Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls
Project description
Kavach - MCP Security Middleware
Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls using pattern-based rule scanning.
Quick Start
# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate
# Run the example
cd example
python3 app.py
Architecture
Core Components:
middleware.py-KavachMiddleware: Main entry point. Processes tool calls and returns allow/block decisions.engine.py-DetectionEngine: Scans text against rules and collects violations.rules.py-KAVACH_RULES: Rule definitions for detecting prompt injection, PII, API keys, etc.types.py-Rule: Data class defining rule structure (id, name, severity, patterns).
How It Works
from kavach import KavachMiddleware
middleware = KavachMiddleware()
# Process any tool call
result = middleware.process({
"tool": "aws.s3",
"access_key": "AKIAIOSFODNN7EXAMPLE"
})
# Returns: {"allowed": False, "violations": [...]}
Flow:
- Tool call is converted to string
DetectionEnginescans text against all rule patterns (regex)- If violations found and strict mode enabled → blocked
- Otherwise → allowed
Rules
Detects:
- Prompt Injection - "ignore previous instructions", "override instructions"
- Secret Leakage - AWS keys (AKIA...), OpenAI keys (sk-...)
- PII - 10/16 digit sequences
Add custom rules in rules.py:
Rule(
id="custom-rule",
name="Rule Name",
severity="high",
patterns=[re.compile(r"pattern")]
)
Usage
# Allow all (strict=False)
middleware = KavachMiddleware(strict=False)
# Use custom rules
custom_rules = [Rule(...)]
middleware = KavachMiddleware(rules=custom_rules)
Project Structure
kavach-mcp-middleware/
├── kavach/
│ ├── __init__.py # Package exports
│ ├── middleware.py # Main middleware class
│ ├── engine.py # Detection logic
│ ├── rules.py # Security rules
│ └── types.py # Data classes
└── example/
└── app.py # Example usage
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
kavach_mcp-0.1.2.tar.gz
(4.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kavach_mcp-0.1.2.tar.gz.
File metadata
- Download URL: kavach_mcp-0.1.2.tar.gz
- Upload date:
- Size: 4.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
963838b3bb5eafd8cc89a4f552720e196b3a8dffc0011a8dd2246af3a42a7fa8
|
|
| MD5 |
33311e206501753227c7e3a7cedacaaf
|
|
| BLAKE2b-256 |
f4721a73f0198375af33af0ddd509b0f559f4bf352ca32e19d0ee10d178100ea
|
File details
Details for the file kavach_mcp-0.1.2-py3-none-any.whl.
File metadata
- Download URL: kavach_mcp-0.1.2-py3-none-any.whl
- Upload date:
- Size: 4.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
423abfdcdf642cfdcc5c1b9e12726daf482afc27ccc1b776aa54c9b0580bff22
|
|
| MD5 |
8b47fccf23cada68536fafba6400e4d9
|
|
| BLAKE2b-256 |
a051c4ba0bf4f4a528bd3e657a40795bcf7d39358216b7ffe14fa1460d882a20
|
