MCPShield - Secure access for AI agents with deterministic policy enforcement
Project description
MCPShield
Secure PostgreSQL access for AI agents with deterministic policy enforcement and comprehensive auditing.
Features
- MCP Server: Claude Code compatible stdio protocol
- PostgreSQL Tools: Safe, policy-enforced database access
- Fail-Closed Policy Engine: YAML-based security rules with default deny
- Centralized Policy Management: Policies authored in dashboard, automatically synced
- Audit Trail: Complete event logging to MCPShield control plane with policy_hash tracking
- Event Spooling: Never lose audit events, even when offline
- Developer-Friendly: Clear logs, helpful errors, easy configuration
Quick Start
Installation
pip install mcpshield
Setup
-
Create project and policy in MCPShield dashboard:
- Go to https://app.mcpshield.xyz
- Create project → Get Project ID
- Create policy → Define security rules
- Create API key
-
Create configuration file (
mcpshield.yaml):database: dsn: null # Set via PG_DSN env var api: base_url: "https://api.mcpshield.xyz" project_id: null # Set via PROJECT_ID env var api_key: null # Set via MCPSHIELD_API_KEY env var policy: source: "remote_with_fallback" file: "policy.yaml" # Fallback only refresh_seconds: 60
-
Set environment variables:
export PG_DSN="postgresql://user:pass@localhost:5432/dbname" export MCPSHIELD_API_KEY="mcps_your_key" export PROJECT_ID="proj_your_id" export API_BASE_URL="https://api.mcpshield.xyz"
-
Verify setup:
mcpshield doctor --config mcpshield.yaml
-
Run the gateway:
mcpshield serve --config mcpshield.yaml
Claude Code Integration
Add to your Claude Code MCP configuration (~/.claude/mcp.json):
{
"mcpServers": {
"mcpshield": {
"command": "mcpshield",
"args": ["serve", "--config", "/path/to/mcpshield.yaml"],
"env": {
"PG_DSN": "postgresql://user:pass@localhost:5432/db",
"MCPSHIELD_API_KEY": "mcps_...",
"PROJECT_ID": "proj_...",
"API_BASE_URL": "https://api.mcpshield.xyz"
}
}
}
}
How Policy Synchronization Works
┌──────────────────────────────────────────────────────────────┐
│ MCPShield Dashboard │
│ │
│ 1. Author policy in UI │
│ 2. Save policy (stored in database) │
│ 3. policy_hash computed (SHA-256) │
└──────────────────────────┬───────────────────────────────────┘
│
│ GET /projects/{id}/policy
│
▼
┌────────────────────┐
│ MCPShield Gateway │
│ │
│ On startup: │
│ • Fetch policy │
│ • Cache locally │
│ • Compute hash │
│ │
│ Every 60s: │
│ • Re-fetch policy │
│ • Update cache │
│ • Update hash │
└────────────────────┘
│
│ Every request includes:
│ • decision (allow/deny)
│ • policy_hash
│
▼
┌────────────────────┐
│ Audit Events │
│ │
│ { │
│ decision: allow │
│ policy_hash:... │
│ } │
└────────────────────┘
Policy Source Options
remote (Recommended for production):
- Fetches policy from MCPShield API only
- Fails if API unreachable (fail-closed)
- Always uses latest policy from dashboard
remote_with_fallback (Recommended for development):
- Tries API first
- Falls back to cached policy if API fails
- Falls back to local file if cache unavailable
- Provides resilience during API outages
local:
- Uses local policy file only
- No API calls
- Useful for offline development
Fail-Closed Behavior
Gateway WILL NOT start if:
- Policy source is
remoteand API is unreachable - Policy source is
remote_with_fallbackand ALL of: API fails, no cache, no local file - This ensures gateway never operates without a policy
Documentation
- User Guide: https://mcpshield.xyz/docs
- Policy Syntax: https://mcpshield.xyz/docs/policy
- Troubleshooting: https://mcpshield.xyz/docs/troubleshooting
Security
MCPShield is designed with security-first principles:
- Default Deny: All operations blocked unless explicitly allowed
- Read-Only Enforcement: Blocks destructive SQL keywords
- Schema Validation: Only access allowed tables
- Data Redaction: Remove sensitive data (emails, phones) from results
- Rate Limiting: Enforce query limits and timeouts
- Audit Everything: Complete audit trail with policy_hash tracking
CLI Commands
# Run the gateway
mcpshield serve --config mcpshield.yaml
# Validate configuration
mcpshield validate --config mcpshield.yaml
# Run diagnostics
mcpshield doctor --config mcpshield.yaml
Support
- Documentation: https://mcpshield.xyz/docs
- Issues: Report via MCPShield support channels
License
MIT License - see LICENSE file for details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
mcpshield-0.1.0.tar.gz
(19.7 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
mcpshield-0.1.0-py3-none-any.whl
(21.0 kB
view details)
File details
Details for the file mcpshield-0.1.0.tar.gz.
File metadata
- Download URL: mcpshield-0.1.0.tar.gz
- Upload date:
- Size: 19.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
caa90f585121ce52717526b829a765e5faf581b638922810c02dea637f7feecd
|
|
| MD5 |
7dddb808914bbb7418111fe7134090aa
|
|
| BLAKE2b-256 |
1adbb9179cab36b2aab6e7bca7d17ab97218a355303c9cb8a93c46b49b55f28d
|
File details
Details for the file mcpshield-0.1.0-py3-none-any.whl.
File metadata
- Download URL: mcpshield-0.1.0-py3-none-any.whl
- Upload date:
- Size: 21.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f938bb9af294573e54d4334f9c3e0381c48f367473de461311a0e759b4b76883
|
|
| MD5 |
2e8494b8eedeb2e5f337dc68cb3fcd98
|
|
| BLAKE2b-256 |
d9bbba0ffed881ee8b43ec667ff0964d221ef2d7771e2d2462de054c0df0fc1b
|
