MCP Firewall
Deep inspection and governance for Model Context Protocol tools.
MCP Firewall
The ABS Core MCP Firewall provides a secure inspection layer for any agent using the Model Context Protocol (MCP). It protects sensitive internal tools from unauthorized use by autonomous agents.
Unlike standard MCP servers that simply expose tools, the ABS MCP Firewall wraps every tool in a Deterministic Policy Guard. Execution is intercepted, validated against Rust-based rules, and logged for auditing before the underlying system is touched.
Installation
Run the MCP server as a Docker container or Node.js process alongside your agent.
docker run -p 3000:3000 ghcr.io/abscore/mcp-server:latestAvailable Tools
The following tools are available in the banking-edition preset:
transfer_pix
Executes a PIX transfer. Critical Risk.
- Policy:
financial-transfer-limit(e.g., Max R$ 5,000.00) - Schema:
amount(number): Value in BRL.pixKey(string): Target PIX key.description(string): Transfer description.
{
"name": "transfer_pix",
"arguments": {
"amount": 1500.00,
"pixKey": "[email protected]",
"description": "Payment for services"
}
}query_customer
Access sensitive customer data (CRM). High Risk.
- Policy:
lgpd-pii-access(Requires Justification) - Schema:
cpf(string): Customer CPF (11 digits).
Returns redacted data if policy is violated or if user lacks permissions.
query_balance
Checks account balance. Low Risk.
- Policy:
data-access - Schema:
accountId(string): Internal Account ID.
Integration
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"abs-core": {
"command": "docker",
"args": ["run", "-i", "--rm", "ghcr.io/abscore/mcp-server:latest"]
}
}
}OpenClaw
Native integration via mcp-bridge.
const agent = new OpenClaw({
mcp: ["http://localhost:3000/sse"]
});