Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Tool Gateway

БесплатноНе проверен

A secure tool-execution plane for agentic AI that enforces JWT authentication, rate limiting, prompt-injection inspection, and audit logging, while ingesting do

GitHubEmbed

Описание

A secure tool-execution plane for agentic AI that enforces JWT authentication, rate limiting, prompt-injection inspection, and audit logging, while ingesting downstream OpenAPI endpoints as MCP tools.

README

A secure tool-execution plane for agentic AI — an MCP-style tool server fronted by a gateway that enforces identity (JWT + scopes), quota (token-bucket rate limiting), and safety (prompt-injection inspection), ingests downstream APIs from OpenAPI, and writes a structured audit log. Pure Python, zero dependencies.

Mirrors the secure agent tool-execution plane I run in production (MCP / OpenAPI behind API governance, JWT validation, Entra-style scope propagation, and prompt inspection) — the controls that let agentic systems clear banking compliance audits.

Request lifecycle

 agent tool call ─▶ ┌──────────────────────── SecureToolGateway ───────────────────────┐
   (+ JWT)          │ 1 authenticate (HS256 verify, exp)                                │
                    │ 2 rate limit  (per-principal token bucket)                        │
                    │ 3 authorize   (tool.required_scope ∈ principal.scopes)            │
                    │ 4 inspect IN  (prompt-injection / exfiltration / cmd-injection)   │
                    │ 5 execute     (MCP server: tools/list · tools/call)               │
                    │ 6 inspect OUT + audit log                                         │
                    └──────────────────────────────────────────────────────────────────┘

Components

Module Responsibility
jwt_auth HS256 JWT encode/verify (from scratch), exp check, Principal with scope helpers
rate_limit TokenBucket + per-principal RateLimiter
inspection Rule-based Inspector (instruction-override, exfiltration, command-injection, role-spoofing) with severity-based blocking
mcp MCPServer implementing tools/list and tools/call over JSON-RPC
openapi tools_from_openapi — auto-register downstream API operations as MCP tools
audit Append-only structured AuditLog
gateway SecureToolGateway wiring auth → quota → authz → inspection → execute → audit

Quickstart

python examples/run_gateway.py

Output demonstrates: an authorized call, a missing-scope rejection, a blocked prompt-injection payload, an invalid token, and the populated audit trail.

from mcp_gateway import MCPServer, MCPTool, SecureToolGateway, encode

server = MCPServer()
server.register(MCPTool("get_trade_status", "...", schema,
                        handler=lambda trade_id: "ACK", required_scope="trades:read"))
gw = SecureToolGateway(server=server, secret="...")

token = encode({"sub": "agent-1", "scopes": ["trades:read"]}, "...")
gw.handle({"id": 1, "method": "tools/call",
           "params": {"name": "get_trade_status", "arguments": {"trade_id": "T-1"}}}, token)

Security properties

  • Fail-closed: missing scope, bad signature, expired token, or a high-severity finding all reject before the tool ever executes.
  • Defense in depth: inputs and outputs are inspected; everything is audited.
  • Least privilege: per-tool required_scope, per-principal quota.

Tests

pip install pytest && pytest -q

Covers JWT round-trip + tamper detection, scope enforcement, injection blocking, rate limiting, and inspector severity.

Tech

Python 3.10+ · stdlib only (optional: pytest)

from github.com/chandanCoding/mcp-tool-gateway

Установка Tool Gateway

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/chandanCoding/mcp-tool-gateway

FAQ

Tool Gateway MCP бесплатный?

Да, Tool Gateway MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Tool Gateway?

Нет, Tool Gateway работает без API-ключей и переменных окружения.

Tool Gateway — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить Tool Gateway в Claude Desktop, Claude Code или Cursor?

Открой Tool Gateway на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Tool Gateway with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai