Secure Copilot's MCP tool servers
McpVanguard applies layered policy to Copilot extension and agent MCP traffic routed through the proxy, returning an explicit decision before the selected tool call reaches the server.
Tool allowlisting
Use configured tool and argument policies to constrain which GitHub operations a routed workflow may request. Destructive examples still require deployment-specific verification.
Injection-resistant
Configured checks can surface suspicious instruction patterns in routed arguments; this is not a universal prompt-injection guarantee.
CI-compatible
Run McpVanguard wherever the supported MCP transport and deployment configuration are available; verify your CI or cloud setup before production use.
Set up in 3 steps
McpVanguard runs as an SSE gateway that Copilot extensions connect to over HTTP.
Install McpVanguard
pip install mcp-vanguard
Start the secured SSE gateway
vanguard sse \ --profile balanced \ --server uvx mcp-server-github \ --port 3000
Point your Copilot extension
# copilot-extension config
{
"mcpServer": {
"url": "http://localhost:3000/sse"
}
}Common questions
How do I secure GitHub Copilot MCP servers with McpVanguard?
Install McpVanguard (pip install mcp-vanguard) and configure it to wrap the MCP server used by your Copilot workflow. Tool calls routed through the proxy are evaluated before they reach that server.
Does McpVanguard work with GitHub Copilot Extensions?
Copilot extensions or MCP-backed agents can use McpVanguard when their MCP traffic can be routed through the proxy. Confirm the extension transport and configuration before relying on this integration.
Can I use McpVanguard in a GitHub Actions CI environment?
McpVanguard runs as a Python process and can be installed alongside an MCP server in supported CI or cloud environments. Verify the transport, permissions, and deployment configuration before using it in a production runner.
Stay ahead of agentic threats
Follow our latest research on MCP vulnerabilities, defensive architecture, and verifiable execution. We publish updates on the site and in the RSS feed.