MCP Guardrails
LiteLLM supports applying guardrails to MCP tool calls to ensure security and compliance. You can configure guardrails to run before or during MCP calls to validate inputs and block or mask sensitive information.
Supported MCP Guardrail Modes​
MCP guardrails support the following modes:
pre_mcp_call
: Run before MCP call, on input. Use this mode when you want to apply validation/masking/blocking for MCP requestsduring_mcp_call
: Run during MCP call execution. Use this mode for real-time monitoring and intervention
Configuration Examples​
Configure guardrails to run before MCP tool calls to validate and sanitize inputs:
config.yaml
guardrails:
- guardrail_name: "mcp-input-validation"
litellm_params:
guardrail: presidio # or other supported guardrails
mode: "pre_mcp_call" # or during_mcp_call
pii_entities_config:
CREDIT_CARD: "BLOCK" # Will block requests containing credit card numbers
EMAIL_ADDRESS: "MASK" # Will mask email addresses
PHONE_NUMBER: "MASK" # Will mask phone numbers
default_on: true
Usage Examples​
Testing Pre-MCP Call Guardrails​
Test your MCP guardrails with a request that includes sensitive information:
Test MCP Guardrail
curl http://localhost:4000/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer sk-1234" \
-d '{
"model": "gpt-3.5-turbo",
"messages": [
{"role": "user", "content": "My credit card is 4111-1111-1111-1111 and my email is john@example.com"}
],
"guardrails": ["mcp-input-validation"]
}'
The request will be processed as follows:
- Credit card number will be blocked (request rejected)
- Email address will be masked (e.g., replaced with
<EMAIL_ADDRESS>
)
Using with MCP Tools​
When using MCP tools, guardrails will be applied to the tool inputs:
Python Example with MCP Guardrails
import openai
client = openai.OpenAI(
api_key="your-api-key",
base_url="http://localhost:4000"
)
# This request will trigger MCP guardrails
response = client.chat.completions.create(
model="gpt-3.5-turbo",
messages=[
{"role": "user", "content": "Send an email to 555-123-4567 with my SSN 123-45-6789"}
],
tools=[{"type": "mcp", "server_label": "litellm", "server_url": "litellm_proxy"}],
guardrails=["mcp-input-validation"]
)
Supported Guardrail Providers​
MCP guardrails work with all LiteLLM-supported guardrail providers:
- Presidio: PII detection and masking
- Bedrock: AWS Bedrock guardrails
- Lakera: Content moderation
- Aporia: Custom guardrails
- Custom: Your own guardrail implementations