GuardRail MCP v2.0 (Enterprise)
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| GUARDRAIL_ENTERPRISE | No | Set to '1' to enable enterprise features (RBAC, policy packs, audit logs, etc.) | |
| GUARDRAIL_HTTP_API_KEY | No | API key required when running in HTTP mode for authentication | |
| GUARDRAIL_ENTERPRISE_CONFIG | No | Path to the enterprise configuration JSON file |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| audit_code_safetyA | Hybrid multi-engine scan: secrets regex, Python AST + advanced multi-hop taint, tree-sitter structural sinks, language grids, custom rules/plugins. Returns redacted issues, engines used, risk score, security_verdict. |
| audit_cloud_costC | Rough AWS/GCP monthly SKU catalog estimate from IaC text. |
| audit_infra_securityC | IaC misconfigs + budget gate on estimated monthly burn. |
| scan_repositoryB | Parallel recursive repo scan with optional incremental cache. |
| scan_git_diffB | Scan only files changed in a git range (PR/diff) or staged changes. |
| scan_dependenciesC | Dependency inventory + optional OSV CVE query. |
| export_sarifC | Convert issues to SARIF 2.1.0 JSON. |
| generate_sbomC | Generate CycloneDX and/or SPDX SBOM JSON. |
| suggest_fixesC | Template or LLM-assisted fix drafts for findings (never auto-applied). |
| audit_container_configD | Dockerfile / Kubernetes security heuristics. |
| full_pipelineD | Repo/diff scan + deps + fixes + SARIF + SBOM. |
| list_pluginsA | List loaded plugins and custom rule counts. |
| engine_statusB | Report hybrid engine capabilities (tree-sitter langs, plugins, etc.). |
| security_scoreC | Compute security score/grade from an issues list and optionally record history. |
| scan_historyC | Return recent dashboard scan history from local SQLite. |
| enterprise_healthC | Enterprise health, metrics, and non-secret config status. |
| enterprise_policy_statusB | Show active policy pack and gate thresholds for the caller tenant. |
| evaluate_policyC | Run policy pack evaluation against a prior scan result object. |
| compliance_reportC | Generate a lightweight compliance evidence report for auditors. |
| list_audit_eventsC | List recent in-memory audit events (operator+). |
| issue_access_tokenC | Issue a short-lived JWT (admin). Requires GUARDRAIL_JWT_SECRET. |
| reload_enterprise_configC | Reload enterprise YAML/JSON from disk (admin). |
| manage_tenantC | Inspect or update in-memory tenant quota counters (admin). |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/SECRET4422/guardrail-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server