Skip to content

Comments

Add Maybe Don't Security Gateway Integration via MCP#1030

Closed
kenm47 wants to merge 1 commit intoOpenHands:mainfrom
kenm47:feature/maybe-dont-mcp-gateway
Closed

Add Maybe Don't Security Gateway Integration via MCP#1030
kenm47 wants to merge 1 commit intoOpenHands:mainfrom
kenm47:feature/maybe-dont-mcp-gateway

Conversation

@kenm47
Copy link

@kenm47 kenm47 commented Nov 5, 2025
edited
Loading

Summary

This PR adds comprehensive integration support for the Maybe Don't security gateway, enabling runtime security policy enforcement for AI agent tool executions through the Model Context Protocol (MCP).

Problem with Previous Approach

The previous PR (#1) implemented Maybe Don't as a custom HTTP REST API endpoint, but this was architecturally incorrect. Maybe Don't is actually an MCP gateway/proxy, not a REST API service.

Correct Architecture

This integration leverages OpenHands SDK's existing MCP client support:

┌─────────────────────┐
│  OpenHands Agent    │
│   (MCP Client)      │
└──────────┬──────────┘
           │ MCP Protocol
           ▼
┌─────────────────────┐
│  Maybe Don't        │
│  Security Gateway   │
│  (MCP Middleware)   │
└──────────┬──────────┘
           │ MCP Protocol
           ▼
┌─────────────────────┐
│  Downstream MCP     │
│  Servers (Tools)    │
└─────────────────────┘

Changes

Documentation

  • docs/MAYBE_DONT_GATEWAY.md - Comprehensive integration guide covering:
    • Architecture and setup
    • Configuration options (STDIO/HTTP/SSE transports)
    • Security policies (CEL rules + AI validation)
    • Monitoring and troubleshooting
    • Best practices

Example Configuration

  • examples/maybe_dont/gateway-config.yaml - Complete example gateway configuration with:
    • Server setup for all transport types
    • Downstream MCP server configuration
    • CEL-based security rules
    • AI-powered validation
    • Audit logging
    • Pass-through authentication
    • Custom policy examples

Example Code

  • examples/01_standalone_sdk/27_maybe_dont_gateway.py - Working integration example demonstrating:

    • Gateway configuration
    • Agent setup with MCP gateway
    • Multiple security scenarios (safe, flagged, denied operations)
    • Comprehensive logging and error handling

  • examples/maybe_dont/README.md - Quick start guide and troubleshooting

README Updates

  • Added MCP integration to features list
  • Added security gateway to examples section

Key Benefits

No SDK Code Changes - Pure configuration, leverages existing MCP support

Transparent Security - All tool calls automatically route through gateway

Protocol Compliant - Uses standard MCP protocol, not custom APIs

Comprehensive Policies - CEL rules + AI validation for defense in depth

Full Audit Trail - Detailed logging of all operations and decisions

Universal Compatibility - Works with all MCP-compatible tools

How It Works

  1. Configure Gateway: Set up Maybe Don't with security policies in gateway-config.yaml

  2. Start Gateway: Run maybe-dont --config gateway-config.yaml

  3. Point Agent to Gateway: Configure OpenHands to use gateway as MCP server:

    mcp_config = {
    "mcpServers": {
        "secured-tools": {
            "url": "http://127.0.0.1:8080",
            "transport": "sse"
        }
    }
}
agent = Agent(llm=llm, tools=tools, mcp_config=mcp_config)

  4. Automatic Enforcement: All MCP tool calls now flow through Maybe Don't for security validation

Security Features

CEL-Based Rules (Deterministic)

  • Mass deletion prevention
  • System directory blocking
  • Credential file protection
  • Custom rule support

AI-Powered Validation (Contextual)

  • Command injection detection
  • Data exfiltration prevention
  • Privilege escalation blocking
  • Context-aware threat analysis

Testing

To test this integration:

# 1. Install Maybe Don't from https://www.maybedont.ai/download/

# 2. Set up configuration
cp examples/maybe_dont/gateway-config.yaml ./gateway-config.yaml
export OPENAI_API_KEY="your-key"

# 3. Start gateway
maybe-dont --config gateway-config.yaml

# 4. Run example
export MAYBE_DONT_ENABLED=true
export LLM_API_KEY="your-key"
python examples/01_standalone_sdk/27_maybe_dont_gateway.py

Comparison: Old vs New Approach

Aspect Previous PR (#1) This PR
Integration Method Custom HTTP REST API Standard MCP Protocol
SDK Changes New maybe_dont.py module None (uses existing MCP)
Configuration Custom maybe_dont_config Standard mcp_config
Protocol Imagined REST API MCP specification
Compatibility Only this SDK Any MCP client

Documentation

Complete documentation available at:

  • Integration guide: docs/MAYBE_DONT_GATEWAY.md
  • Quick start: examples/maybe_dont/README.md
  • Example code: examples/01_standalone_sdk/27_maybe_dont_gateway.py

Checklist

  • Architecture follows MCP specification
  • Comprehensive documentation
  • Working example with multiple scenarios
  • Configuration examples for all transport types
  • Troubleshooting guide
  • Best practices documented
  • No breaking changes to SDK
  • Leverages existing MCP infrastructure

@kenm47 @claude
Add Maybe Don't security gateway integration via MCP
e7d3c75 
This commit adds comprehensive integration support for the Maybe Don't
security gateway, enabling runtime security policy enforcement for
AI agent tool executions through the Model Context Protocol (MCP).

Key Changes:
- Added comprehensive documentation (docs/MAYBE_DONT_GATEWAY.md)
- Created example gateway configuration (examples/maybe_dont/gateway-config.yaml)
- Added working integration example (examples/01_standalone_sdk/27_maybe_dont_gateway.py)
- Updated main README to reference MCP and security gateway support

Architecture:
The integration leverages OpenHands SDK's existing MCP client support
to connect to Maybe Don't as an MCP gateway/proxy. Maybe Don't sits
between the agent and downstream MCP tool servers, intercepting all
tool calls and applying security policies before execution.

Benefits:
- No SDK code changes required - pure configuration
- Transparent security enforcement via MCP protocol
- Supports CEL-based rules and AI-powered validation
- Comprehensive audit logging
- Works with all MCP-compatible tools
- Defense in depth when combined with LLMSecurityAnalyzer

Usage:
1. Install and configure Maybe Don't gateway
2. Point OpenHands mcp_config to gateway endpoint
3. Tools calls automatically route through security gateway
4. Security policies enforced in real-time

See docs/MAYBE_DONT_GATEWAY.md for complete integration guide.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@kenm47 kenm47 closed this Nov 5, 2025
@kenm47
Copy link
Author

kenm47 commented Nov 5, 2025
edited
Loading

lol. not ready for primetime, my mistake for opening the PR here

@kenm47 kenm47 deleted the feature/maybe-dont-mcp-gateway branch November 5, 2025 02:24
@kenm47 kenm47 restored the feature/maybe-dont-mcp-gateway branch November 5, 2025 02:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kenm47