safeguard-mcp
Enables AI agents to scan, redact, and govern sensitive data before sending it to external tools through DLP, secure chat, and shadow AI discovery tools.
README
SafeGuard MCP server (@the-safeguard-ai/mcp)
A Model Context Protocol server that exposes SafeGuard AI's DLP engine, Secure AI Gateway, and Shadow AI discovery as tools any MCP client (Claude Desktop, Cursor, Windsurf, Claude Code, …) can call. Speaks MCP over stdio.
The point: give an AI agent a governed way to handle and send data. Before an
agent pastes a chunk of text into some external tool, it can dlp_scan it; to
sanitize it, dlp_redact; to ask a model with policy + audit enforced, secure_chat.
Tools
| Tool | Needs token? | What it does |
|---|---|---|
dlp_scan |
no | Detect PII/secrets in text; returns findings, counts by type, and whether it would be blocked. Local — no network, no tokens. |
dlp_redact |
no | Return a sanitized copy with [REDACTED:LABEL] placeholders. Local. |
dlp_detectors |
no | List the detector types SafeGuard recognizes (international by default). Local. |
secure_chat |
yes | Ask an LLM through the gateway — inbound redaction, org policy, routing (cloud/self-hosted), audit log. Returns the reply + redaction count. |
shadow_ai_report |
yes | Summarize which AI tools the org uses and what data was caught on each. Read-only. |
list_policies |
yes | List the org's active DLP policies as enforced by the gateway. Read-only. |
The three local DLP tools mirror crates/dlp (the Rust source of truth) and run
entirely in-process — no backend required.
Configuration (environment)
| Var | Default | Purpose |
|---|---|---|
SAFEGUARD_TOKEN |
(unset) | Bearer token: a user JWT (sign in to SafeGuard) or an org API key (sg_…). Required by the gateway/governance tools. |
SAFEGUARD_GATEWAY_URL |
http://localhost:8080 |
Secure AI Gateway base URL. |
SAFEGUARD_CONTROL_PLANE_URL |
http://localhost:8081 |
Control-plane (governance API) base URL. |
SAFEGUARD_MODEL |
gpt-4o-mini |
Default model id for secure_chat. |
SAFEGUARD_DEFAULT_ACTION |
redact |
Default action for the local DLP tools. |
Run
# from the repo root
bun run mcp
# or directly
bun run services/mcp/src/index.ts
stdout is reserved for the MCP protocol; logs go to stderr.
Add to an MCP client
Claude Desktop / Cursor / Windsurf (mcpServers config):
{
"mcpServers": {
"safeguard": {
"command": "bun",
"args": ["run", "/absolute/path/to/safeguard-ai/services/mcp/src/index.ts"],
"env": {
"SAFEGUARD_TOKEN": "<your JWT or sg_… API key>",
"SAFEGUARD_GATEWAY_URL": "http://localhost:8080",
"SAFEGUARD_CONTROL_PLANE_URL": "http://localhost:8081"
}
}
}
}
Claude Code:
claude mcp add safeguard --env SAFEGUARD_TOKEN=<token> \
-- bun run /absolute/path/to/safeguard-ai/services/mcp/src/index.ts
Without SAFEGUARD_TOKEN the local DLP tools still work; the gateway and
governance tools return a clear "set SAFEGUARD_TOKEN" message.
Typecheck
bun run typecheck
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.