Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for shivamnamdeo0101 from gravatar.com shivamnamdeo0101

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Shivam Namdeo
  • Tags mcp , security , middleware , detection
  • Requires: Python >=3.7
Classifiers
Report project as malware

Project description

Kavach - MCP Security Middleware

Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls using pattern-based rule scanning.

Built by Shivam Namdeo | PyPI Package | Use Cases

Quick Start

# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate

# Run the example
cd example
python3 app.py

Architecture

Core Components:

  • middleware.py - KavachMiddleware: Main entry point. Processes tool calls and returns allow/block decisions.
  • engine.py - DetectionEngine: Scans text against rules and collects violations.
  • rules.py - KAVACH_RULES: Rule definitions for detecting prompt injection, PII, API keys, etc.
  • types.py - Rule: Data class defining rule structure (id, name, severity, patterns).

How It Works

Sync: Content-based Blocking

from kavach import KavachMiddleware

middleware = KavachMiddleware()

# Process any tool call
result = middleware.process({
    "tool": "aws.s3",
    "access_key": "AKIAIOSFODNN7EXAMPLE"
})

# Returns: {"allowed": False, "violations": [...]}

Async: FastMCP Middleware Integration

from fastmcp import FastMCP
from kavach import KavachMiddleware

mcp = FastMCP("my-server")
mcp.add_middleware(
    KavachMiddleware(
        sensitive_tools=[
            "filesystem.delete",
            "aws.*",           # wildcard patterns
            "database.execute"
        ]
    )
)

Flow:

  1. Tool call intercepted by on_call_tool() middleware hook
  2. Tool name matched against sensitive_tools patterns
  3. If matched, DetectionEngine scans arguments against rules
  4. If violations found and strict mode enabled → raises SecurityException
  5. Otherwise → chain to next middleware

Default Security Rules

  • Prompt Injection → Detects attempts to override system instructions.
  • PII Detection → Detects phone numbers and card numbers.
  • Secret Leakage → Detects exposed API keys and credentials.
  • Dangerous Eval/Exec → Detects unsafe code execution patterns.
  • SQL Injection → Detects malicious database commands.
  • Path Traversal → Detects unauthorized file access attempts.
  • Shell Command Abuse → Detects dangerous shell command chaining and piping.

Add custom rules in rules.py:

Rule(
    id="custom-rule",
    name="Rule Name",
    severity="high",
    patterns=[re.compile(r"pattern")]
)

Usage

Option 1: Default Rules Only

middleware = KavachMiddleware()

Option 2: Extend Defaults with Custom Rules

from kavach.types import Rule
import re

custom_rules = [
    Rule(
        id="custom-ban",
        name="Custom Ban",
        severity="high",
        description="Ban specific phrases",
        patterns=[re.compile(r"dangerous\s+action", re.I)]
    )
]

middleware = KavachMiddleware(
    rules=custom_rules,
    extend_rules=True  # Merge with KAVACH_RULES (default)
)

Option 3: Replace Defaults with Custom Rules

middleware = KavachMiddleware(
    rules=custom_rules,
    extend_rules=False  # Use ONLY custom rules
)

Option 4: Control Tool Access

# Allow violations in non-sensitive tools
middleware = KavachMiddleware(strict=False)

# Protect specific tools
middleware = KavachMiddleware(
    sensitive_tools=["filesystem.delete", "aws.s3.delete_bucket"]
)

Project Structure

kavach-mcp-middleware/
├── kavach/
│   ├── __init__.py       # Package exports
│   ├── middleware.py     # Main middleware class
│   ├── engine.py         # Detection logic
│   ├── rules.py          # Security rules
│   ├── types.py          # Data classes
│   └── exceptions.py     # Security exceptions
└── example/
    └── app.py            # Example usage

API Reference

KavachMiddleware.__init__()

Parameter Type Default Description
rules List[Rule] KAVACH_RULES Custom detection rules
strict bool True Raise exception (True) or return blocked result (False)
sensitive_tools List[str] [] Tools to protect (exact match or wildcard patterns)
extend_rules bool True Merge custom rules with defaults (True) or replace (False)

Methods

  • process(tool_call: dict) - Sync content scanning. Returns {"allowed": bool, ...}
  • async on_call_tool(context, call_next) - FastMCP async middleware hook
  • register_tool(tool_name: str) - Add tool to sensitive_tools at runtime

Contributing

We'd love to get more features and improvements! Please feel free to:

  • Add new detection rules in kavach/rules.py
  • Improve the detection engine in kavach/engine.py
  • Submit bug fixes and enhancements via pull requests
  • Suggest new security patterns to detect

All contributions are welcome! 🚀

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for shivamnamdeo0101 from gravatar.com shivamnamdeo0101

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Shivam Namdeo
  • Tags mcp , security , middleware , detection
  • Requires: Python >=3.7
Classifiers

Release history Release notifications | RSS feed

0.1.11

This version

0.1.10

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kavach_mcp-0.1.10.tar.gz (9.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kavach_mcp-0.1.10-py3-none-any.whl (8.9 kB view details)

Uploaded Python 3

File details

Details for the file kavach_mcp-0.1.10.tar.gz.

File metadata

  • Download URL: kavach_mcp-0.1.10.tar.gz
  • Upload date:
  • Size: 9.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for kavach_mcp-0.1.10.tar.gz
Algorithm Hash digest
SHA256 18e542f0ced58f5c1b80834cc171588e73f819b4db78b50f73a8d21cc0a24f10
MD5 aae68c1905994319665da304c0099435
BLAKE2b-256 6d4accc590005afac1aa9f5ff8733e15b5a364f8f07305d505f4e94ab895631c

See more details on using hashes here.

Provenance

The following attestation bundles were made for kavach_mcp-0.1.10.tar.gz:

Publisher: python-publish.yml on shivamnamdeo0101/kavach-mcp-middleware

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file kavach_mcp-0.1.10-py3-none-any.whl.

File metadata

  • Download URL: kavach_mcp-0.1.10-py3-none-any.whl
  • Upload date:
  • Size: 8.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for kavach_mcp-0.1.10-py3-none-any.whl
Algorithm Hash digest
SHA256 604c11b4cedd728c658c32fa4f85780c9fbcd196c084808e96314c2fa0e29fc0
MD5 9fa8dd3ffde452a6ea8bf9e13bb53d8f
BLAKE2b-256 d2b1f36f7eeb31c7afd7ccc663cfc6594e3f581b3c622b70fbc4cc93562686b5

See more details on using hashes here.

Provenance

The following attestation bundles were made for kavach_mcp-0.1.10-py3-none-any.whl:

Publisher: python-publish.yml on shivamnamdeo0101/kavach-mcp-middleware

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page