# agent-prompt-injection-firewall-mcp
# Purpose: Pre-filter messages between agents for prompt-injection patterns. OWASP LLM Top-10 #1.
# Context: Runtime guard for agent-to-agent and agent-to-content scanning.

## Install
```bash
pip install agent-prompt-injection-firewall-mcp
```

## Auth & Rate Limits
- Free tier: 10 calls/day. No API key required.
- Pro tier (£79/mo): unlimited + signed attestations. https://buy.stripe.com/5kQ6oJ0xS3ce8sl7ew8k91j
- Enterprise (£1,499/mo): white-label + on-premise. hello@meok.ai
- All tools accept optional `api_key` parameter.

## Tools (5)

### `scan_prompt(tenant_id: str, text: str, context: str = "user-prompt")`
Scan a piece of text for prompt injection. Returns full decision trace.

### `define_custom_rule(tenant_id: str, rule_name: str, pattern: str, action: str = "escalate")`
Define a tenant-specific detection rule. Pro+ only.

### `list_rules(tenant_id: str = "")`
List built-in + custom rules (if tenant_id provided).

### `scan_log(tenant_id: str, risk_filter: str = "", limit: int = 20)`
Recent scan log. Pro tier: unbounded. Free tier: last 100.

### `sign_firewall_attestation(tenant_id: str, window_start_utc: str, window_end_utc: str, total_scans: int, blocks: int, escalations: int, email: str = "")`
Emit a signed attestation of firewall enforcement. Evidence for OWASP

## Pairs with
- `meok-attestation-verify` — public verification of signed certs
- `meok-attestation-api` (https://meok-attestation-api.vercel.app) — HMAC signing endpoint
- Other MEOK governance MCPs via `mcp_bridge_call`

## Maintainer
MEOK AI Labs · hello@meok.ai · https://meok.ai · MIT licensed