{"slug": "mcp-trust-pack-a-security-layer-for-mcp-tool-calls", "title": "MCP Trust Pack: a security layer for MCP tool calls", "summary": "WasmAgent released MCP Trust Pack, a security layer for MCP tool calls that adds vetting, policy, consent, and taint checks. The open-source package includes a gateway, server cards, request identity, and scope leases to gate state-changing tools. It integrates with AEP emitters for audit logging.", "body_md": "MCP makes it easy for agents to call tools. Too easy.\n\nWhen your agent calls `fs_write`\n\nor `shell_exec`\n\n, something needs to answer: is this allowed? Is this state-changing? Who authorized it? By default, MCP has no answer.\n\nHere's how to add that layer in ~20 lines.\n\n``` js\nimport {\n  MCPGateway,\n  buildServerCard,\n  createRequestIdentity,\n  isStateChangingTool,\n} from \"@wasmagent/mcp-firewall\";\n\n// Register the server at startup\nconst card = buildServerCard({\n  serverId: \"filesystem\",\n  tools: await mcpClient.listTools(),\n  operatorVerified: true,\n});\n\nconst gateway = new MCPGateway({ serverCards: [card] });\nconst identity = createRequestIdentity({\n  principal: \"agent:run-abc123\",\n  sessionId: \"sess-xyz\",\n});\n\n// Before every tool call:\nconst decision = gateway.evaluate({ identity, serverId: \"filesystem\", tool, args });\n\nif (decision.invocation.decision !== \"allow\") {\n  throw new Error(`Blocked: ${decision.invocation.reason}`);\n}\n\nconst result = await mcpClient.callTool(tool.name, args);\nconst obs = gateway.wrapResult(tool.name, result, decision); // marks trust level\n```\n\nFour layers run in `evaluate()`\n\n: vetting → policy → consent → taint. One call, full coverage.\n\n```\nisStateChangingTool({ name: \"fs_write\",   description: \"write a file\" }) // true\nisStateChangingTool({ name: \"fs_read\",    description: \"read a file\"  }) // false\nisStateChangingTool({ name: \"send_email\", description: \"send email\"   }) // true\n```\n\nState-changing tools can be gated behind a `ScopeLease`\n\n— a time-bounded grant that expires:\n\n``` js\nimport { createScopeLease, isScopeLeaseValid } from \"@wasmagent/mcp-firewall\";\n\nconst lease = createScopeLease({\n  principalHash: identity.principalHash,\n  serverId: \"filesystem\",\n  grantedTools: [\"fs_write\"],\n  ttlSeconds: 300,      // 5 min\n  maxInvocations: 10,\n  stateChanging: true,\n});\n\nif (!isScopeLeaseValid(lease)) throw new Error(\"Lease expired\");\n```\n\nThe decision's `evidenceRef`\n\nslots straight into `AEPEmitter`\n\n— no manual wiring:\n\n```\nemitter.addAction({\n  tool_name: decision.invocation.toolName,\n  state_changing: decision.stateChanging,\n  capability_decision: {\n    decision: decision.invocation.decision,\n    reason_code: decision.evidenceRef.policyDecision,\n  },\n  tool_descriptor_digest: decision.evidenceRef.toolManifestDigest,\n});\ngit clone https://github.com/WasmAgent/wasmagent-js\nbun test packages/mcp-firewall/\n```\n\n**Code:** [packages/mcp-firewall](https://github.com/WasmAgent/wasmagent-js/tree/main/packages/mcp-firewall) · [packages/mcp-gateway](https://github.com/WasmAgent/wasmagent-js/tree/main/packages/mcp-gateway)\n\n*Series: AEP (part 1) · MCP Trust Pack (part 2) · Trace-to-Training (part 3)*", "url": "https://wpnews.pro/news/mcp-trust-pack-a-security-layer-for-mcp-tool-calls", "canonical_source": "https://dev.to/telleroutlook/mcp-trust-pack-a-security-layer-for-mcp-tool-calls-3c3o", "published_at": "2026-06-26 01:50:09+00:00", "updated_at": "2026-06-26 02:03:40.773776+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "developer-tools", "ai-infrastructure", "ai-policy"], "entities": ["WasmAgent", "MCP Trust Pack", "MCPGateway", "buildServerCard", "createRequestIdentity", "isStateChangingTool", "createScopeLease", "AEPEmitter"], "alternates": {"html": "https://wpnews.pro/news/mcp-trust-pack-a-security-layer-for-mcp-tool-calls", "markdown": "https://wpnews.pro/news/mcp-trust-pack-a-security-layer-for-mcp-tool-calls.md", "text": "https://wpnews.pro/news/mcp-trust-pack-a-security-layer-for-mcp-tool-calls.txt", "jsonld": "https://wpnews.pro/news/mcp-trust-pack-a-security-layer-for-mcp-tool-calls.jsonld"}}