npm - @aiclude/mcp-guard - Versions diffs - 0.2.1 → 0.2.3 - Mend

@aiclude/mcp-guard 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +41 -31
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -19,7 +19,7 @@ In 2026, **MCP (Model Context Protocol)** has become the de facto standard for A
 - **92% exploit probability** with just 10 MCP plugins installed ([VentureBeat](https://venturebeat.com))
 - **OWASP MCP Top 10** published — Tool Poisoning, Prompt Injection, Context Spoofing confirmed as real attack vectors
-Existing security tools (WAF, SAST, DAST) don't operate at the MCP protocol level. Attacks happening inside **JSON-RPC message streams** over stdio pipes or SSE are invisible to traditional security tools.
+Existing security tools (WAF, SAST, DAST) don't understand MCP protocol semantics. A WAF can see HTTP requests, but it cannot detect MCP-specific attacks like zero-width character hiding in tool descriptions, tool name spoofing, or prompt injection embedded in tool definitions. In stdio mode, traffic doesn't even use HTTP — it's completely off the radar.
 > **MCP Guard** inspects all messages in real-time and **blocks dangerous tool calls before they reach the server**.
@@ -75,6 +75,25 @@ Add to `.cursor/mcp.json`:
 }
 ```
+### Claude Code (CLI) Integration
+```bash
+claude mcp add my-server-guarded -- npx -y @aiclude/mcp-guard -- npx -y @some/mcp-server
+```
+Or edit `~/.claude/claude_code_config.json` directly:
+```json
+{
+  "mcpServers": {
+    "fetch-guarded": {
+      "command": "npx",
+      "args": ["-y", "@aiclude/mcp-guard", "--", "npx", "-y", "@modelcontextprotocol/server-fetch"]
+    }
+  }
+}
+```
 ---
 ## Key Features
@@ -106,24 +125,21 @@ Works out of the box with built-in default policies. Customize with YAML policy
 ## Protection Coverage
-```
-+---------------------+-----------------------+-----------------------+
-|  Tool Definitions   |  Tool Call Arguments  |  Tool Responses       |
-|  (server -> client) |  (client -> server)   |  (server -> client)   |
-+---------------------+-----------------------+-----------------------+
-| Zero-width chars    | SQL Injection         | Credential exposure   |
-| Prompt injection    | Command Injection     | System path leaks     |
-| Homoglyph spoofing  | Path Traversal        | Stack trace exposure  |
-| HTML comment hiding | XSS                   | Command exec evidence |
-| Base64 encoding     | Template Injection    | Template injection    |
-| Name shadowing      | Prompt injection      | Credential leaks      |
-| Multilingual inject | Multilingual inject   |                       |
-| Agent manipulation  | Zero-width hiding     |                       |
-| InputSchema checks  |                       |                       |
-+---------------------+-----------------------+-----------------------+
-  CWE: CWE-22, CWE-78, CWE-79, CWE-89, CWE-94, CWE-200, CWE-209
-  OWASP MCP Top 10: Tool Poisoning, Prompt Injection, and more
-```
+| Tool Definitions (server → client) | Tool Call Arguments (client → server) | Tool Responses (server → client) |
+|:-----------------------------------|:--------------------------------------|:---------------------------------|
+| Zero-width steganography | SQL Injection | Credential exposure |
+| Prompt injection phrases | Command Injection | System path leaks |
+| Homoglyph spoofing | Path Traversal | Stack trace exposure |
+| HTML comment hiding | XSS | Command exec evidence |
+| Base64 encoding hiding | Template Injection | Template injection results |
+| Name shadowing | Prompt injection | Credential leaks |
+| Multilingual injection | Multilingual injection | |
+| Agent manipulation patterns | Zero-width char hiding | |
+| InputSchema validation | | |
+**CWE Coverage:** CWE-22, CWE-78, CWE-79, CWE-89, CWE-94, CWE-200, CWE-209
+**OWASP MCP Top 10:** Tool Poisoning, Prompt Injection, and more
 ---
@@ -133,21 +149,15 @@ MCP Guard operates as a **transparent proxy** between client and server.
 ### stdio Mode
-```
-MCP Client ──stdio──> MCP Guard ──stdio──> MCP Server
-           <──stdio──  (Proxy)  <──stdio──  (Local)
-                          |
-                     Rule Engine
-```
+> **MCP Client** → *stdio* → **MCP Guard (Proxy)** → *stdio* → **MCP Server (Local)**
+>
+> All messages pass through the **Rule Engine** for real-time inspection.
 ### HTTP Mode
-```
-MCP Client ──HTTP──> MCP Guard ──HTTP──> MCP Server
-           <──SSE──  (:9090)   <──SSE──  (Remote)
-                        |
-                   Rule Engine
-```
+> **MCP Client** → *HTTP POST* → **MCP Guard (:9090)** → *HTTP POST* → **MCP Server (Remote)**
+>
+> Responses (JSON or SSE stream) are inspected before forwarding back to the client.
 **Default behavior: Fail-Close.** If the policy engine errors, all traffic is blocked for safety.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aiclude/mcp-guard",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "description": "MCP runtime security proxy — intercepts and enforces security policies on MCP tool calls",
   "type": "module",
   "main": "./dist/index.js",