permission-protocol/mcp-guard
MCP middleware that blocks dangerous AI agent actions using a simple YAML config
Platform-specific configuration:
{
"mcpServers": {
"mcp-guard": {
"command": "npx",
"args": [
"-y",
"mcp-guard"
]
}
}
}Add the config above to .claude/settings.json under the mcpServers key.
Stop your AI agents from doing dangerous things.
MCP (Model Context Protocol) is how AI agents call tools — like APIs, databases, or deployments. MCP has no built-in access control. MCP Guard adds that layer.
Define what's allowed, blocked, or requires approval — in a single YAML file. MCP Guard sits between your MCP client and server, enforces the rules, and logs every decision as an audit receipt.
Without MCP Guard, your agent can call any tool. With it, every action is checked. MCP Guard does not just log — it blocks execution before it happens.
→ Blocks unsafe tool calls before they execute → Holds sensitive actions for human approval → Logs every decision as an immutable receipt → Observe mode — audit what would be blocked before enforcing
<p align="center"> </p>
# Install
npm install @permissionprotocol/mcp-guard
# Create a policy file
cat > pp.config.yaml << 'EOF'
default_action: allow
rules:
- id: block-delete
tool: delete_user_data
action: block
- id: hold-deploy
tool: deploy_production
action: require_approval
EOF
# Run your MCP server through the guard
mcp-guard --config pp.config.yaml -- node my-mcp-server.jsThat's it. Your agent can no longer delete user data. Production deploys require approval. Everything is logged to pp-receipts.jsonl.
git clone https://github.com/permission-protocol/mcp-guard
cd mcp-guard
npm install
npm run demoSends three tool calls through the guard and shows: one allowed, one blocked, one held. No setup required.
┌────────────┐ stdio ┌─────────────┐ stdio ┌────────────┐
│ MCP Client│ ──────────────▶│ MCP Guard │──────────────▶ │ MCP Server │
│ (Claude, │ │ (proxy) │ │ (your app) │
│ CursoLoading reviews...