Governance middleware: policy enforcement and audit trails at the protocol level

## Proposal: Governance Middleware for MCP Python SDK

### Summary

Add an optional governance middleware layer to the MCP Python SDK that enables policy enforcement, threat detection, and audit trails at the protocol level — so any MCP server can benefit from governance without custom implementation.

### Problem

MCP servers expose powerful tools (file access, database queries, API calls, code execution). Currently, each server must implement its own security/governance logic, leading to:

1. **Inconsistent security** — Some servers validate inputs, others don't
2. **No standard policy format** — No way to apply organizational policies across servers
3. **No audit trail** — Tool calls are not systematically logged for compliance
4. **Duplicate effort** — Every server reimplements argument validation and access control

### Proposed Design

A middleware layer that intercepts tool calls at the SDK level:

```python
from mcp.server import Server
from mcp.governance import GovernanceMiddleware, GovernancePolicy

# Define policy
policy = GovernancePolicy(
    name="production-safe",
    allowed_tools=["search", "read_file", "list_directory"],
    blocked_tools=["execute_command", "write_file"],
    max_tool_calls_per_session=100,
    content_filters=["no_pii", "no_secrets"],
    threat_detection=True,
    audit_trail="governance_audit.jsonl",
)

# Apply middleware
app = Server("my-server")
governance = GovernanceMiddleware(app, policy=policy)

@app.tool()
async def search(query: str) -> str:
    # Governance middleware validates before this runs
    return await perform_search(query)
```

### Middleware Hooks

1. **pre_tool_call** — Validate tool name + arguments against policy. Return error if blocked.
2. **post_tool_call** — Audit the result, scan for sensitive data in output.
3. **on_connect** — Log client connection, apply session-level policies.
4. **on_policy_violation** — Emit structured error with violation details.

### Benefits

- **Zero-change adoption** — Existing servers add governance with 2 lines of code
- **Protocol-level** — Works regardless of transport (stdio, SSE, HTTP)
- **Composable** — Stack multiple policies (org → team → server)
- **Standards-aligned** — Policy format compatible with Agent-OS governance schemas

### Context

We maintain [Agent-OS](https://github.com/imran-siddique/agent-os) governance framework with integrations for PydanticAI, CrewAI, OpenAI Agents, and Google ADK. Related proposals:
- [google/mcp-security #237](https://github.com/google/mcp-security/issues/237) — MCP security governance
- [anthropics/claude-agent-sdk-python #587](https://github.com/anthropics/claude-agent-sdk-python/issues/587) — Governance hooks
- [google/adk-python #4543](https://github.com/google/adk-python/issues/4543) — GovernancePlugin

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Governance middleware: policy enforcement and audit trails at the protocol level #2094

Proposal: Governance Middleware for MCP Python SDK

Summary

Problem

Proposed Design

Middleware Hooks

Benefits

Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Governance middleware: policy enforcement and audit trails at the protocol level #2094

Description

Proposal: Governance Middleware for MCP Python SDK

Summary

Problem

Proposed Design

Middleware Hooks

Benefits

Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions