Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls
Project description
Kavach - MCP Security Middleware
Security middleware for Model Context Protocol (MCP) that detects and blocks malicious tool calls using pattern-based rule scanning.
Built by Shivam Namdeo | PyPI Package
Quick Start
# Create and activate virtual environment
python3 -m venv venv
source venv/bin/activate
# Run the example
cd example
python3 app.py
Architecture
Core Components:
middleware.py-KavachMiddleware: Main entry point. Processes tool calls and returns allow/block decisions.engine.py-DetectionEngine: Scans text against rules and collects violations.rules.py-KAVACH_RULES: Rule definitions for detecting prompt injection, PII, API keys, etc.types.py-Rule: Data class defining rule structure (id, name, severity, patterns).
How It Works
from kavach import KavachMiddleware
middleware = KavachMiddleware()
# Process any tool call
result = middleware.process({
"tool": "aws.s3",
"access_key": "AKIAIOSFODNN7EXAMPLE"
})
# Returns: {"allowed": False, "violations": [...]}
Flow:
- Tool call is converted to string
DetectionEnginescans text against all rule patterns (regex)- If violations found and strict mode enabled → blocked
- Otherwise → allowed
Rules
Detects:
- Prompt Injection - "ignore previous instructions", "override instructions"
- Secret Leakage - AWS keys (AKIA...), OpenAI keys (sk-...)
- PII - 10/16 digit sequences
Add custom rules in rules.py:
Rule(
id="custom-rule",
name="Rule Name",
severity="high",
patterns=[re.compile(r"pattern")]
)
Usage
# Allow all (strict=False)
middleware = KavachMiddleware(strict=False)
# Use custom rules
custom_rules = [Rule(...)]
middleware = KavachMiddleware(rules=custom_rules)
Project Structure
kavach-mcp-middleware/
├── kavach/
│ ├── __init__.py # Package exports
│ ├── middleware.py # Main middleware class
│ ├── engine.py # Detection logic
│ ├── rules.py # Security rules
│ └── types.py # Data classes
└── example/
└── app.py # Example usage
Contributing
We'd love to get more features and improvements! Please feel free to:
- Add new detection rules in
kavach/rules.py - Improve the detection engine in
kavach/engine.py - Submit bug fixes and enhancements via pull requests
- Suggest new security patterns to detect
All contributions are welcome! 🚀
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kavach_mcp-0.1.5.tar.gz.
File metadata
- Download URL: kavach_mcp-0.1.5.tar.gz
- Upload date:
- Size: 4.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bdef6ae8e0ef00b0f25c0aaded76c01efc4d522adb8f6b42977a8c53e5a96fb8
|
|
| MD5 |
6c742ce4c92e145f4975ea25194d3ed7
|
|
| BLAKE2b-256 |
aee3216a05b594af8f9001f660a5118663e36572ab6740405a1ab108878bc0c8
|
File details
Details for the file kavach_mcp-0.1.5-py3-none-any.whl.
File metadata
- Download URL: kavach_mcp-0.1.5-py3-none-any.whl
- Upload date:
- Size: 5.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9dca1466a9f9b5ed748dd68f835819f7628de646122ca33b1930ea59a71a3304
|
|
| MD5 |
046bc7d2c9ebfda2fee1960c8c7e996e
|
|
| BLAKE2b-256 |
a3f5eba3c4ff84269f3111e3efa1ef2a8e495d0e6d83f6067c247e53d810694b
|
