# Input Guard

Automatically detects and blocks common attack patterns before policy evaluation.

Automatic protection: Input Guard runs automatically as step 3 of the MCP Interceptor pipeline. All tool arguments are scanned for threats before policy evaluation and execution. You only need to configure it manually if you want to customize thresholds or add custom patterns.

Threat Types

PATH_TRAVERSAL

Detects ../, URL-encoded variants, null bytes, and sensitive system paths like /etc/passwd

SHELL_INJECTION

Detects shell metacharacters (; | & $ `), command substitution, redirects, and keywords like eval

WILDCARD_ABUSE

Blocks recursive globs (**) and values with more than 3 wildcards

LENGTH_EXCEEDED

Blocks inputs exceeding the configured max length (default: 4,096 characters)

HIGH_ENTROPY

Detects high-entropy strings (>4.5 bits/char) that may indicate encoded payloads or obfuscated exploits

Example

typescript

1// Path traversal - automatically blocked
2const result = await api.validate('file_read', {
3  path: '../../../etc/passwd',
4});
5
6// Response
7{
8  allowed: false,
9  decision: {
10    effect: 'DENY',
11    reason: 'Path traversal pattern detected'
12  },
13  threats: [{
14    type: 'PATH_TRAVERSAL',
15    message: 'Path traversal pattern detected',
16    field: 'path'
17  }]
18}

Custom Input Guard

typescript

1import { InputGuard } from '@solongate/sdk';
2
3const guard = new InputGuard({
4  maxLength: 5000,              // Custom max length
5  enablePathTraversal: true,    // Enable path traversal detection
6  enableShellInjection: true,   // Enable shell injection detection
7  enableSqlInjection: true,     // Enable SQL injection detection
8  customPatterns: [             // Custom regex patterns
9    { name: 'CUSTOM_THREAT', pattern: /dangerous_pattern/i }
10  ]
11});
12
13const threats = guard.scan({
14  path: '/data/file.txt',
15  content: 'some content'
16});
17
18if (threats.length > 0) {
19  console.log('Threats detected:', threats);
20}

Validation Schema Validation

# Input Guard

Automatically detects and blocks common attack patterns before policy evaluation.

Threat Types

PATH_TRAVERSAL

Detects ../, URL-encoded variants, null bytes, and sensitive system paths like /etc/passwd

SHELL_INJECTION

Detects shell metacharacters (; | & $ `), command substitution, redirects, and keywords like eval

WILDCARD_ABUSE

Blocks recursive globs (**) and values with more than 3 wildcards

LENGTH_EXCEEDED

Blocks inputs exceeding the configured max length (default: 4,096 characters)

HIGH_ENTROPY

Detects high-entropy strings (>4.5 bits/char) that may indicate encoded payloads or obfuscated exploits

Example

typescript

1// Path traversal - automatically blocked
2const result = await api.validate('file_read', {
3  path: '../../../etc/passwd',
4});
5
6// Response
7{
8  allowed: false,
9  decision: {
10    effect: 'DENY',
11    reason: 'Path traversal pattern detected'
12  },
13  threats: [{
14    type: 'PATH_TRAVERSAL',
15    message: 'Path traversal pattern detected',
16    field: 'path'
17  }]
18}

Custom Input Guard

typescript

1import { InputGuard } from '@solongate/sdk';
2
3const guard = new InputGuard({
4  maxLength: 5000,              // Custom max length
5  enablePathTraversal: true,    // Enable path traversal detection
6  enableShellInjection: true,   // Enable shell injection detection
7  enableSqlInjection: true,     // Enable SQL injection detection
8  customPatterns: [             // Custom regex patterns
9    { name: 'CUSTOM_THREAT', pattern: /dangerous_pattern/i }
10  ]
11});
12
13const threats = guard.scan({
14  path: '/data/file.txt',
15  content: 'some content'
16});
17
18if (threats.length > 0) {
19  console.log('Threats detected:', threats);
20}