GILSMON/mcpServer_as_gatekeeper
If you are the rightful owner of mcpServer_as_gatekeeper and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
The Model Context Protocol (MCP) server acts as a policy gatekeeper, ensuring real-time policy enforcement for AI coding agents to prevent violations of organizational standards.
MCP Server as Policy Gatekeeper
Real-time policy enforcement for AI coding agents using Model Context Protocol
Prevent AI agents from violating organizational standards by intercepting and validating their actions before execution.
๐ฏ Problem
AI coding assistants can bypass:
- Naming conventions (camelCase vs snake_case)
- Security policies (secrets in code, destructive commands)
- Compliance rules (file access, API usage)
Traditional solutions (CI/CD, code review) catch violations after the damage is done.
โจ Solution
MCP server that acts as a policy gatekeeper - validates every agent action in real-time:
Agent: "Create myFirst--File.txt"
โ
MCP Server: โ Violates snake_case policy
โ
Agent: "Creating my_first_file.txt instead"
๐ Quick Start
# Clone & setup
git clone https://github.com/yourusername/mcpServer_as_gatekeeper.git
cd mcpServer_as_gatekeeper
# Install with uv
uv init
uv add mcp
# Run server
uv run server.py
๐ง Windsurf Integration
Add to ~/.windsurf/mcp_config.json:
{
"mcpServers": {
"policy-gatekeeper": {
"command": "uv",
"args": [
"--directory",
"/path/to/mcpServer_as_gatekeeper",
"run",
"server.py"
]
}
}
}
Restart Windsurf. Done.
๐ Built-in Policies
1. Command Validation
- โ Blocks:
rm -rf /,curl | bash,chmod 777 - โ
Allows:
git,npm,docker, safe operations
2. File Naming
- Enforces:
snake_casefor files - Rejects:
camelCase,kebab-case, special characters
3. Sensitive Paths
- Blocks:
/etc/shadow,.ssh/id_rsa,.envfiles
4. Network Security
- Prevents: Command injection, data exfiltration
๐งช Test It
Prompt your agent:
Create a file called myTest--File.txt
Expected: Agent auto-corrects to my_test_file.txt
Validate this command: rm -rf /
Expected: Blocked with policy violation ORG-SEC-001
๐ Features
| Feature | Status |
|---|---|
| Command validation | โ |
| File naming enforcement | โ |
| Audit logging | โ |
| Statistics dashboard | โ |
| OPA integration | ๐ Roadmap |
| Secret scanning | ๐ Roadmap |
๐๏ธ Architecture
โโโโโโโโโโโโโโโโโโโ
โ AI Agent โ
โ (Windsurf) โ
โโโโโโโโโโฌโโโโโโโโโ
โ MCP Protocol
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Policy Gatekeeper โ
โ - Validate command โ
โ - Check naming rules โ
โ - Scan for secrets โ
โ - Audit log โ
โโโโโโโโโโฌโโโโโโโโโโโโโโโโโ
โ
โ
ALLOW / DENY
๐๏ธ Customize Policies
Edit server.py:
POLICY_RULES = {
"your_rule": {
"patterns": [r"your_regex"],
"message": "Your policy message"
}
}
Restart MCP server. Policies update immediately.
๐ Scale Impact
For a 50-developer team:
- 5,000 daily policy checks (100 per dev)
- ~100 hours/week saved on manual enforcement
- 80% of violations prevented before code review
- Zero failed CI builds from policy violations
๐ Enterprise Use Cases
- Security: Block secrets, malicious commands
- Compliance: Enforce SOC2/HIPAA file access rules
- Quality: Consistent naming, code structure
- Cost: Prevent expensive CI/CD failures
๐ฃ๏ธ Roadmap
- OPA/Rego integration for complex policies
- Secret detection (TruffleHog integration)
- RBAC (role-based validation)
- Multi-team policy federation
- VS Code / Cursor support
- Dashboard UI for policy management
๐ค Contributing
Have a policy pattern to share? PRs welcome!
- Fork the repo
- Add your policy to
POLICY_RULES - Add test cases
- Submit PR
๐ License
MIT