Crate kvlar_proxy

Expand description

§kvlar-proxy

MCP security proxy — intercepts Model Context Protocol messages and evaluates them against loaded security policies before forwarding.

This crate provides the runtime enforcement layer. It sits between an AI agent and its tool servers, ensuring every tool call passes through the Kvlar policy engine before execution.

§Architecture

Agent ──► kvlar-proxy ──► MCP Tool Server
              │
              ├── kvlar-core (policy evaluation)
              └── kvlar-audit (structured logging)

Re-exports§

pub use approval::ApprovalBackend;
pub use approval::ApprovalError;
pub use approval::DenyAllApprovalBackend;
pub use approval::WebhookApprovalBackend;
pub use config::ProxyConfig;
pub use mcp::McpMessage;
pub use mcp::McpRequest;
pub use mcp::McpResponse;
pub use mcp::ToolCallParams;
pub use shield_approval::ShieldApprovalBackend;

Modules§

approval: Approval backend trait and implementations.
config: Proxy configuration.
handler: Transport-agnostic proxy message handler.
health: Health check endpoint and proxy statistics.
mcp: MCP JSON-RPC message parsing.
proxy: MCP proxy server implementation (TCP transport).
shield_approval: SHIELD cloud approval backend.
shutdown: Graceful shutdown coordination.
stdio: MCP stdio transport implementation.
watcher: Policy hot-reload via filesystem watcher.

Constants§

VERSION: Library version, pulled from Cargo.toml at compile time.

Crate kvlar_proxy

Crate kvlar_proxy Copy item path

§kvlar-proxy

§Architecture

Re-exports§

Modules§

Constants§

Crate kvlar_proxy