MCP, tools, and the data path

Quadrant: Concept Why this matters: understanding the data path is the prerequisite for understanding everything ShieldAgent does.

What it is

The Model Context Protocol (MCP) is an open protocol that standardises how AI agents communicate with external tools — file systems, APIs, databases, email clients, and more. An agent sends a tool call over MCP; the MCP server executes the action and returns a result.

Without a layer between the agent and the server, every tool call is implicitly trusted. The agent can ask any server to do anything the server permits — and neither the server nor a human reviewer sees the call before it executes.

How ShieldAgent implements it

ShieldAgent runs as an inline proxy between the agent and every MCP server it talks to. The data path becomes:

Every tool call passes through the proxy. The proxy:

1. Checks the call against the active policy set.
2. Runs a prompt-injection scanner on the payload.
3. Runs a DLP (data-loss-prevention) scan for PII, credentials, and financial data.
4. Allows, blocks, or routes the call to a human reviewer.
5. Logs the full interaction to an immutable, Merkle-chained audit trail.

Because the proxy sits in the data path, it has complete visibility — it does not depend on the agent or server co-operating.

When you need to think about it

• At onboarding: point your agent's MCP endpoint at the proxy instead of the server directly. That is the only code change required.
• When adding a new tool: the proxy will surface any new tool automatically. You review it in the dashboard before it enters enforce mode.
• When diagnosing an incident: the audit trail records the full call — params, outcome, timing, and the policy decision — so you can reproduce exactly what happened.

Related

• Install the proxy — How-to
• Policy Engine — Feature
• Risk Scoring Model — Feature