Rune for MCP

Secure Your MCP Tool Supply Chain

MCP connects your agents to external tools and data sources. But every MCP server is third-party code you're trusting to handle tool calls. Rune sits between your agent and upstream MCP servers as a security proxy — scanning every tool call, verifying server integrity, and enforcing policies. It speaks native MCP protocol over both stdio and SSE transports.

pip install runesec[mcp]

# Run Rune as an MCP security proxy
# In your claude_desktop_config.json or MCP client config:

{
  "mcpServers": {
    "my-tools": {
      "command": "rune-mcp",
      "args": ["--upstream", "npx", "my-mcp-server"],
      "env": { "RUNE_API_KEY": "rune_live_xxx" }
    }
  }
}

Ship Agents With Confidence Integration Docs

Real-World Attack Scenarios

Malicious MCP Server Response

A third-party MCP server returns tool results containing hidden instructions that tell your agent to exfiltrate data or execute unauthorized actions on subsequent tool calls.

Without Rune: Your agent trusts the MCP server's response and follows the injected instructions, executing actions the server operator — not you — intended.

With Rune: Rune's proxy scans every tool result from upstream servers. Injection patterns in responses are detected and blocked before they reach your agent.

Server Integrity Compromise

An MCP server you vetted last month pushed an update that introduces a backdoor. The server now silently modifies tool responses to include data exfiltration instructions.

Without Rune: The compromised server operates undetected, gradually exfiltrating data through manipulated tool responses.

With Rune: Rune verifies server code integrity via SHA-256 hashing. When the server's code changes, Rune flags the mismatch and can block connections until you re-approve.

How It Works

Install the proxy

pip install runesec[mcp] — installs the rune-mcp proxy that speaks native MCP JSON-RPC 2.0 protocol.

Point your client at Rune

Replace your MCP server command with rune-mcp --upstream [original-command]. Rune proxies all tool calls, resources, and prompts through the security layer.

Monitor and enforce

View all MCP interactions in the dashboard. Set policies to control which tools are exposed. Get alerts when server integrity changes or suspicious responses are detected.

Frequently Asked Questions

Which MCP transports does Rune support?

Both stdio and SSE (Server-Sent Events). Works with Claude Desktop, Cursor, Windsurf, and any MCP-compliant client.

Does the proxy add latency to MCP calls?

Minimal. L1 scanning adds under 5ms per tool call. The proxy is designed for real-time use in interactive environments like Claude Desktop and IDE extensions.

Can I block specific MCP tools?

Yes. YAML policies control which tools are exposed to the agent. You can block dangerous tools, restrict parameters, and enforce rate limits per server.

How does server integrity verification work?

Rune computes SHA-256 hashes of the MCP server's code when you first approve it. On each connection, it re-verifies the hash and alerts you if the code has changed.

Secure your MCP agents today

Add runtime security in under 5 minutes. Free plan includes 10,000 events per month.

Start Free — 10K Events/Month Full Integration Docs