mcpProtection

Version

Protects an MCP endpoint by validating incoming JSON-RPC requests and restricting the MCP methods and tools that clients may use.

Only HTTP POST requests with an application/json content type are accepted. JSON-RPC batch requests are rejected.

initialize and ping are always allowed. tools/list, tools/call, and notifications are enabled by default and can be disabled under methods. Every other method is rejected.

Tool rules are evaluated in declaration order and the first matching rule wins. If no rule matches, the tool is allowed. Consequently, all tools are allowed when tools is omitted. Add a final deny: ".*" rule to change this into an allowlist.

Denied tools are also removed from tools/list responses so clients do not discover tools they are not allowed to call.

Example Configuration

- mcpProtection:
methods:
toolsList: true
toolsCall: true
notifications: true
tools:
- allow: "listProxies"
- allow: "getStatistics"
- allow: "getExchanges"
- deny: ".*" # tool names also support regular expressions
- mcpProtection:
     methods:
       toolsList: true
       toolsCall: true
       notifications: true
     tools:
       - allow: "listProxies"
       - allow: "getStatistics"
       - allow: "getExchanges"
       - deny: ".*"           # tool names also support regular expressions

Syntax

mcpProtection:
'$ref': <string>
methods: {}
tools:
- <tools>
mcpProtection:
  '$ref': <string>
  methods: {}
  tools:
    - <tools>

Attributes

NameRequiredDefaultDescriptionExamples
$reffalse-Reference a component defined under components.-

Child Structure

ElementCardinalityDescription
methods0..1Configures the optional MCP method groups. initialize and ping cannot be disabled by this interceptor.
tools0..*Configures ordered allow and deny rules for tool names used by tools/call and advertised by tools/list. Rules support regular expressions. The first matching rule wins; tools unmatched by any rule are allowed.

Can be used in