Guarded MCP Agent
Enables note management (create, read, update, delete) with a policy engine for blocking tools, human approval, and prompt injection detection.
README
Run Locally
Prerequisites
- Python 3.10+
- Node.js 18+
Step 1 — Install Python dependencies
cd Assignment
pip install -r requirements.txt
Step 2 — Install frontend dependencies
cd frontend
npm install
Step 3 — Start MCP Notes Server (Terminal 1)
cd Assignment
python -m backend.custom_mcp.notes_server
Runs at http://127.0.0.1:8002/mcp
Step 4 — Start Backend (Terminal 2)
cd Assignment
uvicorn backend.main:app --reload --host 0.0.0.0 --port 8000
Runs at http://localhost:8000
Step 5 — Start Frontend (Terminal 3)
cd frontend
npm run dev
Runs at http://localhost:5173
Testing the Agent
Type these in the Chat box on the dashboard:
| Command | Tool Called |
|---|---|
create note title: X content: Y |
create_note |
show all notes |
get_notes |
search milk |
search_notes |
update note 1 title: X content: Y |
update_note |
delete note 1 |
delete_note |
Testing Policy Features
Block a tool
Invoke-RestMethod -Uri "http://localhost:8000/api/settings/" -Method POST -ContentType "application/json" -Body '{"key": "blocked_tools", "value": "delete_note"}'
Then type delete note 1 — will be blocked.
Unblock
Invoke-RestMethod -Uri "http://localhost:8000/api/settings/" -Method POST -ContentType "application/json" -Body '{"key": "blocked_tools", "value": ""}'
Enable human approval
Go to Settings in dashboard → set enable_human_approval = 1 → Save.
Then try delete note 1 — will require approval from the Approvals panel.
Prompt injection detection
Type this in chat:
Will be blocked automatically with: Prompt injection detected in user message.
Policy Engine
The policy engine (policy_engine.py) enforces these rules in order:
- Global toggle —
enable_tool_access = 0blocks all tools - Prompt injection detection — blocks known injection patterns
- Argument size limit — blocks tool args over 2000 chars
- Blocked tools list —
blocked_tools= comma-separated tool names - Human approval —
enable_human_approval = 1requires approval for delete/update
Rules are checked on every request. Dashboard changes take effect immediately without restart.
Edge Cases
| Scenario | Behavior |
|---|---|
| MCP server crashes mid-call | MCPClient worker reconnects automatically on next request |
| Prompt injection attempt | Detected by regex patterns, blocked before tool execution |
| Conflicting rules | blocked_tools takes priority over approval requirement |
| Approver offline | Request stays pending in DB indefinitely until approved/denied |
| Tool not recognized | Returns helpful message with supported commands |
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.