kavach import KavachMiddleware
middleware = KavachMiddleware()
# Process any tool call
result = middleware.process({
"tool": "aws.s3",
"access_key": "AKIAIOSFODNN7EXAMPLE"
})
# Returns: {"allowed": False, "violations": [...]}
Flow:
- Tool call is converted to string
DetectionEnginescans text against all rule patterns (regex)- If violations found and strict mode enabled → blocked
- Otherwise → allowed
Rules
Detects:
- Prompt Injection - "ignore previous instructions", "override instructions"
- Secret Leakage - AWS keys (AKIA...), OpenAI keys (sk-...)
- PII - 10/16 digit sequences
Add custom rules in rules.py:
Rule(
id="custom-rule",
name="Rule Name",
severity="high",
patterns=[re.compile(r"pattern")]
)
Usage
# Allow all (strict=False)
middleware = KavachMiddleware(strict=False)
# Use custom rules
custom_rules = [Rule(...)]
middleware = KavachMiddleware(rules=custom_rules)
Project Structure
kavach-mcp-middleware/
├── kavach/
│ ├── __init__.py # Package exports
│ ├── middleware.py # Main middleware class
│ ├── engine.py # Detection logic
│ ├── rules.py # Security rules
│ └── types.py # Data classes
└── example/
└── app.py # Example usage
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
kavach_mcp-0.1.1.tar.gz
(3.3 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kavach_mcp-0.1.1.tar.gz.
File metadata
- Download URL: kavach_mcp-0.1.1.tar.gz
- Upload date:
- Size: 3.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
56bbf61ebb3847ee1ab8bfcb74bd14a03b4f0988be6ecc0227bb7752438ced4d
|
|
| MD5 |
ec752f298c52bf53028d125c5e195346
|
|
| BLAKE2b-256 |
b7eea06d856483a78378104963e0ae3ca73b053236f088bd8414953d4d1939ad
|
File details
Details for the file kavach_mcp-0.1.1-py3-none-any.whl.
File metadata
- Download URL: kavach_mcp-0.1.1-py3-none-any.whl
- Upload date:
- Size: 4.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3256876e0d99d63cdfc90644f89b6ac5987a6bf16336f4705c6b4d3157c2b460
|
|
| MD5 |
1b87a65e7b3d23b9b1ffa0fb85fb1b9c
|
|
| BLAKE2b-256 |
558da29bd70e205822c38c564c6ae72560d7cb5c13c2a93006ea4b758ca23770
|
