Skip to main content
Glama
SECRET4422

GuardRail MCP v2.0 (Enterprise)

by SECRET4422

GuardRail MCP

Release License: MIT Tests Website MCPize

Hybrid multi-language security analysis over MCP for AI-assisted development workflows.

GuardRail exposes tools that scan source and infrastructure text for high-signal issues (secrets, dangerous APIs, injection patterns, IaC misconfigurations), with optional tree-sitter structural checks, dependency inventory/OSV, SARIF/SBOM export, and an enterprise policy gateway.

Scope (read this)

  • Does: static analysis of text you provide; redacts many secret-shaped substrings in excerpts.

  • Does not: execute scanned code; replace commercial SAST/DAST; guarantee zero false positives/negatives; provide SOC2 certification by itself.

  • Website playground: browser-only demonstration (docs/ACCURACY.md). Production use = Python MCP/CLI.

Related MCP server: Spotter-SAST

Quick start

git clone https://github.com/SECRET4422/guardrail-mcp.git
cd guardrail-mcp
pip install -r requirements.txt
export PYTHONPATH=$PWD

python -m unittest discover -s tests -v
python -m guardrail --mode stdio

MCP client configuration

{
  "mcpServers": {
    "guardrail": {
      "command": "python",
      "args": ["-m", "guardrail", "--mode", "stdio"],
      "cwd": "/absolute/path/to/guardrail-mcp",
      "env": { "PYTHONPATH": "/absolute/path/to/guardrail-mcp" }
    }
  }
}

CLI scan (ground truth)

python - <<'PY'
from pathlib import Path
from guardrail.hybrid_scan import hybrid_scan
r = hybrid_scan(
    Path("examples/vulnerable_sample.py").read_text(encoding="utf-8"),
    filename="examples/vulnerable_sample.py",
)
print(r["status"], r["security_verdict"], r["issue_count"], r.get("engines"))
PY

examples/ contains intentional insecure fixtures for tests and demos only (labeled in-file). Values are synthetic.

Capabilities

Area

Implementation

Secrets / high-signal patterns

rules.py, language grids

Python AST + multi-hop taint

ast_engine.py, taint.py

Tree-sitter (optional grammars)

treesitter_engine.py

Repo / git-diff scan

repo_scan.py, git_scan.py

Dependencies / OSV

deps.py (network optional)

SARIF / SBOM

sarif_export.py, sbom.py

Enterprise auth, RBAC, policy

guardrail/enterprise/

Custom rules / plugins

rule_engine.py, plugins.py

Tests

PYTHONPATH=$PWD python -m unittest discover -s tests -v

Published summary: docs/test-results.md (reproduce with the command above).

Performance

Indicative micro-benchmarks are in docs/PERFORMANCE.md and benchmarks/. Re-run on your machine before relying on numbers.

Enterprise mode

Optional multi-tenant gateway (API keys/JWT, RBAC, path sandbox, audit, rate limits). See docs/ENTERPRISE.md. Do not deploy HTTP enterprise mode without authentication.

Hosted listing

Optional commercial listing: mcpize.com/mcp/guardrail.
Self-hosting the MIT core remains free. Pricing on MCPize is set in that marketplace dashboard.

Security

License

MIT — LICENSE.

Install Server
A
license - permissive license
C
quality
A
maintenance

Maintenance

Maintainers
Response time
Release cycle
1Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/SECRET4422/guardrail-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server