Overview Guardrails provide security and content filtering for your MCP servers by validating requests before they reach the server (input guardrails) and responses before they return to the client (output guardrails).
What Are Guardrails? Guardrails analyze content for:
Input Protection
PII detection & redaction
Injection attack prevention
Toxicity detection
NSFW content filtering
Policy violation detection
Keyword blocking
Bias detection
Output Protection
All input protections
Relevancy validation
Adherence checking
Hallucination detection
PII de-anonymization
Prerequisites
Secure MCP Gateway installed
Enkrypt API key (get from Enkrypt Dashboard )
Server configured in your gateway
Quick Start Set Enkrypt API Key First, configure your Enkrypt API key:
secure-mcp-gateway config set-enkrypt-api-key --api-key "your-enkrypt-api-key"
This stores the key in your guardrails configuration at ~/.enkrypt/enkrypt_mcp_config.json:
{ "plugins" : { "guardrails" : { "provider" : "enkrypt" , "config" : { "api_key" : "your-enkrypt-api-key" , "base_url" : "https://api.enkryptai.com" } } } }
Enable Guardrails for a Server Using CLI
Using JSON Config
From JSON File
# Enable input guardrails secure-mcp-gateway config update-server-input-guardrails \ --config-name "default_config" \ --server-name "github" \ --policy '{ "enabled": true, "policy_name": "Sample Airline Guardrail", "additional_config": { "pii_redaction": true }, "block": [ "policy_violation", "injection_attack", "pii", "toxicity" ] }' # Enable output guardrails secure-mcp-gateway config update-server-output-guardrails \ --config-name "default_config" \ --server-name "github" \ --policy '{ "enabled": true, "policy_name": "Sample Airline Guardrail", "additional_config": { "relevancy": true, "hallucination": true, "adherence": true }, "block": [ "policy_violation", "hallucination" ] }'
Edit ~/.enkrypt/enkrypt_mcp_config.json: { "mcp_configs" : { "config-id" : { "mcp_config" : [ { "server_name" : "github" , "input_guardrails_policy" : { "enabled" : true , "policy_name" : "Sample Airline Guardrail" , "additional_config" : { "pii_redaction" : true }, "block" : [ "policy_violation" , "injection_attack" , "pii" , "toxicity" ] }, "output_guardrails_policy" : { "enabled" : true , "policy_name" : "Sample Airline Guardrail" , "additional_config" : { "relevancy" : true , "hallucination" : true , "adherence" : true }, "block" : [ "policy_violation" , "hallucination" ] } } ] } } }
Create policy files and load them: input_policy.json: { "enabled" : true , "policy_name" : "Sample Airline Guardrail" , "additional_config" : { "pii_redaction" : true }, "block" : [ "policy_violation" , "injection_attack" , "pii" ] }
output_policy.json: { "enabled" : true , "policy_name" : "Sample Airline Guardrail" , "additional_config" : { "relevancy" : true , "hallucination" : true , "adherence" : true }, "block" : [ "policy_violation" , "hallucination" ] }
Apply them: secure-mcp-gateway config update-server-guardrails \ --config-name "default_config" \ --server-name "github" \ --input-policy-file "input_policy.json" \ --output-policy-file "output_policy.json"
Detector Types Detector Description Block Action policy_violationDetects content violating custom policies Blocks request injection_attackPrevents prompt injection, SQL injection, command injection Blocks request topic_detectorFlags off-topic requests Blocks request nsfwDetects NSFW/adult content Blocks request toxicityIdentifies toxic, offensive language Blocks request piiFinds personally identifiable information Redacts or blocks keyword_detectorMatches custom keyword blocklist Blocks request biasDetects biased or discriminatory content Blocks request sponge_attackPrevents resource exhaustion attacks Blocks request system_prompt_protectionProtects against prompt leaking Blocks request copyright_protectionDetects copyrighted content Blocks request
Output Detectors Detector Description Block Action All input detectors Same as above Blocks response relevancyValidates response relevance to input Blocks if irrelevant adherenceChecks if response follows instructions Blocks if non-adherent hallucinationDetects fabricated information Blocks response
PII Detection & Redaction Enabling PII Redaction
Enable in input guardrails
{ "input_guardrails_policy" : { "enabled" : true , "policy_name" : "PII Protection Policy" , "additional_config" : { "pii_redaction" : true }, "block" : [ "pii" ] } }
PII is detected and redacted
Input: "My email is [email protected] and SSN is 123-45-6789" Redacted: "My email is [PII_EMAIL_1] and SSN is [PII_SSN_1]"
Response is de-anonymized
The gateway automatically restores PII in the response using the mapping created during redaction.
How PII Redaction Works Custom Policies Creating a Policy in Enkrypt Dashboard
Create New Policy
Click “Create Policy” and name it (e.g., “Production API Policy”)
Configure Detectors
Select which detectors to enable and their thresholds:
Injection Attack : Threshold 0.7, Action: BlockToxicity : Threshold 0.6, Action: WarnPII : Always detect, Action: RedactKeywords : Add custom blocked terms
Save and Use
Save the policy and reference it in your config: { "policy_name" : "Production API Policy" }
Example: Strict Security Policy { "enabled" : true , "policy_name" : "Strict Security Policy" , "additional_config" : { "pii_redaction" : true , "content_filtering" : true }, "block" : [ "policy_violation" , "injection_attack" , "toxic_content" , "nsfw" , "pii" , "keyword_detector" , "bias" , "sponge_attack" , "system_prompt_protection" ] }
Example: Lenient Development Policy { "enabled" : true , "policy_name" : "Development Policy" , "additional_config" : { "pii_redaction" : false }, "block" : [ "injection_attack" , "pii" ] }
Advanced Configuration Async Guardrails Enable asynchronous guardrail processing for improved performance:
{ "common_mcp_gateway_config" : { "enkrypt_async_input_guardrails_enabled" : true , "enkrypt_async_output_guardrails_enabled" : true } }
Async guardrails process in the background and don’t block requests. Use only for logging/monitoring, not for blocking malicious content.
Guardrail Timeouts Configure timeout settings in the common config:
{ "common_mcp_gateway_config" : { "timeout_settings" : { "guardrail_timeout" : 15 , "escalation_policies" : { "warn_threshold" : 0.8 , "timeout_threshold" : 1.0 , "fail_threshold" : 1.2 } } } }
Apply guardrails to specific tools only:
{ "server_name" : "filesystem" , "tool_guardrails_policy" : { "enabled" : true , "policy_name" : "File Operations Policy" , "block" : [ "injection_attack" , "policy_violation" ] }, "tools" : { "write_file" : { "enabled" : true }, "delete_file" : { "enabled" : false } } }
Testing Guardrails Claude Desktop
Injection Test
Toxicity Test
Ask Claude to: "Use the GitHub server to search for repositories containing my SSN: 123-45-6789" # Expected: Request blocked or PII redacted
Test Output Guardrails Ask Claude to: "Make up a fictional story about how GitHub was founded, then search for it" # Expected: Hallucination detector blocks fabricated response
Check Guardrail Logs Guardrail detections are logged in the gateway logs:
# macOS tail -f ~/Library/Logs/Claude/mcp * .log | grep -i "guardrail" # Windows Get-Content " $env :APPDATA\Claude\logs\mcp*.log" -Wait | Select-String "guardrail"
Look for entries like:
[INFO] Input guardrail detected violation: injection_attack (severity: 0.95) [WARN] Request blocked by policy: Strict Security Policy [INFO] PII redacted: 2 email addresses, 1 SSN
Monitoring & Metrics View Guardrail Activity In Claude Desktop, ask:
Show me the cache status and recent guardrail activity
Or use the CLI:
secure-mcp-gateway system health-check
Enkrypt Dashboard View detailed guardrail analytics in the Enkrypt Dashboard :
Request/block rates
Top violations
PII detection trends
Policy effectiveness
Use Cases
Protect sensitive financial data: { "policy_name" : "Financial Compliance Policy" , "additional_config" : { "pii_redaction" : true }, "block" : [ "pii" , "injection_attack" , "policy_violation" , "sensitive_data" ] }
Detects and redacts:
Credit card numbers
SSNs
Account numbers
Tax IDs
Ensure HIPAA compliance: { "policy_name" : "HIPAA Compliance Policy" , "additional_config" : { "pii_redaction" : true , "phi_protection" : true }, "block" : [ "pii" , "policy_violation" , "injection_attack" ] }
Protects:
Patient names
Medical record numbers
Health information
Insurance IDs
Protect student data (FERPA): { "policy_name" : "Student Data Protection" , "additional_config" : { "pii_redaction" : true }, "block" : [ "pii" , "nsfw" , "toxicity" , "bias" ] }
Prevent code injection: { "policy_name" : "Code Security Policy" , "block" : [ "injection_attack" , "policy_violation" , "system_prompt_protection" ] }
Troubleshooting Guardrails Not Working
Verify API Key
secure-mcp-gateway config get-enkrypt-api-key
Ensure it matches your key from Enkrypt Dashboard
Check Policy Exists
Log into Enkrypt Dashboard and verify the policy name exists in your account
Confirm Guardrails Enabled
secure-mcp-gateway config get-server \ --config-name "config" \ --server-name "server"
Look for "enabled": true in guardrails policies
Test Connectivity
curl -H "Authorization: Bearer YOUR_ENKRYPT_API_KEY" \ https://api.enkryptai.com/guardrails/health
False Positives
Adjust thresholds : Lower detector sensitivity in Enkrypt DashboardWhitelist terms : Add exceptions to keyword detectorRefine policy : Use more specific detectors instead of broad ones
Enable async guardrails : For non-blocking operationIncrease timeout : Adjust guardrail_timeout in configCache policies : Guardrail results are cached by defaultUse fewer detectors : Only enable necessary protections
Best Practices
Start Lenient Begin with minimal detectors and add more based on observed threats
Test Thoroughly Test guardrails in development before production deployment
Monitor Metrics Review Enkrypt Dashboard regularly for policy effectiveness
Different Policies per Environment Use strict policies in production, lenient in development
Enable PII Redaction Always enable PII redaction for servers handling sensitive data
Document Policies Keep a record of which policies are used where and why
Next Steps
OAuth Setup Secure remote servers with OAuth authentication
External Cache Improve guardrail performance with Redis caching
Custom Plugins Create custom guardrail providers
API Reference Explore guardrails API endpoints
