safeguard-mcp

safeguard-mcp

Enables AI agents to scan, redact, and govern sensitive data before sending it to external tools through DLP, secure chat, and shadow AI discovery tools.

Category
Visit Server

README

SafeGuard MCP server (@the-safeguard-ai/mcp)

A Model Context Protocol server that exposes SafeGuard AI's DLP engine, Secure AI Gateway, and Shadow AI discovery as tools any MCP client (Claude Desktop, Cursor, Windsurf, Claude Code, …) can call. Speaks MCP over stdio.

The point: give an AI agent a governed way to handle and send data. Before an agent pastes a chunk of text into some external tool, it can dlp_scan it; to sanitize it, dlp_redact; to ask a model with policy + audit enforced, secure_chat.

Tools

Tool Needs token? What it does
dlp_scan no Detect PII/secrets in text; returns findings, counts by type, and whether it would be blocked. Local — no network, no tokens.
dlp_redact no Return a sanitized copy with [REDACTED:LABEL] placeholders. Local.
dlp_detectors no List the detector types SafeGuard recognizes (international by default). Local.
secure_chat yes Ask an LLM through the gateway — inbound redaction, org policy, routing (cloud/self-hosted), audit log. Returns the reply + redaction count.
shadow_ai_report yes Summarize which AI tools the org uses and what data was caught on each. Read-only.
list_policies yes List the org's active DLP policies as enforced by the gateway. Read-only.

The three local DLP tools mirror crates/dlp (the Rust source of truth) and run entirely in-process — no backend required.

Configuration (environment)

Var Default Purpose
SAFEGUARD_TOKEN (unset) Bearer token: a user JWT (sign in to SafeGuard) or an org API key (sg_…). Required by the gateway/governance tools.
SAFEGUARD_GATEWAY_URL http://localhost:8080 Secure AI Gateway base URL.
SAFEGUARD_CONTROL_PLANE_URL http://localhost:8081 Control-plane (governance API) base URL.
SAFEGUARD_MODEL gpt-4o-mini Default model id for secure_chat.
SAFEGUARD_DEFAULT_ACTION redact Default action for the local DLP tools.

Run

# from the repo root
bun run mcp
# or directly
bun run services/mcp/src/index.ts

stdout is reserved for the MCP protocol; logs go to stderr.

Add to an MCP client

Claude Desktop / Cursor / Windsurf (mcpServers config):

{
  "mcpServers": {
    "safeguard": {
      "command": "bun",
      "args": ["run", "/absolute/path/to/safeguard-ai/services/mcp/src/index.ts"],
      "env": {
        "SAFEGUARD_TOKEN": "<your JWT or sg_… API key>",
        "SAFEGUARD_GATEWAY_URL": "http://localhost:8080",
        "SAFEGUARD_CONTROL_PLANE_URL": "http://localhost:8081"
      }
    }
  }
}

Claude Code:

claude mcp add safeguard --env SAFEGUARD_TOKEN=<token> \
  -- bun run /absolute/path/to/safeguard-ai/services/mcp/src/index.ts

Without SAFEGUARD_TOKEN the local DLP tools still work; the gateway and governance tools return a clear "set SAFEGUARD_TOKEN" message.

Typecheck

bun run typecheck

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured