|
1 | | -# Defenter Proxy |
| 1 | +# **Defenter** |
2 | 2 |
|
3 | | -Real-time semantic monitoring of AI agent<->MCP Server communication to protect from data leaks and malicious prompt injections. |
| 3 | +Real-time semantic security for AI coding agents and MCP tools in VS Code, Claude Code and Cursor. |
4 | 4 |
|
5 | | -## 🚀 How to use |
| 5 | +Defenter monitors every prompt, every coding agent tool call, every MCP server call, and key file and shell operations in your IDE. It acts as a semantic policy broker that understands what agents are doing, not just where they send data, so you can use AI coding agents without leaking secrets or customer data. |
6 | 6 |
|
7 | | -The simplest way to use Defenter is to install the VS Code/Cursor extension: |
| 7 | +--- |
| 8 | + |
| 9 | +## **🚀 How to use** |
| 10 | + |
| 11 | +The simplest way to use Defenter is to install the VS Code or Cursor extension: |
| 12 | + |
| 13 | +* **VS Code Marketplace**: [Install **Defenter**](https://marketplace.visualstudio.com/items?itemName=defenter.defenter-vsc) |
| 14 | +* **Open VSX (Cursor and others)**: [Install **Defenter**](https://open-vsx.org/extension/defenter/defenter-vsc) |
| 15 | +* **Claude Code:** install **Defenter** plugin |
| 16 | + |
| 17 | +Once installed, the extension automatically intercepts and protects: |
| 18 | + |
| 19 | +* MCP server calls |
| 20 | +* Coding agent prompts and responses |
| 21 | +* File reads and shell commands triggered by the agent |
| 22 | + |
| 23 | +No manual MCP configuration is needed. |
| 24 | + |
| 25 | +--- |
8 | 26 |
|
9 | | -- **VS Code Marketplace**: [Install Defenter](https://marketplace.visualstudio.com/items?itemName=defenter.defenter) |
10 | | -- **Open VSX (Cursor & others)**: [Install Defenter](https://open-vsx.org/extension/defenter/defenter) |
| 27 | +## **Overview** |
11 | 28 |
|
12 | | -The extension automatically installs and protects all your MCP servers - no manual configuration needed! |
| 29 | +Defenter is a semantic policy broker for AI coding agents. It adds an intelligent security layer inside your IDE that: |
| 30 | + |
| 31 | +* Intercepts every coding agent prompt and action |
| 32 | +* Wraps every MCP tool call and response |
| 33 | +* Analyzes the payload for sensitive information and risky behavior in real time |
| 34 | +* Enforces your security policies with allow, redact, or block decisions |
| 35 | + |
| 36 | +Traditional security tools cannot see what an agent is about to share or execute. They look at apps and destinations, not at the intent and content of an agent’s actions. |
| 37 | + |
| 38 | +Defenter bridges this gap by: |
| 39 | + |
| 40 | +* Preventing data leaks and context contamination |
| 41 | +* Providing clear, visual monitoring of every agent decision |
13 | 42 |
|
14 | 43 | --- |
15 | 44 |
|
16 | | -## Overview |
| 45 | +## **Architecture and how it works** |
| 46 | + |
| 47 | +This repository contains the Defenter proxy and related components that secure MCP and coding agent traffic. |
17 | 48 |
|
18 | | -Defenter is a semantic policy broker that understands *what* your AI agents are doing, not just *where* they're sending data. It acts as an intelligent security layer that intercepts every MCP tool call made by AI agents, analyzes the payload for sensitive information in real-time, and enforces security policies seamlessly. |
| 49 | +Defenter is built as a Python based proxy and local middleware that the IDE extension uses to enforce policy. At a high level: |
19 | 50 |
|
20 | | -Traditional security tools fall short because they can't understand the intent and content of an agent's actions. Defenter bridges this gap by enabling productivity safely, preventing data leaks, and providing visual monitoring of every agent decision. |
| 51 | +* **Local middleware layer** |
21 | 52 |
|
22 | | -Key capabilities: |
23 | | -- Semantic intent analysis of agent actions and content |
24 | | -- All secrets are redacted locally before any data is sent to Defenter for analysis |
25 | | -- Local MCP monitoring with full transparency |
| 53 | + * Runs on the developer machine |
| 54 | + * Hooks coding agent prompts, file reads, and shell executions |
| 55 | + * Intercepts all MCP tool calls and responses |
| 56 | + * Performs client side redaction of secrets and PII |
26 | 57 |
|
27 | | -## Architecture & How It Works |
| 58 | +* **Cloud powered policy engine** |
28 | 59 |
|
29 | | -Defenter is built as a Python-based proxy server that wraps MCP servers and provides a middleware layer for intercepting MCP protocol communication. The architecture includes: |
| 60 | + * Receives a minimal, redacted payload |
| 61 | + * Uses a classifier and analyzer to check for data leaks, context contamination, and prompt injection |
| 62 | + * Returns Allow, Redact, Need more info, or Block decisions in real time |
| 63 | + * Works with low latency to make sure the development flow in without friction |
30 | 64 |
|
31 | | -- **Local-running middleware layer**: Intercepts all MCP tool calls and responses |
32 | | -- **Cloud-powered policy engine**: Analyzes redacted payloads for data leak risks and policy violations |
33 | | -- **IDE integration**: Seamless integration with VS Code and Cursor extensions |
| 65 | +* **IDE integration** |
| 66 | + |
| 67 | + * Seamless integration with VS Code and Cursor extensions |
| 68 | + * Shows a live monitoring view of all agent actions and Defenter decisions directly inside the IDE |
| 69 | + |
| 70 | +Together, these pieces let you harness AI coding agents and MCP tools without compromising the security of your code, data, or workflows. |
| 71 | + |
| 72 | +--- |
34 | 73 |
|
35 | | -## References |
| 74 | +## **References** |
36 | 75 |
|
37 | 76 | **Python Proxy**: See [src/README.md](src/README.md) for detailed implementation documentation |
38 | 77 |
|
|
0 commit comments