UBOS Asset Marketplace: Secure Your LLMs with MCP Firewall

In the rapidly evolving landscape of Large Language Models (LLMs), ensuring data security and policy enforcement is paramount. The UBOS Asset Marketplace offers a robust solution: the MCP Firewall, a Model Control Protocol (MCP) compatible service designed to provide a text filtering firewall with a powerful rules engine. This asset is crucial for businesses aiming to protect sensitive data and enforce compliance when leveraging LLMs like Claude and other MCP-compatible models.

The Growing Need for LLM Security

LLMs have transformed various industries, enabling sophisticated applications in customer service, content creation, data analysis, and more. However, the power of these models comes with inherent risks. LLMs can inadvertently expose sensitive information, generate inappropriate content, or be exploited for malicious purposes. Traditional security measures often fall short in addressing these unique challenges, necessitating specialized tools like the MCP Firewall.

Introducing MCP Firewall: Your LLM Security Guardian

The MCP Firewall acts as a vital filtering layer between your applications and LLMs. It processes text data, scrutinizing it against a customizable rules engine before it reaches the LLM. This proactive approach allows you to:

• Identify and Redact Sensitive Information: Automatically detect and redact personally identifiable information (PII) such as social security numbers, credit card details, and addresses.
• Enforce Content Policies: Ensure that all generated content adheres to your organization’s policies and ethical guidelines.
• Transform Text Content: Modify text to meet specific requirements, such as anonymization or standardization.
• Prevent Data Breaches: Protect against the inadvertent leakage of confidential data.
• Maintain Regulatory Compliance: Adhere to industry-specific regulations such as HIPAA, GDPR, and CCPA.

Key Features of MCP Firewall

The MCP Firewall is packed with features designed to provide comprehensive LLM security:

• Powerful Rules Engine:
  • Pattern Matching: Utilizes regular expressions and plain text matching for flexible and accurate detection of specific patterns and keywords.
  • Default Rules: Comes pre-configured with rules for identifying common types of sensitive information, saving you time and effort.
  • Customizable Replacements and Transformations: Allows you to define how identified text should be replaced or transformed.
  • Rule-Based Policy Enforcement: Enables you to create rules that enforce specific content policies.
  • Easy Customization: Provides a simple interface for adding, modifying, and deleting rules to meet your specific needs.
• REST API: Offers a simple and intuitive REST API for seamless integration with any application.
• MCP Protocol Support: Fully compatible with the Model Control Protocol, ensuring seamless integration with Claude and other MCP-compatible LLMs.
• Persistent Storage: Uses an SQLite database to store rules, ensuring they persist across restarts.
• Enhanced Docker Support:
  • Lightweight Container: Runs in a lightweight Docker container with minimal dependencies.
  • Volume Mounts: Supports volume mounts for persistent data storage.
  • Easy Deployment: Includes a deploy_docker.sh script for simplified deployment.
• Smithery Compatible: Ready for enterprise deployment with Smithery.

Use Cases for MCP Firewall

The MCP Firewall can be deployed in a wide range of use cases, including:

• Customer Service: Protecting customer data in chatbot interactions and support tickets.
• Content Creation: Ensuring that generated content is free of offensive or inappropriate material.
• Data Analysis: Anonymizing sensitive data before processing it with LLMs.
• Legal and Compliance: Enforcing legal and regulatory requirements in document processing and analysis.
• Healthcare: Protecting patient data in medical record analysis and clinical decision support.
• Finance: Preventing fraud and ensuring compliance with financial regulations.

Getting Started with MCP Firewall

Integrating the MCP Firewall into your workflow is straightforward. The following steps provide a quick start:

Using Docker

1. Clone the Repository: bash git clone https://github.com/awilmoth/mcp-firewall.git cd mcp-firewall

2. Build the Docker Image: bash docker build -t mcp-firewall .

3. Run the Container with Persistent Storage: bash docker run -d -p 6366:6366
   -v $HOME/mcp-firewall-data:/data
   -v $HOME/mcp-firewall-logs:/logs
   –name mcp-firewall mcp-firewall

4. Alternatively, Use the Deployment Script: bash ./deploy_docker.sh

5. Test Text Processing: bash curl -X POST http://localhost:6366/process
   -H “Content-Type: application/json”
   -d ‘{“text”:“My SSN is 123-45-6789 and my email is test@example.com”}’

Python Installation

1. Clone the Repository: bash git clone https://github.com/awilmoth/mcp-firewall.git cd mcp-firewall

2. Install Dependencies: bash pip install -r requirements.txt

3. Run the Server: bash python app/mcp_firewall.py

Integrating with Claude

To integrate the MCP Firewall with Claude, configure the .mcp.json file to point to the MCP Firewall server:

{ “mcpServers”: { “mcp_firewall”: { “url”: “http://localhost:6366”, “transport”: “http”, “timeout_ms”: 60000, “protocol_version”: “2024-11-05”, “tools”: [ “process_text”, “get_rules”, “add_rule”, “update_rule”, “delete_rule”, “reset_rules” ] } } }

API Endpoints

The MCP Firewall provides a comprehensive set of API endpoints for managing text processing, rules, and system health. Here are some of the key endpoints:

Text Processing

• POST /process - Process text through the firewall rules engine
  • Request: {"text": "text to process"}
  • Response: {"processed_text": "processed text", "matches": [...]}
• POST /redact - Legacy endpoint that redirects to process (for backwards compatibility)

Rules Management

• GET /rules - Get all firewall rules
• POST /rules - Add a new firewall rule
  • Request: {"name": "Rule Name", "pattern": "regex pattern", "replacement": "<REPLACEMENT>", "description": "Description", "enabled": true, "is_regex": true}
• PUT /rules/{rule_id} - Update a firewall rule
• DELETE /rules/{rule_id} - Delete a firewall rule
• POST /rules/reset - Reset firewall rules to defaults

System

• GET /health - Check service health
• GET / - Service information

Unleash the Power of UBOS: The Full-Stack AI Agent Development Platform

While the MCP Firewall offers robust security for your LLMs, UBOS provides a comprehensive platform for developing and deploying AI Agents. UBOS is designed to bring the power of AI Agents to every business department, enabling you to:

• Orchestrate AI Agents: Seamlessly manage and coordinate multiple AI Agents to achieve complex tasks.
• Connect with Enterprise Data: Integrate AI Agents with your existing data sources to unlock valuable insights.
• Build Custom AI Agents: Develop tailored AI Agents using your own LLM models.
• Create Multi-Agent Systems: Design sophisticated systems that leverage the collective intelligence of multiple AI Agents.

UBOS empowers you to build AI-driven solutions that are secure, scalable, and aligned with your business objectives. Combining the security of MCP Firewall with the power of UBOS creates a synergistic environment for responsible and innovative AI development.

Security and Usage Considerations

While the MCP Firewall provides a flexible rules engine for text processing, it’s essential to keep the following considerations in mind:

• Regex vs. Plain Text Matching: Support for both regex patterns and plain text matching offer different performance characteristics. Consider the trade-offs when designing your rules.
• Rule Quality: The effectiveness of the firewall depends on the quality and comprehensiveness of your rules. Regularly review and update your rules to ensure they remain effective.
• Text Size Limits: Processing very large texts (>100K characters) is limited to prevent timeouts. Consider breaking down large texts into smaller chunks for processing.
• Rule Validation: All rules are validated before being added to prevent empty or invalid patterns.
• Comprehensive Security Strategy: For security use cases, the MCP Firewall should be part of a broader security strategy.

Conclusion

The MCP Firewall, available on the UBOS Asset Marketplace, is an essential tool for organizations seeking to secure their LLM deployments. By providing a powerful rules engine for text filtering and policy enforcement, the MCP Firewall helps you protect sensitive data, maintain regulatory compliance, and mitigate the risks associated with LLMs. Combined with the comprehensive capabilities of the UBOS platform, you can confidently harness the power of AI while ensuring the safety and integrity of your data.