Lasso Guardrails v3 API Support

Version: 1.2.0
Date: 2026-01-21

This release updates the Lasso guardrails plugin to support the new v3 API and improves compatibility with MCP servers that use non-chat argument formats.

🔧 Lasso Plugin Updates

API Upgrade to v3

• Endpoint Update: Default API endpoint upgraded from v2 to v3
• Message Type Field: Added required messageType field to API payloads

Improved Message Extraction

The plugin now supports MCP servers that use non-standard argument formats (e.g., filter/query style arguments instead of chat messages).

Key Changes:

• _extract_string_values() - New recursive function that extracts all string values from nested dicts and lists
• Enhanced _extract_messages_from_request() - Now extracts arguments from any MCP tool format, preserving argument context (e.g., filter: value)
• Simplified Response Parsing - Removed deprecated outputs handling, now relies on content field

Debug Logging Improvements

• Verbose INFO logging changed to DEBUG level for cleaner production output
• Better visibility into fallback extraction behavior

🧹 Maintenance

• Removed unsupported version argument from FastMCP initialization in gateway.py
• Removed deprecated license classifier from pyproject.toml
• Cleaned up dead code and unnecessary pass statements

🧪 Testing

• Updated tests to expect v3 API endpoint
• Added comprehensive tests for _extract_string_values() function
• Added tests for fallback message extraction behavior

🚀 Getting Started

pip install mcp-gateway==1.2.0

What's Changed

• fix: Update Lasso plugin to v3 API and support non-chat argument formats by @eliransu in #13
• test: Update test assertion to expect v3 API endpoint by @oroxenberg in #13
• refactor: Clean up lasso plugin and add test coverage by @oroxenberg in #13
• refactor: Preserve argument context in fallback message extraction by @oroxenberg in #13

Full Changelog: v1.1.0...v1.2.0

MCP Scanner

Version: 1.1.0
Date: 2025-01-XX

We're excited to announce MCP Gateway v1.1.0, introducing a comprehensive Security Scanner system that provides proactive protection against malicious and risky MCP servers!

🔍 New Feature: Advanced Security Scanner

MCP Gateway now includes a powerful security scanner that analyzes MCP servers for potential risks before they're loaded into your system, providing an additional layer of protection through multi-dimensional security analysis.

Key Capabilities:

• 🛡️ Reputation Analysis - Evaluates server reputation using marketplace (Smithery, NPM) and GitHub data with sophisticated scoring algorithms
• 🔍 Tool Description Scanning - Detects hidden instructions, sensitive file patterns, and malicious actions in tool descriptions using advanced pattern matching
• ⚡ Automatic Blocking - Blocks risky MCPs based on reputation scores (threshold: 30) and security analysis results
• 📝 Configuration Updates - Automatically updates your MCP configuration file with scan results and blocking status
• 🌐 Multi-Platform Support - Supports NPM registry and Smithery marketplace analysis with GitHub integration
• 📊 Comprehensive Logging - Detailed logging to ~/.mcp-gateway/scanner.log for audit and debugging purposes

🚀 Security Analysis Components

Reputation Scoring System

The scanner uses a sophisticated multi-factor scoring algorithm (0-100 scale) that evaluates:

GitHub Owner Metrics:

• Follower count and public repositories
• Account age and verification status
• Organization status and social presence
• Blog and Twitter verification

Repository Metrics:

• Stars and forks (logarithmic scaling)
• License compatibility (MIT, Apache-2.0, BSD-3-Clause, ISC)
• Repository age and activity

Marketplace Metrics:

• NPM: Download counts, version history, maintainer count, package age
• Smithery: Monthly tool usage, verification status, license information

Tool Description Analysis

Advanced pattern matching detects:

Hidden Instructions:

• Attempts to bypass security constraints
• Secret or confidential operation requests
• Instructions to hide actions from users

Sensitive File Patterns:

• Environment files (.env, config files)
• Authentication keys and certificates
• SSH keys and credential stores
• System configuration files

Malicious Actions:

• Shell command execution patterns
• Database manipulation attempts
• Network scanning and reconnaissance
• Privilege escalation attempts
• Data exfiltration patterns

🔧 Configuration Management

The scanner automatically updates your MCP configuration with blocking statuses:

Status Values:

• "passed" - Server passed all security checks and is safe to use
• "blocked" - Server failed security checks and will be blocked from loading
• "skipped" - Server scanning was skipped (manual override)
• null - Server not yet scanned or previously blocked server now considered safe

Before scanning:

{
    "mcpServers": {
        "mcp-gateway": {
            "command": "mcp-gateway",
            "args": ["--mcp-json-path", "~/.cursor/mcp.json", "--scan"],
            "servers": {
                "filesystem": {
                    "command": "npx",
                    "args": ["-y", "@modelcontextprotocol/server-filesystem", "."]
                }
            }
        }
    }
}

After scanning:

{
    "mcpServers": {
        "mcp-gateway": {
            "command": "mcp-gateway",
            "args": ["--mcp-json-path", "~/.cursor/mcp.json", "--scan"],
            "servers": {
                "filesystem": {
                    "command": "npx",
                    "args": ["-y", "@modelcontextprotocol/server-filesystem", "."],
                    "blocked": "passed"
                }
            }
        }
    }
}

🚀 Getting Started

1. Enable the scanner:

   mcp-gateway --mcp-json-path ~/.cursor/mcp.json --scan

2. With additional plugins:

   mcp-gateway --mcp-json-path ~/.cursor/mcp.json --scan -p basic -p lasso

3. Docker configuration:

   {
       "mcpServers": {
           "mcp-gateway": {
               "command": "docker",
               "args": [
                   "run", "--rm",
                   "--mount", "type=bind,source=/path/to/config,target=/app",
                   "-i",
                   "-v", "/Users/user/.cursor/mcp.json:/config/mcp.json:ro",
                   "mcp/gateway:latest",
                   "--mcp-json-path", "/config/mcp.json",
                   "--scan",
                   "--plugin", "basic"
               ],
               "servers": {
                   "filesystem": {
                       "command": "npx",
                       "args": ["-y", "@modelcontextprotocol/server-filesystem", "."]
                   }
               }
           }
       }
   }

📊 Logging and Monitoring

The scanner provides comprehensive logging:

• Location: ~/.mcp-gateway/scanner.log
• Components: Reputation scores, tool analysis results, blocking decisions
• Format: Structured logging with timestamps and component names
• Debugging: Enable with LOGLEVEL=DEBUG mcp-gateway --scan

Example log output:

2025-01-XX 10:30:45 - scanner - INFO - MCP filesystem reputation score: 85.2
2025-01-XX 10:30:45 - scanner - INFO - MCP filesystem is safe with score 85.2
2025-01-XX 10:30:45 - scanner - INFO - MCP SERVER 'filesystem' is safe.

🔧 Manual Override

You can manually override scanner decisions by changing the blocked status:

{
    "blocked": "skipped"  // Manually skip scanning for this server
}

🛠️ Technical Architecture

Data Collectors

• NPMCollector: Fetches package metadata from npm registry and downloads API
• SmitheryFetcher: Scrapes Smithery marketplace using BeautifulSoup
• GithubFetcher: Retrieves repository and owner data via GitHub API

Analysis Engine

• ProjectAnalyzer: Calculates weighted reputation scores using logarithmic scaling
• ToolAnalyzer: Performs regex-based pattern matching on tool descriptions
• Scanner: Orchestrates the entire scanning process and config updates

Configuration Constants

• Scoring Thresholds: Configurable reputation score limits (default: 30)
• Pattern Libraries: Comprehensive regex patterns for threat detection
• Marketplace Support: Extensible architecture for additional marketplaces

🔒 Security Benefits

• Proactive Protection: Blocks malicious servers before they can execute
• Multi-Vector Analysis: Combines reputation, behavioral, and content analysis
• Transparent Operations: Detailed logging and clear blocking reasons
• Manual Control: Override capabilities for trusted but low-scoring servers
• Continuous Updates: Automatic re-evaluation of previously blocked servers

What's Changed

• Feat: Advanced Security Scanner with reputation analysis by @barlanyado in #6
• Feat: Tool description analysis for malicious pattern detection by @barlanyado in #6
• Feat: Multi-marketplace support (NPM, Smithery, GitHub) by @barlanyado in #6
• Feat: Automatic configuration file updates with scan results by @barlanyado in #6
• Feat: Comprehensive logging system for scanner operations by @barlanyado in #6
• Enhancement: Sophisticated scoring algorithms with logarithmic scaling by @barlanyado in #6
• Enhancement: Pattern matching for hidden instructions and sensitive actions by @barlanyado in #6
• Enhancement: Docker support for scanner operations by @barlanyado in #6
• Docs: Updated README with scanner configuration examples by @barlanyado in #6
• Docs: Added comprehensive scanner documentation by @barlanyado in #6

New Contributors

• @barlanyado made their first contribution in #6

🚧 Important Notes

• Performance: Initial scan may take longer as it fetches data from multiple sources
• Rate Limits: Respects GitHub and NPM API rate limits with appropriate timeouts
• Manual Review: Low-scoring legitimate servers can be manually overridden
• Continuous Improvement: Pattern libraries and scoring algorithms are regularly updated

The Security Scanner represents a significant step forward in MCP security, providing enterprise-grade protection while maintaining ease of use and transparency.

MCP Gateway Tools Dynamic Capabilities

Version: 1.0.0
Date: 2025-05-01

We're thrilled to announce MCP Gateway v1.0.0, a major update that transforms how your AI agents interact with MCP servers!

✨ New Feature: Dynamic Capability Registration

MCP Gateway now automatically discovers and exposes all capabilities from your proxied MCP servers as native gateway tools.

Key Capabilities:

• Transparent Proxying: All tools and resources from underlying MCP servers now appear as regular capabilities within the gateway itself with the format <MCP_NAME>_<TOOL_NAME>
• Improved Discoverability: LLMs can now see and use all available tools directly without needing to invoke generic proxy methods
• Consistent Interface: All proxied tools maintain their original signatures, parameters, and documentation
• Automatic Sanitization: All proxied capabilities still benefit from the gateway's security and sanitization features

Before vs After:

Previous approach (v0.x):

# Get metadata about available servers
servers_info = await mcp.get_metadata()
# Call a tool on a specific server through a generic proxy
result = await mcp.run_tool("filesystem", "list_directory", {"path": "."})

New approach (v1.0):

# Direct access to proxied tools with their original signatures
result = await mcp.filesystem_list_directory(path=".")

🔄 Simplified Plugin Configuration

Command-line arguments have been streamlined with a unified plugin system:

• New Syntax: Use -p plugin_name or --plugin plugin_name for all plugin types
• Backward Compatible: Still supports --enable-guardrails and --enable-tracing for existing configurations

Example:

# New syntax
mcp-gateway --mcp-json-path ~/.cursor/mcp.json -p basic -p xetrack

# Equivalent old syntax
mcp-gateway --mcp-json-path ~/.cursor/mcp.json --enable-guardrails basic --enable-tracing xetrack

🚀 Getting Started

1. Update to version 1.0.0:

   pip install mcp-gateway==1.0.0

2. Update your configuration:

   {
     "mcpServers": {
       "mcp-gateway": {
         "command": "mcp-gateway",
         "args": [
           "--mcp-json-path",
           "~/.cursor/mcp.json",
           "--plugin",
           "basic"
         ],
         "servers": {
           "filesystem": {
             "command": "npx",
             "args": [
               "-y",
               "@modelcontextprotocol/server-filesystem",
               "."
             ]
           }
         }
       }
     }
   }

3. Start using the dynamic capabilities: Any LLM or code interacting with your gateway will now see all proxied capabilities as native tools.

🔍 Metadata Tool Enhancements

The get_metadata tool remains available and has been enhanced to provide detailed information about all proxied servers and their original capabilities, making it easier to debug and introspect your MCP ecosystem.

What's Changed

• Feat: Dynamic capability registration in #3
• Feat: Unified plugin system with simplified arguments in #3
• Docs: Updated README with new command syntax and examples in #3

v0.1.2

Release Notes: Xetrack Tracing Integration

Version: 0.1.2
Date: 20.4.2025

We are excited to introduce the integration of Xetrack as a new tracing plugin for MCP Gateway! This addition enhances the observability of your MCP interactions by providing detailed logging and monitoring capabilities for tool calls.

✨ New Feature: Xetrack Tracing Plugin

The xetrack plugin allows you to track and debug MCP tool calls using structured logging and database storage.

Key Capabilities:

• Detailed Logging: Captures comprehensive information about each tool call, including arguments, responses, server details, and timestamps. Logs are stored in files (using Loguru) for easy inspection.
• Database Tracking: Stores event data in an SQLite database (tracing.db by default), enabling powerful querying and analysis using tools like the xetrack CLI, Python (xetrack.Reader), or DuckDB.
• Flexible Configuration: Control logging behavior through environment variables (XETRACK_DB_PATH, XETRACK_LOGS_PATH, XETRACK_FLATTEN_ARGUMENTS, etc.) or mcp.json settings.
• Structured Data: Events are logged in a structured format, making it easier to parse and integrate with other monitoring systems.

Benefits:

• Enhanced Debugging: Easily trace the flow of requests and responses through the gateway and identify issues.
• Monitoring & Analysis: Analyze tool usage patterns, performance, and potential errors over time by querying the database.
• Improved Observability: Gain deeper insights into how agents interact with your MCP servers.

🚀 Getting Started

1. Install Dependencies:

   pip install mcp-gateway[xetrack]
   # or directly: pip install xetrack>=0.3.4

2. Enable the Plugin: Start the gateway with the --enable-tracing xetrack flag:

   mcp-gateway --enable-tracing xetrack

3. Configure (Optional): Set environment variables or update your mcp.json to customize database path, log location, and other parameters as shown in the README.md.

   Example mcp.json snippet for cursor:

   {
       "mcpServers": {
           "mcp-gateway": {
               "command": "mcp-gateway",
               "args": [
                   "--enable-tracing",
                   "xetrack"
               ],
               "env": {
                   "XETRACK_DB_PATH": "tracing.db",
                   "XETRACK_LOGS_PATH": "logs/"
               },
               // ... other servers ...
           }
       }
   }

4. Explore Data: Use the xetrack CLI, Python, or DuckDB to explore the collected data in tracing.db and the logs in the specified logs/ directory.

Refer to the updated README.md section on Tracing -> Xetrack for detailed usage examples and configuration options.

We believe this integration will significantly improve your ability to monitor and manage your MCP Gateway deployments. Happy tracing!

What's Changed

• Feat/tracing xetrack by @xdssio in #1

New Contributors

• @xdssio made their first contribution in #1

Full Changelog: https://github.com/lasso-security/mcp-gateway/commits/v0.1.2