feat: add LLMGuard security guardrails plugin (#1018)

* making cryptography version compatible with llmguard

Signed-off-by: Shriti Priya <[email protected]>

* lower bound

Signed-off-by: Shriti Priya <[email protected]>

* Initial plugin implementation using llmguard

Signed-off-by: Shriti Priya <[email protected]>

* changes for input and output filters

Signed-off-by: Shriti Priya <[email protected]>

* documentation on functions of llmguard.py

Signed-off-by: Shriti Priya <[email protected]>

* Adding documentation and minor bug fixes

Signed-off-by: Shriti Priya <[email protected]>

* linting changes

Signed-off-by: Shriti Priya <[email protected]>

* Updating cryptogrpahy dependency in conatinerfile for llmguard

Signed-off-by: Shriti Priya <[email protected]>

* Reverting the cryptogrpahy package version in root pyproject.toml

Signed-off-by: Shriti Priya <[email protected]>

* Updating manifest.in file

Signed-off-by: Shriti Priya <[email protected]>

* adding make test in container

Signed-off-by: Shriti Priya <[email protected]>

* fix: fixed retry on client plugin connection.

Signed-off-by: Teryl Taylor <[email protected]>

* Changing port for llmguard

Signed-off-by: Shriti Priya <[email protected]>

* Pre-caching the scanners during container build

Signed-off-by: Shriti Priya <[email protected]>

* test cases

Signed-off-by: Shriti Priya <[email protected]>

* filters and sanitizers

Signed-off-by: Shriti Priya <[email protected]>

* Vault caching for anonymize and deanoymize, examples

Signed-off-by: Shriti Priya <[email protected]>

* vault caching and expiry ttl, vault leak detection and redis caching

Signed-off-by: Shriti Priya <[email protected]>

* adding test cases

Signed-off-by: Shriti Priya <[email protected]>

* Adding test cases for vault and sanitizers

Signed-off-by: Shriti Priya <[email protected]>

* Documentation and test cases for LLMGuardPlugin

Signed-off-by: Shriti Priya <[email protected]>

* Updating readme for plugin

Signed-off-by: Shriti Priya <[email protected]>

* Updating readme for plugin

Signed-off-by: Shriti Priya <[email protected]>

* Updating readme for plugin

Signed-off-by: Shriti Priya <[email protected]>

* Updating readme for plugin

Signed-off-by: Shriti Priya <[email protected]>

* Updating yaml formatting in documentation

Signed-off-by: Shriti Priya <[email protected]>

* Adding some examples, test cases for complex policiies and documentation update

Signed-off-by: Shriti Priya <[email protected]>

* Pandoc MCP Server (#1044)

Signed-off-by: Mihai Criveti <[email protected]>

* Massive mcp server and plugin update (#1051)

* MCP Servers and Plugins

Signed-off-by: Mihai Criveti <[email protected]>

* Formatting

Signed-off-by: Mihai Criveti <[email protected]>

* Update Readme

Signed-off-by: Mihai Criveti <[email protected]>

* Update plugin

Signed-off-by: Mihai Criveti <[email protected]>

* Update plugins

Signed-off-by: Mihai Criveti <[email protected]>

* Update docs

Signed-off-by: Mihai Criveti <[email protected]>

* Update chmod

Signed-off-by: Mihai Criveti <[email protected]>

* Update headers

Signed-off-by: Mihai Criveti <[email protected]>

* Update headers

Signed-off-by: Mihai Criveti <[email protected]>

---------

Signed-off-by: Mihai Criveti <[email protected]>

* OAuth token multitenancy closes #1078 (user-scoped tokens) and #1023 (token refresh) (#1084)

* Fix oauth token multitenancy

Signed-off-by: Mihai Criveti <[email protected]>

* Fix oauth token multitenancy

Signed-off-by: Mihai Criveti <[email protected]>

* Fix oauth token multitenancy

Signed-off-by: Mihai Criveti <[email protected]>

* Fix oauth token multitenancy

Signed-off-by: Mihai Criveti <[email protected]>

* Fix oauth token multitenancy

Signed-off-by: Mihai Criveti <[email protected]>

* Update alembic migration - fix 0.7.0 upgrade

Signed-off-by: Mihai Criveti <[email protected]>

* Closes #1023 - implement token refresh

Signed-off-by: Mihai Criveti <[email protected]>

* Closes #1023 - implement token refresh

Signed-off-by: Mihai Criveti <[email protected]>

---------

Signed-off-by: Mihai Criveti <[email protected]>

* Documentation update readmes (#1087)

* Documentation updates

Signed-off-by: Mihai Criveti <[email protected]>

* Documentation updates

Signed-off-by: Mihai Criveti <[email protected]>

---------

Signed-off-by: Mihai Criveti <[email protected]>

* Documentation updates (#1088)

Signed-off-by: Mihai Criveti <[email protected]>

* Documentation updates (#1089)

Signed-off-by: Mihai Criveti <[email protected]>

* Test tokens (#1090)

* Test tokens

Signed-off-by: Mihai Criveti <[email protected]>

* llms-mcp-server-python

Signed-off-by: Mihai Criveti <[email protected]>

---------

Signed-off-by: Mihai Criveti <[email protected]>

* Update mcp servers (#1091)

* Update MCP Servers

Signed-off-by: Mihai Criveti <[email protected]>

* Update MCP Servers

Signed-off-by: Mihai Criveti <[email protected]>

* Update MCP Servers

Signed-off-by: Mihai Criveti <[email protected]>

* Update MCP Servers

Signed-off-by: Mihai Criveti <[email protected]>

* Update MCP Servers

Signed-off-by: Mihai Criveti <[email protected]>

* Update MCP Servers

Signed-off-by: Mihai Criveti <[email protected]>

* Update MCP Servers

Signed-off-by: Mihai Criveti <[email protected]>

---------

Signed-off-by: Mihai Criveti <[email protected]>

* PM MCP Server

Signed-off-by: Mihai Criveti <[email protected]>

* PM MCP Server

Signed-off-by: Mihai Criveti <[email protected]>

* PM MCP Server

Signed-off-by: Mihai Criveti <[email protected]>

* Fixes OAuth after addition of signature to state (#1097)

* copied from main

Signed-off-by: Madhav Kandukuri <[email protected]>

* testing changes
Signed-off-by: Madhav Kandukuri <[email protected]>

* Fix oauth code
Signed-off-by: Madhav Kandukuri <[email protected]>

* Fix tests in test_oauth_router
Signed-off-by: Madhav Kandukuri <[email protected]>

* Linting fixes
Signed-off-by: Madhav Kandukuri <[email protected]>

* remove debug_team_dropdown.md

Signed-off-by: Madhav Kandukuri <[email protected]>

* String issue fixed
Signed-off-by: Madhav Kandukuri <[email protected]>

---------

Signed-off-by: Madhav Kandukuri <[email protected]>

* feat: add opa policy input data mapping support (#1102)

* feat: add opa policy input data mapping support

Signed-off-by: Frederico Araujo <[email protected]>

* chore: drop debugging print statement

Signed-off-by: Frederico Araujo <[email protected]>

---------

Signed-off-by: Frederico Araujo <[email protected]>

* fix: multi-arch support for opa server (#1106)

Signed-off-by: Frederico Araujo <[email protected]>

* docs: add Terraform MCP Server and Gateway integration guide (#1083)

This commit adds documentation explaining the Terraform MCP Server,
its key features, and how to integrate it with the MCP Gateway. The
content is based on the official documentation and adapted for usage
and reference.

Signed-off-by: Alexander Cobas Rodríguez <[email protected]>

* copied from main

Signed-off-by: Madhav Kandukuri <[email protected]>

* testing changes
Signed-off-by: Madhav Kandukuri <[email protected]>

* Linting fixes
Signed-off-by: Madhav Kandukuri <[email protected]>

* remove debug_team_dropdown.md

Signed-off-by: Madhav Kandukuri <[email protected]>

* copied from fix-oauth

Signed-off-by: Madhav Kandukuri <[email protected]>

* OAuth for test gateway
Signed-off-by: Madhav Kandukuri <[email protected]>

* testing
Signed-off-by: Madhav Kandukuri <[email protected]>

* testing
Signed-off-by: Madhav Kandukuri <[email protected]>

* Fix tests
Signed-off-by: Madhav Kandukuri <[email protected]>

* Update doctest for check_health_for_gatways
Signed-off-by: Madhav Kandukuri <[email protected]>

* Linting fixes
Signed-off-by: Madhav Kandukuri <[email protected]>

* Fix pylint issues
Signed-off-by: Madhav Kandukuri <[email protected]>

* UI multi tenancy gaps (#1040)

* visibility fix, team id in consistency fix, other minor fixes

* fixed test cases

* lint web fixes

Signed-off-by: Satya <[email protected]>

* updated tools view metadata

* metadata visibility check Tools, A2A

Signed-off-by: Satya <[email protected]>

* rebase

Signed-off-by: Satya <[email protected]>

* lint-web fix

Signed-off-by: Satya <[email protected]>

* fix for private visibility to user specific

Signed-off-by: Satya <[email protected]>

---------

Signed-off-by: Satya <[email protected]>

* The system executed 5 runs with a 0% success rate, an average response time of 0.393 ms, and an error rate of 0%. (#1103)

Signed-off-by: NAYANAR <[email protected]>
Co-authored-by: NAYANAR <[email protected]>

* Pass auth headers when gateway auth is None (#1115)

* code change as in issue
Signed-off-by: Madhav Kandukuri <[email protected]>

* Update tests
Signed-off-by: Madhav Kandukuri <[email protected]>

* Update README.md

* Update README.md

Signed-off-by: Shriti Priya <[email protected]>

* Update README.md

Signed-off-by: Shriti Priya <[email protected]>

* WIP: Plugin Framework Specification Document (#1118)

* docs: initial revision plugins spec

Signed-off-by: Teryl Taylor <[email protected]>

* docs(spec): moved plugin spec and broke into subpages.

Signed-off-by: Teryl Taylor <[email protected]>

* docs(spec): added some administrative hooks to spec

Signed-off-by: Teryl Taylor <[email protected]>

* (feat): Markdown fixes and added future hooks.

Signed-off-by: Ian Molloy <[email protected]>

---------

Signed-off-by: Teryl Taylor <[email protected]>
Signed-off-by: Ian Molloy <[email protected]>
Co-authored-by: Teryl Taylor <[email protected]>
Co-authored-by: Ian Molloy <[email protected]>

* plugins spec update

Signed-off-by: Mihai Criveti <[email protected]>

* Removing files

Signed-off-by: Shriti Priya <[email protected]>

* Removing files

Signed-off-by: Shriti Priya <[email protected]>

* Adding default allow response

Signed-off-by: Shriti Priya <[email protected]>

* Linting fixes, caching regex and toxicity filter, docker-compose edits

Signed-off-by: Shriti Priya <[email protected]>

* Update README.md

Signed-off-by: Shriti Priya <[email protected]>

* Update README.md

Signed-off-by: Shriti Priya <[email protected]>

* Update README.md

Signed-off-by: Shriti Priya <[email protected]>

* fix: solve linting issues

Signed-off-by: Shriti Priya <[email protected]>

---------

Signed-off-by: Shriti Priya <[email protected]>
Signed-off-by: Teryl Taylor <[email protected]>
Signed-off-by: Mihai Criveti <[email protected]>
Signed-off-by: Madhav Kandukuri <[email protected]>
Signed-off-by: Frederico Araujo <[email protected]>
Signed-off-by: Alexander Cobas Rodríguez <[email protected]>
Signed-off-by: Satya <[email protected]>
Signed-off-by: NAYANAR <[email protected]>
Signed-off-by: Ian Molloy <[email protected]>
Co-authored-by: Teryl Taylor <[email protected]>
Co-authored-by: Mihai Criveti <[email protected]>
Co-authored-by: Madhav Kandukuri <[email protected]>
Co-authored-by: Frederico Araujo <[email protected]>
Co-authored-by: alex-cobas <[email protected]>
Co-authored-by: Madhav Kandukuri <[email protected]>
Co-authored-by: Satya <[email protected]>
Co-authored-by: Nayana R Gowda <[email protected]>
Co-authored-by: NAYANAR <[email protected]>
Co-authored-by: terylt <[email protected]>
Co-authored-by: Ian Molloy <[email protected]>

Author: 11 people

MANIFEST.in

@@ -172,3 +172,13 @@ exclude plugins/external/opa/MANIFEST.in
 exclude plugins/external/opa/opaserver/rego/example.rego
 exclude plugins/external/opa/pyproject.toml
 exclude plugins/external/opa/run-server.sh
+
+# Exclude llmguard
+exclude  plugins/external/llmguard/.dockerignore
+exclude plugins/external/llmguard/.env.template
+exclude plugins/external/llmguard/.ruff.toml
+exclude plugins/external/llmguard/Containerfile
+exclude plugins/external/llmguard/MANIFEST.in
+exclude plugins/external/llmguard/opaserver/rego/example.rego
+exclude plugins/external/llmguard/pyproject.toml
+exclude plugins/external/llmguard/run-server.sh

mcpgateway/plugins/framework/external/mcp/client.py

@@ -135,29 +135,54 @@ async def __connect_to_stdio_server(self, server_script_path: str) -> None:
             raise PluginError(error=convert_exception_to_error(e, plugin_name=self.name))
 
     async def __connect_to_http_server(self, uri: str) -> None:
-        """Connect to an MCP plugin server via streamable http.
+        """Connect to an MCP plugin server via streamable http with retry logic.
 
         Args:
             uri: the URI of the mcp plugin server.
 
         Raises:
-            PluginError: if there is an external connection error.
+            PluginError: if there is an external connection error after all retries.
         """
-
-        try:
-            http_transport = await self._exit_stack.enter_async_context(streamablehttp_client(uri))
-            self._http, self._write, _ = http_transport
-            self._session = await self._exit_stack.enter_async_context(ClientSession(self._http, self._write))
-
-            await self._session.initialize()
-
-            # List available tools
-            response = await self._session.list_tools()
-            tools = response.tools
-            logger.info("\nConnected to plugin MCP (http) server with tools: %s", " ".join([tool.name for tool in tools]))
-        except Exception as e:
-            logger.exception(e)
-            raise PluginError(error=convert_exception_to_error(e, plugin_name=self.name))
+        max_retries = 3
+        base_delay = 1.0
+
+        for attempt in range(max_retries):
+            logger.info(f"Connecting to external plugin server: {uri} (attempt {attempt + 1}/{max_retries})")
+
+            try:
+                # Create a fresh exit stack for each attempt
+                async with AsyncExitStack() as temp_stack:
+                    http_transport = await temp_stack.enter_async_context(streamablehttp_client(uri))
+                    http_client, write_func, _ = http_transport
+                    session = await temp_stack.enter_async_context(ClientSession(http_client, write_func))
+
+                    await session.initialize()
+
+                    # List available tools
+                    response = await session.list_tools()
+                    tools = response.tools
+                    logger.info("Successfully connected to plugin MCP server with tools: %s", " ".join([tool.name for tool in tools]))
+
+                # Success! Now move to the main exit stack
+                self._http = await self._exit_stack.enter_async_context(streamablehttp_client(uri))
+                self._http, self._write, _ = self._http
+                self._session = await self._exit_stack.enter_async_context(ClientSession(self._http, self._write))
+                await self._session.initialize()
+                return
+
+            except Exception as e:
+                logger.warning(f"Connection attempt {attempt + 1}/{max_retries} failed: {e}")
+
+                if attempt == max_retries - 1:
+                    # Final attempt failed
+                    error_msg = f"External plugin '{self.name}' connection failed after {max_retries} attempts: {uri} is not reachable. Please ensure the MCP server is running."
+                    logger.error(error_msg)
+                    raise PluginError(error=PluginErrorModel(message=error_msg, plugin_name=self.name))
+                await self.shutdown()
+                # Wait before retry
+                delay = base_delay * (2**attempt)
+                logger.info(f"Retrying in {delay}s...")
+                await asyncio.sleep(delay)
 
     async def __invoke_hook(self, payload_result_model: Type[P], hook_type: HookType, payload: BaseModel, context: PluginContext) -> P:
         """Invoke an external plugin hook using the MCP protocol.
@@ -296,4 +321,5 @@ async def __get_plugin_config(self) -> PluginConfig | None:
 
     async def shutdown(self) -> None:
         """Plugin cleanup code."""
-        await self._exit_stack.aclose()
+        if self._exit_stack:
+            await self._exit_stack.aclose()

plugins/external/config.yaml

@@ -1,5 +1,4 @@
 # plugins/config.yaml - Main plugin configuration file
-
 plugins:
   - name: "DenyListPlugin"
     kind: "external"
@@ -14,6 +13,13 @@ plugins:
       proto: STREAMABLEHTTP
       url: http://127.0.0.1:8000/mcp
 
+  - name: "LLMGuardPlugin"
+    kind: "external"
+    priority: 20 # adjust the priority
+    mcp:
+      proto: STREAMABLEHTTP
+      url: http://127.0.0.1:8001/mcp
+
 # Plugin directories to scan
 plugin_dirs:
   - "plugins/native"      # Built-in plugins