Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls
Project description
Kavach - MCP Security Middleware
Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls using pattern-based rule scanning.
Quick Start
# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate
# Run the example
cd example
python3 app.py
Architecture
Core Components:
middleware.py-KavachMiddleware: Main entry point. Processes tool calls and returns allow/block decisions.engine.py-DetectionEngine: Scans text against rules and collects violations.rules.py-KAVACH_RULES: Rule definitions for detecting prompt injection, PII, API keys, etc.types.py-Rule: Data class defining rule structure (id, name, severity, patterns).
How It Works
from kavach import KavachMiddleware
middleware = KavachMiddleware()
# Process any tool call
result = middleware.process({
"tool": "aws.s3",
"access_key": "AKIAIOSFODNN7EXAMPLE"
})
# Returns: {"allowed": False, "violations": [...]}
Flow:
- Tool call is converted to string
DetectionEnginescans text against all rule patterns (regex)- If violations found and strict mode enabled → blocked
- Otherwise → allowed
Rules
Detects:
- Prompt Injection - "ignore previous instructions", "override instructions"
- Secret Leakage - AWS keys (AKIA...), OpenAI keys (sk-...)
- PII - 10/16 digit sequences
Add custom rules in rules.py:
Rule(
id="custom-rule",
name="Rule Name",
severity="high",
patterns=[re.compile(r"pattern")]
)
Usage
# Allow all (strict=False)
middleware = KavachMiddleware(strict=False)
# Use custom rules
custom_rules = [Rule(...)]
middleware = KavachMiddleware(rules=custom_rules)
Project Structure
kavach-mcp-middleware/
├── kavach/
│ ├── __init__.py # Package exports
│ ├── middleware.py # Main middleware class
│ ├── engine.py # Detection logic
│ ├── rules.py # Security rules
│ └── types.py # Data classes
└── example/
└── app.py # Example usage
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
kavach_mcp-0.1.3.tar.gz
(4.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kavach_mcp-0.1.3.tar.gz.
File metadata
- Download URL: kavach_mcp-0.1.3.tar.gz
- Upload date:
- Size: 4.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5e53532f43b534ee6f79383e96b33c82e6360c0d2875b53658801257dc5cc92a
|
|
| MD5 |
da8be467ac0f359322367598bb8f7994
|
|
| BLAKE2b-256 |
f8c0df63260078e256adb98ba4cbbad6f2d05eaa00b2ad26e59e3356d13868f7
|
File details
Details for the file kavach_mcp-0.1.3-py3-none-any.whl.
File metadata
- Download URL: kavach_mcp-0.1.3-py3-none-any.whl
- Upload date:
- Size: 4.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f62871f5aca907de81c0b63cfe950c6c1f20b9ac84282729735495bbccfadfd2
|
|
| MD5 |
3bb762b7f0abd6ce27516febffd1a5d5
|
|
| BLAKE2b-256 |
1e2cef19f40f2ddd74e3349c446019cde2fbe8fa1d3b819566fa16f997bdb9f5
|
