goop-shield-community

goop-shield-community provides an MCP server that exposes a robust set of defenses for AI agents via the MCP protocol. It integrates with Claude Code, Cursor, Windsurf, and other agents through a dedicated MCP endpoint, enabling tools such as shield_defend, shield_scan, shield_health, and shield_config to defend prompts, responses, and tool usage. The server runs alongside the core HTTP API and Python SDK, offering a plug-and-play way to interpose a ranked pipeline of defenses (inline defenses and output scanners) in the agent’s interaction flow. You can connect your MCP-enabled agent to the shield MCP server to automatically defend prompts, monitor responses for leakage or policy violations, and validate configurations in real time.

To use it, configure your MCP.json (or equivalent Cursor/.mcp.json) to point to the shield MCP server. Once connected, you can issue defend requests to assess whether a given prompt should be allowed, and scan_response calls to evaluate a produced response for potential leaks or harmful content. The server also exposes health and configuration tooling to help you tune the defense lineup and monitor runtime behavior. Framework adapters and telemetry support enable smooth integration with LangChain, CrewAI, and OpenClaw, along with Prometheus metrics for observability.

Prerequisites:

• Python 3.8+ (recommended 3.9+)
• pip
• Optional: a working MCP-enabled agent environment to connect to the MCP server

Installation steps:

1. Install the core package pip install goop-shield

2. (Recommended) Install with MCP server support enabled pip install goop-shield[mcp]

3. (Optional) Install with all optional dependencies pip install goop-shield[all]

4. Verify installation by running the MCP server (example) goop-shield mcp --port 8787

5. If you want to use the HTTP API server alongside MCP, follow the Quick Start in the README to launch the HTTP server and adapt your MCP configuration accordingly.

Tips and considerations:

• The MCP server is designed to work with a range of AI agents via the MCP protocol. Ensure your agent configuration references the shield MCP endpoint and uses the provided tools: shield_defend, shield_scan, shield_health, and shield_config.
• By default, 24 defenses are enabled; you can adjust the enabled_defenses via configuration to tailor performance vs. safety.
• For production deployments, enable telemetry and audit logging to monitor requests and detections. Consider using the ChannelImpersonationGuard and PluginSupplyChainGuard to harden tool usage and plugin integrity.
• If you encounter issues with prompts or responses, consult shield_config and shield_health through the MCP interface to verify the active defense set and per-session guards.
• Environment considerations: ensure port 8787 is accessible to your MCP client and that any firewall rules allow traffic between the agent and the shield server.