langprotect-mcp-gateway 1.2.5__tar.gz → 1.3.0__tar.gz

{langprotect_mcp_gateway-1.2.5 → langprotect_mcp_gateway-1.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: langprotect-mcp-gateway
-Version: 1.2.5
+Version: 1.3.0
 Summary: Security gateway for Model Context Protocol (MCP) to protect AI tool interactions
 Author-email: LangProtect Security Team <security@langprotect.com>
 License: MIT
@@ -32,134 +32,150 @@ Dynamic: license-file
 
 [![PyPI version](https://badge.fury.io/py/langprotect-mcp-gateway.svg)](https://pypi.org/project/langprotect-mcp-gateway/)
 
-## Features
-
-✅ **Automatic Threat Detection** - Scans all MCP requests for security risks  
-✅ **Access Control** - Whitelist/blacklist MCP servers and tools  
-✅ **Full Audit Trail** - Logs all AI interactions for compliance  
-✅ **IDE Support** - Works with VS Code, Cursor, and all MCP-compatible IDEs  
-✅ **Easy Setup** - 30-second installation
-✅ **Fail-Open Design** - Won't block your workflow if backend is unavailable
-
-## Quick Start
+## 🆕 What's New in v1.3.0
 
-### Installation
+### Layer 2: Output Scanning 🔍
+- **Automatic secret masking** in AI-generated responses
+- **30+ secret types detected**: AWS, Google Cloud, Azure, Stripe, GitHub, JWTs, DB credentials, private keys
+- **Non-blocking warnings** - never interrupts workflow
+- **Preserves structure** - masks secrets while keeping code/content readable
 
-The gateway runs as a global CLI tool. Choose your platform:
+### Enhanced Security Controls 🔐
+- **Fail-closed mode** - Block requests on scan failures (optional)
+- **Configurable timeouts** - Control scan performance
+- **High-entropy detection** - Catch unknown secret formats
 
-#### Linux (Debian/Ubuntu) - Recommended: pipx
+### Example
 
+**Before** (v1.2.6):
 ```bash
-# Install pipx (one time)
-sudo apt install pipx -y
-pipx ensurepath
+AI: Here's your AWS deployment script:
+export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
+export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG..."
+```
 
-# Install the gateway
-pipx install langprotect-mcp-gateway
+**After** (v1.3.0):
+```bash
+AI: Here's your AWS deployment script:
+export AWS_ACCESS_KEY_ID="<REDACTED:AWS_ACCESS_KEY:1a5d44a2>"
+export AWS_SECRET_ACCESS_KEY="<REDACTED:AWS_SECRET_KEY:73ec276f>"
 ```
+✅ **Secrets masked** | 🔒 **Code structure preserved** | 📝 **Audit trail maintained**
 
-#### macOS - Recommended: pipx
+---
 
-```bash
-# Install pipx via Homebrew
-brew install pipx
-pipx ensurepath
+## Features
 
-# Install the gateway
-pipx install langprotect-mcp-gateway
-```
+✅ **Two-Layer Protection**
+- **Layer 1 (Input)**: Blocks dangerous requests before sending to MCP server
+- **Layer 2 (Output)**: Masks secrets in AI responses
 
-#### Windows
+✅ **Automatic Threat Detection** - Scans all MCP requests for security risks  
+✅ **Access Control** - Whitelist/blacklist MCP servers and tools  
+✅ **Full Audit Trail** - Logs all AI interactions for compliance  
+✅ **IDE Support** - Works with VS Code, Cursor, and all MCP-compatible IDEs  
+✅ **Easy Setup** - 30-second installation
+✅ **Fail-Open Design** - Won't block your workflow if backend is unavailable
 
-```bash
-# Option 1: pipx (recommended)
-pip install pipx
-pipx install langprotect-mcp-gateway
+## Quick Start
 
-# Option 2: User install
-pip install --user langprotect-mcp-gateway
-```
+### 1. Installation
 
-#### Verify Installation
+The gateway runs as a global CLI tool. We recommend using `pipx` to manage the installation.
 
 ```bash
-which langprotect-gateway   # Should show: ~/.local/bin/langprotect-gateway
-langprotect-gateway --help  # Should show usage info
+# Recommended: Install via pipx
+pipx install langprotect-mcp-gateway
 ```
 
-#### Automatic Setup (Recommended)
+### 2. Automatic Setup (Recommended) 🚀
 
-Run the setup command to automatically configure VS Code:
+Run our automated setup command to configure VS Code, Cursor, or Claude Desktop for all workspaces:
 
 ```bash
 langprotect-gateway-setup
 ```
 
 This will:
-- ✅ Create a global wrapper script
+- ✅ Create a global wrapper script at `~/.local/bin/langprotect-mcp-wrapper.sh`
 - ✅ Configure VS Code for global visibility in ALL workspaces
-- ✅ Sync with Claude Desktop config for high compatibility
-- ✅ Enable auto-start
+- ✅ Enable auto-start for seamless protection
+
+### 3. Configure Your Credentials
 
-Then edit the wrapper script to add your credentials:
+Edit the generated wrapper script to add your LangProtect email and password:
 
 ```bash
 # Linux/macOS
 nano ~/.local/bin/langprotect-mcp-wrapper.sh
 
 # Update these lines:
-export LANGPROTECT_URL="http://localhost:8000"
+export LANGPROTECT_URL="https://your-backend.com"  # e.g. http://localhost:8000
 export LANGPROTECT_EMAIL="your.email@company.com"
 export LANGPROTECT_PASSWORD="your-password"
 ```
 
-Reload VS Code and you're done! LangProtect will protect all your workspaces.
+Reload VS Code and you're done! LangProtect will now protect all your workspaces.
 
-### VS Code Setup (Recommended - No Wrapper Script!)
+---
 
-**Step 1:** Add this to your `.vscode/mcp.json`:
+## ⚙️ Configuration Options (v1.3.0+)
 
-```json
-{
-  "servers": {
-    "langprotect-gateway": {
-      "type": "stdio",
-      "command": "langprotect-gateway",
-      "args": ["--mcp-json-path", "${workspaceFolder}/.vscode/mcp.json"],
-      "env": {
-        "LANGPROTECT_URL": "http://localhost:8000",
-        "LANGPROTECT_EMAIL": "your.email@company.com",
-        "LANGPROTECT_PASSWORD": "your-password"
-      },
-      "servers": {
-        "filesystem": {
-          "command": "npx",
-          "args": ["-y", "@modelcontextprotocol/server-filesystem", "."]
-        }
-      }
-    }
-  }
-}
+Configure security behavior with environment variables in your wrapper script:
+
+```bash
+# Security Controls
+export LANGPROTECT_ENABLE_MASKING=true      # Enable output masking (default: true)
+export LANGPROTECT_FAIL_CLOSED=false        # Block on scan errors (default: false = fail-open)
+export LANGPROTECT_SCAN_TIMEOUT=5.0         # Scan timeout in seconds (default: 5.0)
+export LANGPROTECT_ENTROPY_DETECTION=true   # Detect unknown secrets via entropy (default: true)
+
+# Backend Connection
+export LANGPROTECT_URL="http://localhost:8000"
+export LANGPROTECT_EMAIL="your.email@company.com"
+export LANGPROTECT_PASSWORD="your-password"
 ```
 
-**Step 2 (Optional):** Enable auto-start in `.vscode/settings.json`:
+### Security Modes
 
-```json
-{
-  "chat.mcp.autostart": "newAndOutdated"
-}
+**Fail-Open (Default)** - Recommended for development:
+```bash
+export LANGPROTECT_FAIL_CLOSED=false
+```
+- If scan times out or fails → **Allow request** (log warning)
+- Won't block your workflow
+- Best for development environments
+
+**Fail-Closed** - Recommended for production:
+```bash
+export LANGPROTECT_FAIL_CLOSED=true
+```
+- If scan times out or fails → **Block request**
+- Maximum security
+- Best for production/sensitive environments
+
+### Output Masking
+
+Control how AI-generated secrets are handled:
+
+```bash
+# Enable masking (default)
+export LANGPROTECT_ENABLE_MASKING=true
+
+# Disable masking (see secrets in plain text - not recommended)
+export LANGPROTECT_ENABLE_MASKING=false
 ```
 
-This makes VS Code automatically start the gateway when you open the workspace!
+**Masked format**: `<REDACTED:SECRET_TYPE:hash>`
+- Example: `<REDACTED:AWS_ACCESS_KEY:1a5d44a2>`
+- Hash allows deduplication across logs
+- Preserves code structure
 
-That's it! VS Code will:
-1. Start the gateway with your credentials (automatically if autostart is enabled)
-2. Gateway reads the `servers` section and proxies those MCP servers
-3. All tool calls get logged to LangProtect
+---
 
-### Alternative: Wrapper Script Setup
+## 🏗️ Manual Setup (Per-Workspace)
 
-If you prefer using a wrapper script (useful for shared configs):
+If you prefer to enable LangProtect only for a specific project, you can use a local `.vscode/mcp.json` file.
 
 1. Create a wrapper script (e.g., `langprotect-wrapper.sh`):
 

{langprotect_mcp_gateway-1.2.5 → langprotect_mcp_gateway-1.3.0}/README.md

@@ -4,134 +4,150 @@
 
 [![PyPI version](https://badge.fury.io/py/langprotect-mcp-gateway.svg)](https://pypi.org/project/langprotect-mcp-gateway/)
 
-## Features
-
-✅ **Automatic Threat Detection** - Scans all MCP requests for security risks  
-✅ **Access Control** - Whitelist/blacklist MCP servers and tools  
-✅ **Full Audit Trail** - Logs all AI interactions for compliance  
-✅ **IDE Support** - Works with VS Code, Cursor, and all MCP-compatible IDEs  
-✅ **Easy Setup** - 30-second installation
-✅ **Fail-Open Design** - Won't block your workflow if backend is unavailable
-
-## Quick Start
+## 🆕 What's New in v1.3.0
 
-### Installation
+### Layer 2: Output Scanning 🔍
+- **Automatic secret masking** in AI-generated responses
+- **30+ secret types detected**: AWS, Google Cloud, Azure, Stripe, GitHub, JWTs, DB credentials, private keys
+- **Non-blocking warnings** - never interrupts workflow
+- **Preserves structure** - masks secrets while keeping code/content readable
 
-The gateway runs as a global CLI tool. Choose your platform:
+### Enhanced Security Controls 🔐
+- **Fail-closed mode** - Block requests on scan failures (optional)
+- **Configurable timeouts** - Control scan performance
+- **High-entropy detection** - Catch unknown secret formats
 
-#### Linux (Debian/Ubuntu) - Recommended: pipx
+### Example
 
+**Before** (v1.2.6):
 ```bash
-# Install pipx (one time)
-sudo apt install pipx -y
-pipx ensurepath
+AI: Here's your AWS deployment script:
+export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
+export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG..."
+```
 
-# Install the gateway
-pipx install langprotect-mcp-gateway
+**After** (v1.3.0):
+```bash
+AI: Here's your AWS deployment script:
+export AWS_ACCESS_KEY_ID="<REDACTED:AWS_ACCESS_KEY:1a5d44a2>"
+export AWS_SECRET_ACCESS_KEY="<REDACTED:AWS_SECRET_KEY:73ec276f>"
 ```
+✅ **Secrets masked** | 🔒 **Code structure preserved** | 📝 **Audit trail maintained**
 
-#### macOS - Recommended: pipx
+---
 
-```bash
-# Install pipx via Homebrew
-brew install pipx
-pipx ensurepath
+## Features
 
-# Install the gateway
-pipx install langprotect-mcp-gateway
-```
+✅ **Two-Layer Protection**
+- **Layer 1 (Input)**: Blocks dangerous requests before sending to MCP server
+- **Layer 2 (Output)**: Masks secrets in AI responses
 
-#### Windows
+✅ **Automatic Threat Detection** - Scans all MCP requests for security risks  
+✅ **Access Control** - Whitelist/blacklist MCP servers and tools  
+✅ **Full Audit Trail** - Logs all AI interactions for compliance  
+✅ **IDE Support** - Works with VS Code, Cursor, and all MCP-compatible IDEs  
+✅ **Easy Setup** - 30-second installation
+✅ **Fail-Open Design** - Won't block your workflow if backend is unavailable
 
-```bash
-# Option 1: pipx (recommended)
-pip install pipx
-pipx install langprotect-mcp-gateway
+## Quick Start
 
-# Option 2: User install
-pip install --user langprotect-mcp-gateway
-```
+### 1. Installation
 
-#### Verify Installation
+The gateway runs as a global CLI tool. We recommend using `pipx` to manage the installation.
 
 ```bash
-which langprotect-gateway   # Should show: ~/.local/bin/langprotect-gateway
-langprotect-gateway --help  # Should show usage info
+# Recommended: Install via pipx
+pipx install langprotect-mcp-gateway
 ```
 
-#### Automatic Setup (Recommended)
+### 2. Automatic Setup (Recommended) 🚀
 
-Run the setup command to automatically configure VS Code:
+Run our automated setup command to configure VS Code, Cursor, or Claude Desktop for all workspaces:
 
 ```bash
 langprotect-gateway-setup
 ```
 
 This will:
-- ✅ Create a global wrapper script
+- ✅ Create a global wrapper script at `~/.local/bin/langprotect-mcp-wrapper.sh`
 - ✅ Configure VS Code for global visibility in ALL workspaces
-- ✅ Sync with Claude Desktop config for high compatibility
-- ✅ Enable auto-start
+- ✅ Enable auto-start for seamless protection
+
+### 3. Configure Your Credentials
 
-Then edit the wrapper script to add your credentials:
+Edit the generated wrapper script to add your LangProtect email and password:
 
 ```bash
 # Linux/macOS
 nano ~/.local/bin/langprotect-mcp-wrapper.sh
 
 # Update these lines:
-export LANGPROTECT_URL="http://localhost:8000"
+export LANGPROTECT_URL="https://your-backend.com"  # e.g. http://localhost:8000
 export LANGPROTECT_EMAIL="your.email@company.com"
 export LANGPROTECT_PASSWORD="your-password"
 ```
 
-Reload VS Code and you're done! LangProtect will protect all your workspaces.
+Reload VS Code and you're done! LangProtect will now protect all your workspaces.
 
-### VS Code Setup (Recommended - No Wrapper Script!)
+---
 
-**Step 1:** Add this to your `.vscode/mcp.json`:
+## ⚙️ Configuration Options (v1.3.0+)
 
-```json
-{
-  "servers": {
-    "langprotect-gateway": {
-      "type": "stdio",
-      "command": "langprotect-gateway",
-      "args": ["--mcp-json-path", "${workspaceFolder}/.vscode/mcp.json"],
-      "env": {
-        "LANGPROTECT_URL": "http://localhost:8000",
-        "LANGPROTECT_EMAIL": "your.email@company.com",
-        "LANGPROTECT_PASSWORD": "your-password"
-      },
-      "servers": {
-        "filesystem": {
-          "command": "npx",
-          "args": ["-y", "@modelcontextprotocol/server-filesystem", "."]
-        }
-      }
-    }
-  }
-}
+Configure security behavior with environment variables in your wrapper script:
+
+```bash
+# Security Controls
+export LANGPROTECT_ENABLE_MASKING=true      # Enable output masking (default: true)
+export LANGPROTECT_FAIL_CLOSED=false        # Block on scan errors (default: false = fail-open)
+export LANGPROTECT_SCAN_TIMEOUT=5.0         # Scan timeout in seconds (default: 5.0)
+export LANGPROTECT_ENTROPY_DETECTION=true   # Detect unknown secrets via entropy (default: true)
+
+# Backend Connection
+export LANGPROTECT_URL="http://localhost:8000"
+export LANGPROTECT_EMAIL="your.email@company.com"
+export LANGPROTECT_PASSWORD="your-password"
 ```
 
-**Step 2 (Optional):** Enable auto-start in `.vscode/settings.json`:
+### Security Modes
 
-```json
-{
-  "chat.mcp.autostart": "newAndOutdated"
-}
+**Fail-Open (Default)** - Recommended for development:
+```bash
+export LANGPROTECT_FAIL_CLOSED=false
+```
+- If scan times out or fails → **Allow request** (log warning)
+- Won't block your workflow
+- Best for development environments
+
+**Fail-Closed** - Recommended for production:
+```bash
+export LANGPROTECT_FAIL_CLOSED=true
+```
+- If scan times out or fails → **Block request**
+- Maximum security
+- Best for production/sensitive environments
+
+### Output Masking
+
+Control how AI-generated secrets are handled:
+
+```bash
+# Enable masking (default)
+export LANGPROTECT_ENABLE_MASKING=true
+
+# Disable masking (see secrets in plain text - not recommended)
+export LANGPROTECT_ENABLE_MASKING=false
 ```
 
-This makes VS Code automatically start the gateway when you open the workspace!
+**Masked format**: `<REDACTED:SECRET_TYPE:hash>`
+- Example: `<REDACTED:AWS_ACCESS_KEY:1a5d44a2>`
+- Hash allows deduplication across logs
+- Preserves code structure
 
-That's it! VS Code will:
-1. Start the gateway with your credentials (automatically if autostart is enabled)
-2. Gateway reads the `servers` section and proxies those MCP servers
-3. All tool calls get logged to LangProtect
+---
 
-### Alternative: Wrapper Script Setup
+## 🏗️ Manual Setup (Per-Workspace)
 
-If you prefer using a wrapper script (useful for shared configs):
+If you prefer to enable LangProtect only for a specific project, you can use a local `.vscode/mcp.json` file.
 
 1. Create a wrapper script (e.g., `langprotect-wrapper.sh`):