MCP Integration
Agntor acts as a secure proxy for the Model Context Protocol (MCP). This ensures that any tool your agent uses is audited before execution.
Overview
The Model Context Protocol allows AI agents to interact with external tools and data sources. However, without proper guardrails, this creates significant security risks:
- Data Exfiltration: Agents could leak sensitive data to unauthorized tools
- Prompt Injection: Malicious tool responses could hijack agent behavior
- Scope Creep: Agents might access tools beyond their intended purpose
Agntor’s MCP proxy solves these problems with real-time monitoring and policy enforcement.
Connecting an MCP Server
To protect your agent’s tools, wrap your MCP server in the Agntor Guardrail:
{
"mcpServers": {
"agntor-secure-proxy": {
"command": "npx",
"args": ["@agntor/mcp-proxy", "--server", "google-drive-mcp"],
"env": {
"AGNTOR_API_KEY": "your-api-key",
"AUDIT_LEVEL": "SOC2_STRICT",
"PII_REDACTION": "true"
}
}
}
}
When the agent attempts to access a file, Agntor scrubs for PII and checks against your compliance policy before the data reaches the LLM.
Configuration Options
| Option | Type | Description |
|---|
AUDIT_LEVEL | string | SOC2_STRICT, SOC2_STANDARD, or BASIC |
PII_REDACTION | boolean | Automatically redact detected PII |
ALLOWED_TOOLS | string[] | Whitelist of permitted tool names |
BLOCKED_DOMAINS | string[] | Domains the agent cannot access |
LOG_LEVEL | string | debug, info, warn, error |
Programmatic Configuration
For more control, configure the MCP proxy programmatically:
import { AgntorMCPProxy } from '@agntor/mcp-proxy';
const proxy = new AgntorMCPProxy({
apiKey: process.env.AGNTOR_API_KEY,
// Tool access control
allowedTools: ['read_file', 'search', 'calculate'],
blockedTools: ['delete_file', 'execute_command'],
// Data protection
piiRedaction: {
enabled: true,
patterns: ['email', 'phone', 'ssn', 'credit_card'],
replacement: '[REDACTED]'
},
// Injection protection
injectionDetection: {
enabled: true,
sensitivity: 'high',
onDetect: 'block' // or 'warn'
}
});
await proxy.start();
Real-Time Monitoring
Every tool call is logged and auditable:
// Subscribe to audit events
proxy.on('toolCall', (event) => {
console.log(`Tool: ${event.toolName}`);
console.log(`Status: ${event.status}`);
console.log(`PII Detected: ${event.piiDetected}`);
console.log(`Duration: ${event.durationMs}ms`);
});
proxy.on('blocked', (event) => {
console.warn(`Blocked: ${event.reason}`);
// Alert your security team
});
Next Steps
