@guardion/guardion

v0.4.1

Published

5 days ago

Guardion — Agent runtime governance: DLP for MCPs and agents

0High
0Medium
0Low

rafaelsandroni

security monitoring ai claude claude-code guardrails hooks observability llm

Guardion

Guardion — Agent runtime governance: DLP for MCPs and agents.

An MCP (Model Context Protocol) DLP proxy with policy-driven PII anonymization that wraps any MCP server — local (stdio) or remote (HTTP/SSE) — behind one secure interface, and governs Claude Code at the same time.

Overview

Guardion adds a protective layer to your MCP setup. It auto-detects your existing MCP configuration files and routes each server through a local interposer that scans every tool call and result against a Guard policy — anonymizing PII/secrets in place (structure preserved) before data ever reaches the model or leaves to a tool.

Key features:

DLP / anonymization — PII and secrets in tool input and output are redacted via your Guard policy (email, phone, names, cards, SSNs, …); the model/server only sees tokens.
Automatic configuration — the CLI detects and updates MCP config files for Cursor, Claude Desktop, and Claude Code (plus Windsurf, Cline, VS Code, .mcp.json).
Works with everything — local stdio servers and remote HTTP/SSE servers (forward, reverse, and SSE bridging); discovers remote connectors for inventory.
Transparent proxying — tools, prompts, and resources pass through untouched except for redacted text; multiple content blocks, structuredContent, images/blobs and isError are preserved.
Three modes — dlp (anonymize, never block), enforce (block on a deny verdict + anonymize), monitor (observe only).
Beyond MCP — Claude Code hooks (observability/enforcement) and shadow-AI discovery.

Quick Start

# Install the CLI
npm install -g @guardion/guardion        # or use npx -y @guardion/guardion <cmd>

# Guided setup — pick what to protect (MCP / Claude Code), paste your key, choose policy & mode
guardion init

# Auto-detect & DLP-protect every MCP config on this machine (Cursor, Claude Desktop, Claude Code)
guardion install mcp

guardion init stores your config in ~/.guardion/config.yaml (token in the OS keychain) and prints tailored next steps. Preview changes first with guardion scan --mode mcp --dry-run; undo any time with guardion scan --mode mcp --revert.

How It Works

 MCP host (Cursor / Claude Desktop / Claude Code)
      │  JSON-RPC
      ▼
 guardion mcp  ── tool input/output leaves ─▶  Guard API (/v1/guard, your policy)
      │  apply redaction in place             ◀── correction + redaction spans
      ▼
 real MCP server (stdio · HTTP · SSE)

Detection and redaction are delegated entirely to your Guard policy — what to redact (entity types) and where (tool input, output, or both) are configured centrally in the Guardion console, not in the plugin.

Usage

Direct usage with npx

No install required — use directly in your Cursor / Claude Desktop / Claude Code MCP config. Prefix any server's command with npx -y @guardion/guardion mcp:

{
  "mcpServers": {
    "protected_server": {
      "command": "npx",
      "args": [
        "-y", "@guardion/guardion", "mcp", "--mode", "dlp", "--",
        "npx", "-y", "@modelcontextprotocol/server-filesystem", "/path/to/files"
      ],
      "env": {
        "GUARDION_TOKEN": "grd_your_api_key",
        "GUARDION_POLICY": "data-protection"
      }
    }
  }
}

Standalone usage

GUARDION_TOKEN=grd_... GUARDION_POLICY=data-protection \
npx -y @guardion/guardion mcp --mode dlp -- npx -y @modelcontextprotocol/server-filesystem /path/to/files

Configuration

Local servers (stdio)

For local MCP servers that communicate via stdio, put the real command after --:

{
  "mcpServers": {
    "protected_server": {
      "command": "npx",
      "args": ["-y", "@guardion/guardion", "mcp", "--mode", "dlp", "--", "node", "path/to/server.js"],
      "env": { "GUARDION_TOKEN": "grd_...", "GUARDION_POLICY": "data-protection" }
    }
  }
}

Remote servers (HTTP / SSE)

For remote MCP servers, use --url instead of --:

{
  "mcpServers": {
    "protected_server": {
      "command": "npx",
      "args": ["-y", "@guardion/guardion", "mcp", "--mode", "dlp", "--url", "https://api.example.com/mcp"],
      "env": { "GUARDION_TOKEN": "grd_...", "GUARDION_POLICY": "data-protection" }
    }
  }
}

Add --header "Authorization: Bearer …" for authenticated remote servers, or --listen 8900 to expose Guardion as a local proxy URL you can paste into Claude Desktop → Connectors.

Modes

| --mode | Behavior | |-----------|-------------------------------------------------------| | dlp | Anonymize PII via Guard corrections — never blocks (default) | | enforce | Block on a deny verdict and anonymize | | monitor | Observe only — send for visibility, never modify |

Environment variables

| Variable | Purpose | |------------------------|---------------------------------------------------------------| | GUARDION_TOKEN | Your Guardion API key (or stored via guardion token set) | | GUARDION_POLICY | Policy slug whose PII / Data-Protection detector to apply | | GUARDION_API_URL | Guard API base URL (default https://api.guardion.ai) | | GUARDION_MODE | dlp | enforce | monitor (same as --mode) | | GUARDION_FAIL_CLOSED | true to deny when Guard is unreachable (default: fail-open) |

Complete example for Cursor / Claude Desktop

Add this to your MCP configuration file:

{
  "mcpServers": {
    "guardion": {
      "command": "npx",
      "args": [
        "-y", "@guardion/guardion", "mcp", "--mode", "dlp", "--server", "filesystem", "--",
        "npx", "-y", "@modelcontextprotocol/server-filesystem", "/path/to/files"
      ],
      "env": {
        "GUARDION_TOKEN": "grd_your_api_key",
        "GUARDION_POLICY": "data-protection"
      }
    }
  }
}

…or skip the hand-editing and let the CLI do it for every app: guardion install mcp.

CLI

| Command | What it does | |---------|--------------| | guardion init | Guided setup: pick what to protect, paste your key, choose a policy & mode | | guardion install mcp | Scan & DLP-protect every detected MCP config | | guardion mcp [--mode …] [--policy …] -- <cmd> / --url <url> | Wrap one MCP server | | guardion scan [--mode full\|mcp\|tools\|agents\|skills] | Discover MCP servers, tools, skills, shadow-AI agents/connectors; --inventory reports to Guard | | guardion scan --mode mcp --dry-run \| --replace \| --revert | Preview / apply / undo config protection | | guardion claude-code [--mode hooks\|gateway\|full] | Govern Claude Code via hooks | | guardion token set\|get\|test\|clear | Manage your API token |

Requirements

Node.js >= 18.0.0
A Guardion API key and a policy with the PII / Data-Protection detector enabled (create one at guardion.ai)

License

MIT

About

Guardion secures your MCP clients and AI agents from data leaks (DLP / PII anonymization), prompt injection, tool poisoning, and risky actions.