MCP Security
Add authentication, authorization, and rate limiting to your MCP (Model Context Protocol) connections.API Key Authentication
Copy
import { MCPSecurity, createMCPSecurity, createApiKeyPolicy } from 'praisonai';
// Create security with API key validation
const security = createMCPSecurity();
// Add API key policy
const apiKeyPolicy = createApiKeyPolicy({
keys: ['sk-prod-key-1', 'sk-prod-key-2'],
header: 'X-API-Key' // Header to check
});
security.addPolicy(apiKeyPolicy);
// Validate request
const context = {
headers: { 'X-API-Key': 'sk-prod-key-1' },
ip: '192.168.1.1'
};
const result = await security.validate(context);
console.log('Allowed:', result.allowed);
console.log('Reason:', result.reason);
Rate Limiting
Copy
import { MCPSecurity, createRateLimitPolicy } from 'praisonai';
const security = new MCPSecurity();
// Add rate limit policy
const rateLimit = createRateLimitPolicy({
requests: 100, // Max requests
window: 60000, // Per minute (ms)
keyExtractor: (ctx) => ctx.ip // Rate limit by IP
});
security.addPolicy(rateLimit);
// Check rate limit
for (let i = 0; i < 5; i++) {
const result = await security.validate({ ip: '192.168.1.1' });
console.log(`Request ${i + 1}: ${result.allowed ? 'OK' : 'RATE LIMITED'}`);
}
Combined Policies
Copy
import {
MCPSecurity,
createApiKeyPolicy,
createRateLimitPolicy
} from 'praisonai';
const security = new MCPSecurity();
// Must have valid API key
security.addPolicy(createApiKeyPolicy({
keys: process.env.API_KEYS?.split(',') || []
}));
// And respect rate limits
security.addPolicy(createRateLimitPolicy({
requests: 1000,
window: 3600000 // Per hour
}));
// Middleware for Express/similar
async function securityMiddleware(req, res, next) {
const result = await security.validate({
headers: req.headers,
ip: req.ip,
path: req.path
});
if (!result.allowed) {
return res.status(result.code || 403).json({ error: result.reason });
}
next();
}
Use with MCP Server
Copy
import { MCPServer, MCPSecurity, createApiKeyPolicy } from 'praisonai';
const security = new MCPSecurity();
security.addPolicy(createApiKeyPolicy({ keys: ['secret-key'] }));
const server = new MCPServer({
name: 'Secure MCP Server',
security // Attach security
});
// Server tools are now protected
server.addTool({
name: 'protected_action',
description: 'A protected action',
execute: async () => 'Protected result'
});
Custom Security Policies
Copy
import { MCPSecurity, SecurityPolicy } from 'praisonai';
// Create custom IP whitelist policy
const ipWhitelist: SecurityPolicy = {
name: 'ip-whitelist',
type: 'authorization',
validate: async (context) => {
const allowed = ['127.0.0.1', '192.168.1.0/24'];
const isAllowed = allowed.some(ip => context.ip?.startsWith(ip.split('/')[0]));
return {
allowed: isAllowed,
reason: isAllowed ? undefined : 'IP not whitelisted',
code: isAllowed ? undefined : 403
};
}
};
const security = new MCPSecurity();
security.addPolicy(ipWhitelist);
Security Events
Copy
import { MCPSecurity } from 'praisonai';
const security = new MCPSecurity({
onViolation: (policy, context, result) => {
console.log(`Security violation: ${policy.name}`);
console.log(`IP: ${context.ip}`);
console.log(`Reason: ${result.reason}`);
// Log to monitoring system
// alerting.notify('security_violation', { policy, context });
}
});
Policy Types
| Type | Description |
|---|---|
authentication | Verify identity (API keys, tokens) |
authorization | Check permissions |
rate-limit | Limit request frequency |
ip-filter | Allow/deny by IP |
Related
- MCP Tools - MCP integration
- Guardrails - Input/output validation
- Sessions - Session security