# π‘οΈ Secure-MCP
[](README.md)
[](README-ko.md)
[](README-ja.md)
[](README-zh.md)
[](README-es.md)
> **Secure execution layer for LLM/MCP agents** β safely integrate agents without exposing `.env`, secrets, or sensitive system files.
---
## π What is Secure-MCP?
**Secure-MCP** is a security-focused middleware framework that wraps around your MCP (Multi-Component Prompting) or LLM Agent systems to ensure that:
- π« `.env`, `API keys`, system files, and private configs are **not accessible** by agent logic.
- β
MCP/agent systems can still **safely perform operations**, such as calling APIs or retrieving tokens, via a secure proxy.
- π§ It supports LLM workflows, agent frameworks (like LangChain, AutoGen, CrewAI), and context-based tools β **without compromising security**.
---
## 𧱠Key Features
| Feature | Description |
|--------------------------------|-----------------------------------------------------------------------------|
| π **SecureEnvBridge** | Only whitelisted env variables can be accessed; `.env` is not directly exposed |
| π **File Access Control** | Blocks file reads like `.env`, `secret.pem`, `key.json`, `config.yaml` etc. |
| π¦ **Secure Function Proxy** | Sensitive operations are abstracted into secured callable functions |
| π **Audit Logging** | Logs all attempts to access sensitive resources |
| π§ͺ **Sandboxed Execution** | Optionally runs MCP code in an isolated environment (e.g., Docker, WASM) |
| βοΈ **Framework Agnostic** | Easy to plug into any agent system or LLM pipeline |
---
## π§° Example Use Case
```python
from secure_mcp.secure_env_bridge import secure_get, secure_open
# Only whitelisted environment variables are allowed
api_key = secure_get("SERVICE_AUTH_TOKEN") # β
allowed
db_pw = secure_get("DB_PASSWORD") # β blocked
# Safe file open (blocks sensitive files)
with secure_open("safe_data.csv") as f:
content = f.read()
```
Use `SecureEnvBridge` instead of `os.getenv()` and `open()` to ensure safety.
---
## π§ Installation
```bash
git clone https://github.com/yourname/secure-mcp.git
cd secure-mcp
pip install -e .
```
You may also package it via `setup.py` or `pyproject.toml` for internal PyPI deployment.
---
## π οΈ Architecture
```txt
[ User Input / Agent Task ]
β
[ SecureContextExecutor ]
β
[ SecureEnvBridge / FileGuard ]
β
[ External API, File, or Memory Access ]
β
[ LLM Agent Response ]
```
* MCP doesn't need to know the secrets.
* SecureEnvBridge acts like a **vault-aware delegate**.
* Every access is **controlled, logged, and filtered**.
---
## π Example Structure
```
secure-mcp/
βββ secure_env_bridge/
β βββ secure_get.py
β βββ secure_open.py
β βββ whitelist_loader.py
β βββ audit_logger.py
βββ examples/
β βββ fastapi_demo.py
β βββ sandbox_runner.py
βββ tests/
β βββ test_env_guard.py
βββ .env.example
βββ LICENSE
βββ README.md
βββ setup.py
```
---
## π§ Roadmap
* [x] SecureEnvBridge with whitelist loader
* [x] File access guard (`open()` patch)
* [ ] WASM-based execution wrapper
* [ ] Dockerized secure MCP runner
* [ ] OpenAPI proxy adapter
* [ ] Agent plugin system for LangChain / CrewAI
---
## π License
This project is licensed under the **Apache License 2.0**.
See the [LICENSE](./LICENSE) file for more details.
---
## π€ Contributing
Pull requests are welcome.
For major changes, please open an issue first to discuss what you would like to change.
Check `CONTRIBUTING.md` for detailed instructions.
---
## π¬ Contact
Questions, ideas, or feedback?
Feel free to [open an issue](https://github.com/yourname/secure-mcp/issues) or start a discussion.
Raw data
{
"_id": null,
"home_page": "https://github.com/re-rank/secure-mcp",
"name": "secure-mcp",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "Your Name <your.email@example.com>",
"keywords": "security, mcp, llm, agent, sandbox, whitelist, audit",
"author": "re-rank",
"author_email": "Your Name <your.email@example.com>",
"download_url": "https://files.pythonhosted.org/packages/9e/01/24eaca6c50cb898993152350d643ff5164ecca8e9579971ea864cf8a84fe/secure_mcp-0.1.0.tar.gz",
"platform": null,
"description": "# \ud83d\udee1\ufe0f Secure-MCP\r\n\r\n[](README.md)\r\n[](README-ko.md)\r\n[](README-ja.md)\r\n[](README-zh.md)\r\n[](README-es.md)\r\n\r\n> **Secure execution layer for LLM/MCP agents** \u2014 safely integrate agents without exposing `.env`, secrets, or sensitive system files.\r\n\r\n---\r\n\r\n## \ud83d\udd0d What is Secure-MCP?\r\n\r\n**Secure-MCP** is a security-focused middleware framework that wraps around your MCP (Multi-Component Prompting) or LLM Agent systems to ensure that:\r\n\r\n- \ud83d\udeab `.env`, `API keys`, system files, and private configs are **not accessible** by agent logic.\r\n- \u2705 MCP/agent systems can still **safely perform operations**, such as calling APIs or retrieving tokens, via a secure proxy.\r\n- \ud83e\udde0 It supports LLM workflows, agent frameworks (like LangChain, AutoGen, CrewAI), and context-based tools \u2014 **without compromising security**.\r\n\r\n---\r\n\r\n## \ud83e\uddf1 Key Features\r\n\r\n| Feature | Description |\r\n|--------------------------------|-----------------------------------------------------------------------------|\r\n| \ud83d\udd10 **SecureEnvBridge** | Only whitelisted env variables can be accessed; `.env` is not directly exposed |\r\n| \ud83d\udcc2 **File Access Control** | Blocks file reads like `.env`, `secret.pem`, `key.json`, `config.yaml` etc. |\r\n| \ud83d\udce6 **Secure Function Proxy** | Sensitive operations are abstracted into secured callable functions |\r\n| \ud83d\udcdc **Audit Logging** | Logs all attempts to access sensitive resources |\r\n| \ud83e\uddea **Sandboxed Execution** | Optionally runs MCP code in an isolated environment (e.g., Docker, WASM) |\r\n| \u2699\ufe0f **Framework Agnostic** | Easy to plug into any agent system or LLM pipeline |\r\n\r\n---\r\n\r\n## \ud83e\uddf0 Example Use Case\r\n\r\n```python\r\nfrom secure_mcp.secure_env_bridge import secure_get, secure_open\r\n\r\n# Only whitelisted environment variables are allowed\r\napi_key = secure_get(\"SERVICE_AUTH_TOKEN\") # \u2705 allowed\r\ndb_pw = secure_get(\"DB_PASSWORD\") # \u274c blocked\r\n\r\n# Safe file open (blocks sensitive files)\r\nwith secure_open(\"safe_data.csv\") as f:\r\n content = f.read()\r\n```\r\n\r\nUse `SecureEnvBridge` instead of `os.getenv()` and `open()` to ensure safety.\r\n\r\n---\r\n\r\n## \ud83d\udd27 Installation\r\n\r\n```bash\r\ngit clone https://github.com/yourname/secure-mcp.git\r\ncd secure-mcp\r\npip install -e .\r\n```\r\n\r\nYou may also package it via `setup.py` or `pyproject.toml` for internal PyPI deployment.\r\n\r\n---\r\n\r\n## \ud83d\udee0\ufe0f Architecture\r\n\r\n```txt\r\n[ User Input / Agent Task ]\r\n \u2193\r\n[ SecureContextExecutor ]\r\n \u2193\r\n[ SecureEnvBridge / FileGuard ]\r\n \u2193\r\n[ External API, File, or Memory Access ]\r\n \u2193\r\n[ LLM Agent Response ]\r\n```\r\n\r\n* MCP doesn't need to know the secrets.\r\n* SecureEnvBridge acts like a **vault-aware delegate**.\r\n* Every access is **controlled, logged, and filtered**.\r\n\r\n---\r\n\r\n## \ud83d\udcc4 Example Structure\r\n\r\n```\r\nsecure-mcp/\r\n\u251c\u2500\u2500 secure_env_bridge/\r\n\u2502 \u251c\u2500\u2500 secure_get.py\r\n\u2502 \u251c\u2500\u2500 secure_open.py\r\n\u2502 \u251c\u2500\u2500 whitelist_loader.py\r\n\u2502 \u2514\u2500\u2500 audit_logger.py\r\n\u251c\u2500\u2500 examples/\r\n\u2502 \u251c\u2500\u2500 fastapi_demo.py\r\n\u2502 \u2514\u2500\u2500 sandbox_runner.py\r\n\u251c\u2500\u2500 tests/\r\n\u2502 \u2514\u2500\u2500 test_env_guard.py\r\n\u251c\u2500\u2500 .env.example\r\n\u251c\u2500\u2500 LICENSE\r\n\u251c\u2500\u2500 README.md\r\n\u2514\u2500\u2500 setup.py\r\n```\r\n\r\n---\r\n\r\n## \ud83d\udea7 Roadmap\r\n\r\n* [x] SecureEnvBridge with whitelist loader\r\n* [x] File access guard (`open()` patch)\r\n* [ ] WASM-based execution wrapper\r\n* [ ] Dockerized secure MCP runner\r\n* [ ] OpenAPI proxy adapter\r\n* [ ] Agent plugin system for LangChain / CrewAI\r\n\r\n---\r\n\r\n## \ud83d\udd10 License\r\n\r\nThis project is licensed under the **Apache License 2.0**.\r\nSee the [LICENSE](./LICENSE) file for more details.\r\n\r\n---\r\n\r\n## \ud83e\udd1d Contributing\r\n\r\nPull requests are welcome.\r\nFor major changes, please open an issue first to discuss what you would like to change.\r\nCheck `CONTRIBUTING.md` for detailed instructions.\r\n\r\n---\r\n\r\n## \ud83d\udcec Contact\r\n\r\nQuestions, ideas, or feedback?\r\nFeel free to [open an issue](https://github.com/yourname/secure-mcp/issues) or start a discussion.\r\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Secure execution layer for LLM/MCP agents",
"version": "0.1.0",
"project_urls": {
"Changelog": "https://github.com/yourname/secure-mcp/blob/main/CHANGELOG.md",
"Documentation": "https://github.com/yourname/secure-mcp/wiki",
"Homepage": "https://github.com/yourname/secure-mcp",
"Issues": "https://github.com/yourname/secure-mcp/issues",
"Repository": "https://github.com/yourname/secure-mcp"
},
"split_keywords": [
"security",
" mcp",
" llm",
" agent",
" sandbox",
" whitelist",
" audit"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "28cf8562a0278173c910f2fd1fb1cb7b67930ccfbf127fb96d727cd2f11bf55f",
"md5": "73e6cec2dbd9440be6aa8a4444148960",
"sha256": "39f6a535f63ce6e6b0b7eba005d1bbcb5c5c8c267152ae557cb4c02ddaa8514a"
},
"downloads": -1,
"filename": "secure_mcp-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "73e6cec2dbd9440be6aa8a4444148960",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 10828,
"upload_time": "2025-07-21T23:05:22",
"upload_time_iso_8601": "2025-07-21T23:05:22.323799Z",
"url": "https://files.pythonhosted.org/packages/28/cf/8562a0278173c910f2fd1fb1cb7b67930ccfbf127fb96d727cd2f11bf55f/secure_mcp-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "9e0124eaca6c50cb898993152350d643ff5164ecca8e9579971ea864cf8a84fe",
"md5": "8bfc0c6404dbcc4bbacd82c76b217f9a",
"sha256": "b931c102d557b333096cfd76ec7a7da9c4cc3cef9a29326cb99cc89e9719248d"
},
"downloads": -1,
"filename": "secure_mcp-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "8bfc0c6404dbcc4bbacd82c76b217f9a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 22957,
"upload_time": "2025-07-21T23:05:23",
"upload_time_iso_8601": "2025-07-21T23:05:23.661740Z",
"url": "https://files.pythonhosted.org/packages/9e/01/24eaca6c50cb898993152350d643ff5164ecca8e9579971ea864cf8a84fe/secure_mcp-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-21 23:05:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "re-rank",
"github_project": "secure-mcp",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "secure-mcp"
}
JSON
