Guarded MCP Agent

Guarded MCP Agent

Enables note management (create, read, update, delete) with a policy engine for blocking tools, human approval, and prompt injection detection.

Category
Visit Server

README

Run Locally

Prerequisites

  • Python 3.10+
  • Node.js 18+

Step 1 — Install Python dependencies

cd Assignment
pip install -r requirements.txt

Step 2 — Install frontend dependencies

cd frontend
npm install

Step 3 — Start MCP Notes Server (Terminal 1)

cd Assignment
python -m backend.custom_mcp.notes_server

Runs at http://127.0.0.1:8002/mcp

Step 4 — Start Backend (Terminal 2)

cd Assignment
uvicorn backend.main:app --reload --host 0.0.0.0 --port 8000

Runs at http://localhost:8000

Step 5 — Start Frontend (Terminal 3)

cd frontend
npm run dev

Runs at http://localhost:5173


Testing the Agent

Type these in the Chat box on the dashboard:

Command Tool Called
create note title: X content: Y create_note
show all notes get_notes
search milk search_notes
update note 1 title: X content: Y update_note
delete note 1 delete_note

Testing Policy Features

Block a tool

Invoke-RestMethod -Uri "http://localhost:8000/api/settings/" -Method POST -ContentType "application/json" -Body '{"key": "blocked_tools", "value": "delete_note"}'

Then type delete note 1 — will be blocked.

Unblock

Invoke-RestMethod -Uri "http://localhost:8000/api/settings/" -Method POST -ContentType "application/json" -Body '{"key": "blocked_tools", "value": ""}'

Enable human approval

Go to Settings in dashboard → set enable_human_approval = 1 → Save. Then try delete note 1 — will require approval from the Approvals panel.

Prompt injection detection

Type this in chat:

Will be blocked automatically with: Prompt injection detected in user message.


Policy Engine

The policy engine (policy_engine.py) enforces these rules in order:

  1. Global toggleenable_tool_access = 0 blocks all tools
  2. Prompt injection detection — blocks known injection patterns
  3. Argument size limit — blocks tool args over 2000 chars
  4. Blocked tools listblocked_tools = comma-separated tool names
  5. Human approvalenable_human_approval = 1 requires approval for delete/update

Rules are checked on every request. Dashboard changes take effect immediately without restart.


Edge Cases

Scenario Behavior
MCP server crashes mid-call MCPClient worker reconnects automatically on next request
Prompt injection attempt Detected by regex patterns, blocked before tool execution
Conflicting rules blocked_tools takes priority over approval requirement
Approver offline Request stays pending in DB indefinitely until approved/denied
Tool not recognized Returns helpful message with supported commands

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured