MCP security gateway — per-tool policies, Ed25519-signed receipts, shadow mode

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tomjwxf from gravatar.com tomjwxf

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Tom Farley
  • Tags mcp , security , ai , agent , receipts , ed25519 , gateway
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

protect-mcp

MCP security gateway — per-tool policies, Ed25519-signed decision receipts, shadow mode.

Install

pip install protect-mcp

Requires Node.js (for npx). Install from https://nodejs.org.

Usage

# Shadow mode — log everything, block nothing
protect-mcp -- node your-server.js

# Enforce mode — apply per-tool policies
protect-mcp --policy policy.json --enforce -- node your-server.js

# Verify receipts offline (MIT licensed, no ScopeBlind dependency)
npx @veritasacta/verify --self-test

What it does

Wraps any MCP server as a transparent stdio proxy. Every tool call decision is logged and optionally Ed25519-signed.

  • Shadow mode (default): See what agents are doing without blocking
  • Enforce mode: Block, rate-limit, or require approval per tool
  • Signed receipts: Ed25519 + JCS canonicalization, verifiable offline
  • CVE-anchored policies: Pre-built packs for known attack patterns
  • OWASP coverage: Maps to OWASP Agentic Top 10

Links

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tomjwxf from gravatar.com tomjwxf

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Tom Farley
  • Tags mcp , security , ai , agent , receipts , ed25519 , gateway
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

This version

0.4.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

protect_mcp-0.4.0.tar.gz (2.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

protect_mcp-0.4.0-py3-none-any.whl (3.4 kB view details)

Uploaded Python 3

File details

Details for the file protect_mcp-0.4.0.tar.gz.

File metadata

  • Download URL: protect_mcp-0.4.0.tar.gz
  • Upload date:
  • Size: 2.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.6

File hashes

Hashes for protect_mcp-0.4.0.tar.gz
Algorithm Hash digest
SHA256 f9eb1c9b72645842d65c7cd93df93c79da4d3aeb3ae75cd094c47a24c3482e6e
MD5 2b3528c9ace9a3ae94e666de25f9f421
BLAKE2b-256 a7a735599f4511b3692504021f82000934aa3314e77e5f02f17e5fe53c840b1f

See more details on using hashes here.

File details

Details for the file protect_mcp-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: protect_mcp-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 3.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.6

File hashes

Hashes for protect_mcp-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 354d2b556f2083dc382068eab1cbb80b030f04d45b7e00d339956082519f9f5f
MD5 2f490e42f1c93e5cf6edaaa6ae69878b
BLAKE2b-256 bcf55474e3782a6d2f974edb3b73c2e87084bf12c471c7c616841bd6733b368f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page