mcp-warden

[](https://www.npmjs.com/package/mcp-warden) [](https://github.com/vikrantwiz02/mcp-warden?tab=MIT-1-ov-file) [](https://bundlephobia.com/package/mcp-warden)

High-performance security guardrails for MCP-compatible AI agents and tool execution.

• Policy-based tool authorization for MCP tool calls.
• Filesystem path enforcement for blocked paths defined in policy.
• Human-in-the-loop gating with REQUIRES_APPROVAL status when approval is mandated.
• Prompt-injection scanning for high-risk control phrases.
• Output redaction for email addresses, API keys, and IP addresses.
• Built-in rate limiting and circuit-breaker protection.
• CLI audit workflow for identifying over-permissioned MCP servers.

• Why Security Matters for AI Agents
• Quick Start
• Policy Configuration
• CLI Commands
• Development
• License
• Security Disclaimer

AI agents can execute tools with real-world side effects: reading files, modifying systems, calling external APIs, and handling sensitive data. Without guardrails, a single prompt injection or over-permissioned server can lead to data leakage, privilege escalation, or runaway tool loops.

mcp-warden helps enforce a security boundary before and after tool execution:

• Blocks unauthorized tools using explicit policy rules.
• Denies tool calls that target blocked filesystem paths from policy.
• Returns REQUIRES_APPROVAL before execution when approvalRequired is enabled.
• Detects prompt-injection signatures in tool arguments.
• Enforces rate limits to reduce abuse and runaway call storms.
• Applies circuit-breaker protection fo