MCP Security Gateway
Configure ABS Core as a security proxy for the Model Context Protocol -- enforcement modes, policy hot-reload, and production deployment.
MCP Security Gateway
ABS Core operates as a transparent security proxy for MCP (Model Context Protocol) tool calls. Every request passes through the governance pipeline before reaching the target tool server.
How It Works
AI Client (Claude, Cursor, etc.)
|
| MCP stdio
v
+-------------------+
| ABS Core Gateway | <-- Intercepts here
| |
| OID -> HASH -> |
| ENGINE -> LEDGER |
+-------------------+
|
| MCP stdio (if ALLOW)
v
Target MCP Server (filesystem, database, API)The gateway sits between the MCP client and the MCP server. It reads every tools/call request, evaluates it, and either forwards it (ALLOW) or blocks it (DENY) with a governance reason.
Configuration
Basic Setup
{
"mcpServers": {
"governed-filesystem": {
"command": "npx",
"args": ["@abscore/mcp-gateway", "watch", "--target", "npx @modelcontextprotocol/server-filesystem /allowed/path"]
}
}
}Policy File
The gateway loads policies from .abs/policy.json:
{
"version": "4.1.0",
"enforcement_mode": "FULL",
"deny_tools": ["rm", "sudo", "eval", "exec"],
"escalate_tools": ["db.write", "api.external"],
"allow_tools": ["db.read", "file.read"],
"deny_models": [],
"arg_restrictions": {
"db.query": {
"blocked_patterns": ["DROP", "DELETE", "TRUNCATE", "ALTER"]
},
"file.write": {
"blocked_patterns": ["/etc/", "/usr/", "~/.ssh/"]
}
}
}Enforcement Modes
| Mode | Behavior | Use Case |
|---|---|---|
FULL | DENY blocks execution. Active license required. | Production |
AUDIT_ONLY | All calls pass through. Decisions recorded but not enforced. | Evaluation / expired license |
STRICT | DENY on any unrecognized tool. Explicit allowlist required. | High-security environments |
The enforcement mode is recorded in every SovereignAuditRecord via the license_status field:
{
"license_status": "FULL",
"decision": "DENY",
"reason": "Tool 'rm' is in deny_tools list"
}Decision Flow
For every intercepted tools/call:
- Parse -- Extract tool name, arguments, and caller identity
- OID Verify -- Validate Ed25519 signature (if agent is registered)
- Policy Match -- Check deny_tools, then escalate_tools, then allow_tools
- Arg Restrict -- Scan arguments against blocked_patterns
- Decide -- ALLOW, DENY, or ESCALATE
- Record -- Append to hash chain with SHA-256 block hash
- Sign -- Generate Ed25519 crypto receipt
- Forward or Block -- Execute or return governance error
Total latency: < 0.015ms (P99).
Hot-Reload
Policy changes are detected automatically:
# Edit the policy while the gateway is running
vim .abs/policy.json
# Gateway logs:
# [ABS CORE] Policy reloaded: .abs/policy.json (3 deny, 2 escalate, 2 allow)No restart required. The new policy applies to the next tool call.
Monitoring
# Real-time status
npx @abscore/mcp-gateway status
# Export audit trail
npx @abscore/mcp-gateway export --format jsonl --output audit.jsonl
# Verify chain integrity
npx @abscore/mcp-gateway verifyProduction Deployment
Systemd Service
[Unit]
Description=ABS Core MCP Governance Gateway
After=network.target
[Service]
Type=simple
User=abs-core
ExecStart=/usr/local/bin/npx @abscore/mcp-gateway watch
Restart=always
RestartSec=5
Environment=ABS_POLICY_PATH=/etc/abs-core/policy.json
Environment=ABS_KEY_DIR=/etc/abs-core/keys
[Install]
WantedBy=multi-user.targetDocker
FROM node:22-slim
WORKDIR /app
RUN npx @abscore/mcp-gateway init
COPY policy.json .abs/policy.json
CMD ["npx", "@abscore/mcp-gateway", "watch"]Related
- Quickstart -- Get running in 60 seconds
- KeyProvider API -- Configure key management
- Air-Gapped Operations -- Deploy without internet