The open-source security firewall for AI agents
AI agents (Claude Desktop, Cursor, VS Code Copilot) now have direct access to your filesystem, databases, APIs, and shell via MCP. A single prompt injection can exfiltrate your SSH keys, credentials, or production data. There's no firewall for this.
50+ patterns catch prompt injection attempts in tool arguments before they reach the server.
Blocks access to cloud metadata endpoints (169.254.169.254), private IPs, and dangerous URL schemes.
18 patterns detect and redact AWS keys, GitHub tokens, private keys, DB URLs, JWTs in tool responses.
7 patterns redact emails, phone numbers, credit cards, IBANs, Swiss AHV numbers from responses.
YAML policies with per-agent RBAC. Define who can use which tools with what arguments.
Detects dangerous tool chains (read_file + http_post = exfiltration) across multiple calls.
Ed25519 signed entries with hash chain integrity. Tamper-evident, compliance-ready.
FastAPI + HTMX dashboard on :9090. See blocked attacks, policies, and audit events live.
Generate DORA Art. 9+11, FINMA, and SOC 2 Type II (CC6/CC7/CC8) reports from audit data.
Webhook, Slack (Block Kit), and Syslog/CEF alerting. Integrate with any SIEM.
Use the pipeline from any Python app. Works with OpenClaw, LangChain, CrewAI, AutoGen.
Emergency shutdown. Block all tool calls instantly via file trigger or API.
# Install
pip install mcp-firewall
# Wrap any MCP server
mcp-firewall wrap -- npx @modelcontextprotocol/server-filesystem /tmp
# With dashboard
mcp-firewall wrap --dashboard -- npx @modelcontextprotocol/server-filesystem /tmp
# Claude Desktop (claude_desktop_config.json)
{
"mcpServers": {
"filesystem": {
"command": "mcp-firewall",
"args": ["wrap", "--", "npx", "@modelcontextprotocol/server-filesystem", "/tmp"]
}
}
}Pre-deployment security scanner for MCP servers. 10 vulnerability checks.
Scan with mcpwn, protect with mcp-firewall.
pip install mcpwn