How do I use MCP Policy Gatekeeper?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@MCP Policy Gatekeeper check if 'createUserAccount.js' follows our naming conventions" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

MCP Server as Policy Gatekeeper

Real-time policy enforcement for AI coding agents using Model Context Protocol

Prevent AI agents from violating organizational standards by intercepting and validating their actions before execution.

🎯 Problem

AI coding assistants can bypass:

Naming conventions (camelCase vs snake_case)
Security policies (secrets in code, destructive commands)
Compliance rules (file access, API usage)

Traditional solutions (CI/CD, code review) catch violations after the damage is done.

✨ Solution

MCP server that acts as a policy gatekeeper - validates every agent action in real-time:

Agent: "Create myFirst--File.txt" ↓ MCP Server: ❌ Violates snake_case policy ↓ Agent: "Creating my_first_file.txt instead"

🚀 Quick Start

# Clone & setup git clone https://github.com/yourusername/mcpServer_as_gatekeeper.git cd mcpServer_as_gatekeeper # Install with uv uv init uv add mcp # Run server uv run server.py

🔧 Windsurf Integration

Add to ~/.windsurf/mcp_config.json:

{ "mcpServers": { "policy-gatekeeper": { "command": "uv", "args": [ "--directory", "/path/to/mcpServer_as_gatekeeper", "run", "server.py" ] } } }

Restart Windsurf. Done.

📋 Built-in Policies

1. Command Validation

❌ Blocks: rm -rf /, curl | bash, chmod 777
✅ Allows: git, npm, docker, safe operations

2. File Naming

Enforces: snake_case for files
Rejects: camelCase, kebab-case, special characters

3. Sensitive Paths

Blocks: /etc/shadow, .ssh/id_rsa, .env files

4. Network Security

Prevents: Command injection, data exfiltration

🧪 Test It

Prompt your agent:

Create a file called myTest--File.txt

Expected: Agent auto-corrects to my_test_file.txt

Validate this command: rm -rf /

Expected: Blocked with policy violation ORG-SEC-001

📊 Features

Feature	Status
Command validation	✅
File naming enforcement	✅
Audit logging	✅
Statistics dashboard	✅
OPA integration	🔄 Roadmap
Secret scanning	🔄 Roadmap

🏗️ Architecture

┌─────────────────┐ │ AI Agent │ │ (Windsurf) │ └────────┬────────┘ │ MCP Protocol ↓ ┌─────────────────────────┐ │ Policy Gatekeeper │ │ - Validate command │ │ - Check naming rules │ │ - Scan for secrets │ │ - Audit log │ └────────┬────────────────┘ │ ↓ ALLOW / DENY

🎛️ Customize Policies

Edit server.py:

POLICY_RULES = { "your_rule": { "patterns": [r"your_regex"], "message": "Your policy message" } }

Restart MCP server. Policies update immediately.

📈 Scale Impact

For a 50-developer team:

5,000 daily policy checks (100 per dev)
~100 hours/week saved on manual enforcement
80% of violations prevented before code review
Zero failed CI builds from policy violations

🔐 Enterprise Use Cases

Security: Block secrets, malicious commands
Compliance: Enforce SOC2/HIPAA file access rules
Quality: Consistent naming, code structure
Cost: Prevent expensive CI/CD failures

🛣️ Roadmap

OPA/Rego integration for complex policies
Secret detection (TruffleHog integration)
RBAC (role-based validation)
Multi-team policy federation
VS Code / Cursor support
Dashboard UI for policy management

🤝 Contributing

Have a policy pattern to share? PRs welcome!

Fork the repo
Add your policy to POLICY_RULES
Add test cases
Submit PR

📄 License

MIT

Install Server

A

security – no known vulnerabilities

F

license - not found

A

quality - confirmed to work

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Report Issue

Related Servers

MCP Policy Gatekeeper