MCP cover image
See in Github
2025-04-05

Un bouclier pour l'exploitation forestière, le débogage profond et la désinfection pour les serveurs MCP au stade de développement

1

Github Watches

0

Github Forks

2

Github Stars

Shield MCP

Python Version License MCP Compatible

A security middleware for Model Context Protocol (MCP) servers that enhances security and monitoring capabilities without modifying the official SDK. This package provides tools for securing and monitoring MCP tool calls, following the best practices outlined in the MCP documentation. Abstract yourself while interact at MCP development.

Table of Contents

Features

  • Tool Access Control: Whitelist-based access control for MCP tools
  • Result Sanitization: Configurable sanitization of tool outputs
  • Structured Logging: Comprehensive audit logging using structlog
  • Rate Limiting: Token bucket algorithm for rate limiting
  • Error Handling: Standardized error handling and formatting
  • MCP Inspector Compatible: Works seamlessly with the MCP Inspector tool

Requirements

System Requirements

  • Python 3.8 or higher
  • pip (Python package installer)
  • virtualenv (recommended for development)

Quick Start

from shieldmcp import secure_tool
from shieldmcp.sanitizers import ToolSanitizer
from shieldmcp.rate_limit import RateLimitConfig

# Define allowed tools
ALLOWED_TOOLS = {"search", "read_file", "write_file"}

# Create a text sanitizer
text_sanitizer = ToolSanitizer.createTextSanitizer(
    max_length=1000,
    sensitive_patterns=[
        r"\b\d{16}\b",  # Credit card numbers
        r"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b"  # Email addresses
    ]
)

# Configure rate limiting
rate_limit = RateLimitConfig(
    requests_per_minute=60,  # 1 request per second
    burst_size=10  # Allow bursts of up to 10 requests
)

# Apply the decorator to your MCP tools
@secure_tool(
    allowed_tools=ALLOWED_TOOLS,
    sanitize_fn=text_sanitizer,
    user_id="user123",
    session_id="session456",
    rate_limit=rate_limit
)
def search(query: str):
    # Your tool implementation
    return results

Components

Decorators (decorators.py)

The main @secure_tool decorator that orchestrates all security features:

@secure_tool(
    allowed_tools={"tool1", "tool2"},  # Set of allowed tool names
    sanitize_fn=your_sanitizer,        # Optional result sanitization function
    user_id="user123",                 # Optional user identifier
    session_id="session456",           # Optional session identifier
    rate_limit=RateLimitConfig(        # Optional rate limit configuration
        requests_per_minute=60,
        burst_size=10
    )
)
def your_tool():
    pass

Audit Logging (audit.py)

Structured logging using structlog:

from shieldmcp import ToolAudit

audit = ToolAudit()
audit.logToolCallStart(
    tool_name="search",
    args={"query": "test"},
    user_id="user123"
)

Access Control (access.py)

Tool access validation:

from shieldmcp import ToolAccess

access = ToolAccess(allowed_tools={"tool1", "tool2"})
access.validateToolAccess("tool1")  # Raises ValueError if not allowed

Sanitizers (sanitizers.py)

Result sanitization utilities:

from shieldmcp import ToolSanitizer

# Create a custom sanitizer
sanitizer = ToolSanitizer.createTextSanitizer(
    max_length=1000,
    sensitive_patterns=[r"\b\d{16}\b"]
)

# Use it directly
clean_text = sanitizer("Your text with sensitive data")

Rate Limiting (rate_limit.py)

Token bucket rate limiting:

from shieldmcp import RateLimitConfig

# Configure rate limits
config = RateLimitConfig(
    requests_per_minute=60,
    burst_size=10
)

Best Practices

Tool Access Control

  • Always define a whitelist of allowed tools
  • Use the most restrictive set of tools possible
  • Regularly review and update the whitelist

Result Sanitization

  • Sanitize all text output
  • Define patterns for sensitive data
  • Set reasonable length limits

Logging

  • Include user and session IDs when available
  • Log both successful and failed operations
  • Use structured logging for better analysis

Rate Limiting

  • Set appropriate limits based on tool complexity
  • Consider burst sizes for better user experience
  • Monitor rate limit hits in logs

Development

Setup Development Environment

# Clone the repository
git clone https://github.com/shieldmcp/shieldmcp.git
cd shieldmcp

# Create virtual environment
python -m venv venv
source venv/bin/activate  # or `venv\Scripts\activate` on Windows

# Install development dependencies
pip install -r requirements.txt

Running Tests

pytest tests/

Roadmap

Planned Features

  • Support for Clerk MCP and Github MCP
  • Extended documentation
  • TypeScript support

Acknowledgments


Feel free to make any inquiries.

相关推荐

  • https://suefel.com
  • Latest advice and best practices for custom GPT development.

  • Yusuf Emre Yeşilyurt
  • I find academic articles and books for research and literature reviews.

  • https://maiplestudio.com
  • Find Exhibitors, Speakers and more

  • Carlos Ferrin
  • Encuentra películas y series en plataformas de streaming.

  • Joshua Armstrong
  • Confidential guide on numerology and astrology, based of GG33 Public information

  • Contraband Interactive
  • Emulating Dr. Jordan B. Peterson's style in providing life advice and insights.

  • rustassistant.com
  • Your go-to expert in the Rust ecosystem, specializing in precise code interpretation, up-to-date crate version checking, and in-depth source code analysis. I offer accurate, context-aware insights for all your Rust programming questions.

  • Elijah Ng Shi Yi
  • Advanced software engineer GPT that excels through nailing the basics.

  • Emmet Halm
  • Converts Figma frames into front-end code for various mobile frameworks.

  • lumpenspace
  • Take an adjectivised noun, and create images making it progressively more adjective!

  • apappascs
  • Découvrez la collection la plus complète et la plus à jour de serveurs MCP sur le marché. Ce référentiel sert de centre centralisé, offrant un vaste catalogue de serveurs MCP open-source et propriétaires, avec des fonctionnalités, des liens de documentation et des contributeurs.

  • ShrimpingIt
  • Manipulation basée sur Micropython I2C de l'exposition GPIO de la série MCP, dérivée d'Adafruit_MCP230XX

  • modelcontextprotocol
  • Serveurs de protocole de contexte modèle

  • Mintplex-Labs
  • L'application tout-en-un desktop et Docker AI avec chiffon intégré, agents AI, constructeur d'agent sans code, compatibilité MCP, etc.

  • n8n-io
  • Plateforme d'automatisation de workflow à code équitable avec des capacités d'IA natives. Combinez le bâtiment visuel avec du code personnalisé, de l'auto-hôte ou du cloud, 400+ intégrations.

  • WangRongsheng
  • 🧑‍🚀 全世界最好的 LLM 资料总结 (数据处理、模型训练、模型部署、 O1 模型、 MCP 、小语言模型、视觉语言模型) | Résumé des meilleures ressources LLM du monde.

  • open-webui
  • Interface AI conviviale (prend en charge Olllama, Openai API, ...)

  • ravitemer
  • Un puissant plugin Neovim pour gérer les serveurs MCP (Protocole de contexte modèle)

  • metorial
  • Versions conteneurisées de centaines de serveurs MCP 📡 🧠 🧠

    Reviews

    4 (1)
    Avatar
    user_nA4yyF0o
    2025-04-18

    ShieldMCP is an essential tool for anyone working with MCP applications. It offers robust protection and seamless integration with your workflows, making it a must-have for developers. The interface is intuitive, and the setup process is straightforward. As a loyal MCP user, I highly recommend giving ShieldMCP a try! Check it out here: https://github.com/shieldmcp/shieldmcp.