McpVanguard
McpVanguard is a deterministic security proxy for the Model Context Protocol (MCP). It interposes between AI agents and tool servers to enforce non-bypassable security policies with low-latency enforcement.
THE PROXY REQUIREMENT
TECHNICAL ARCHITECTURE
Rule Engine
Versioned YAML manifests (jailbreak.yaml, network.yaml, privilege.yaml) define deterministic matching rules. No probabilistic model judgment is involved in enforcement.
Interception Points
Tool discovery metadata checks, parameter inspection (allowlist/blocklist), selected result scanning, and execution logging (telemetry generation).
Deployment Model
Runs as a local sidecar or stdio wrapper. SSE/HTTP gateway mode is available for hosted deployments (requires API key or JWT auth). Container deployment is on the roadmap.
Performance
Low-latency deterministic enforcement. Python's flexibility enables rapid rule iteration without recompilation; production rule evaluation is optimized for throughput.