[](https://npmjs.com/package/@purplesquirrel/guardrails-mcp-server)
Sign in to like and favorite skills
MCP server providing security guardrails for Claude Code and AI agents. Implements input validation, output filtering, policy enforcement, and audit logging.
User Request │ ▼ ┌─────────────────────────────────────┐ │ Guardrails Engine │ ├─────────────────────────────────────┤ │ ┌─────────┐ ┌──────────────────┐ │ │ │ Rate │ │ Input │ │ │ │ Limiter │──▶ Validator │ │ │ └─────────┘ └────────┬─────────┘ │ │ │ │ │ ┌────────▼─────────┐ │ │ │ Policy │ │ │ │ Engine │ │ │ └────────┬─────────┘ │ │ │ │ │ ┌────────▼─────────┐ │ │ │ Output │ │ │ │ Filter │ │ │ └────────┬─────────┘ │ │ │ │ │ ┌─────────────────────▼─────────┐ │ │ │ Audit Logger │ │ │ └───────────────────────────────┘ │ └─────────────────────────────────────┘ │ ▼ Response
src/engine/GuardrailsEngine.jsCore orchestration engine that coordinates all security components:
import { GuardrailsEngine } from './src/engine/GuardrailsEngine.js'; const engine = new GuardrailsEngine({ enableInputValidation: true, enableOutputFiltering: true, enablePolicyEnforcement: true, enableAuditLogging: true, enableRateLimiting: true, maxRequestsPerMinute: 60, }); // Process incoming request const result = await engine.processInput(request, { userId: 'user123' }); // Filter outgoing response const filtered = await engine.processOutput(response, context);
src/validators/InputValidator.jsValidates and sanitizes incoming requests:
src/filters/OutputFilter.jsFilters and redacts sensitive information from outputs:
src/policies/PolicyEngine.jsEnforces custom security policies:
src/audit/AuditLogger.jsComprehensive audit logging:
const config = { // Feature toggles enableInputValidation: true, enableOutputFiltering: true, enablePolicyEnforcement: true, enableAuditLogging: true, enableRateLimiting: true, // Rate limiting maxRequestsPerMinute: 60, maxTokensPerRequest: 100000, // Security patterns blockedPatterns: [ /password\s*[:=]/i, /api[_-]?key/i, ], // Domain restrictions allowedDomains: ['api.example.com'], // Sensitive data patterns for redaction sensitiveDataPatterns: [ { pattern: /\b\d{3}-\d{2}-\d{4}\b/, replacement: '[SSN REDACTED]' }, { pattern: /\b\d{16}\b/, replacement: '[CARD REDACTED]' }, ], };
cd ~/guardrails-mcp-server npm install
Add to
~/.claude.json{ "mcpServers": { "guardrails": { "type": "stdio", "command": "node", "args": ["/path/to/guardrails-mcp-server/index.js"] } } }
Process and validate an incoming request.
Returns:
{ allowed: boolean, requestId: string, request: object, // Sanitized request processingTime: number, // If blocked: reason: string, code: 'RATE_LIMIT' | 'VALIDATION_ERROR' | 'POLICY_VIOLATION', violations: array, }
Filter and redact sensitive data from a response.
Returns:
{ filtered: boolean, response: object, // Filtered response redactions: array, // List of redactions applied processingTime: number, }
Get current engine statistics.
Query audit logs with optional filtering.
guardrails-mcp-server/ ├── package.json ├── README.md ├── src/ │ ├── engine/ │ │ └── GuardrailsEngine.js # Core engine │ ├── validators/ │ │ └── InputValidator.js # Input validation │ ├── filters/ │ │ └── OutputFilter.js # Output filtering │ ├── policies/ │ │ └── PolicyEngine.js # Policy enforcement │ └── audit/ │ └── AuditLogger.js # Audit logging ├── tests/ └── docs/
Matthew Karsten - Purple Squirrel Media
MIT
If this MCP server is useful to you, consider supporting its development:
Enterprise support available - Contact us for SLAs, custom development, and priority support.
