Quickstart
We will showcase building and running MCPurify with a predefined set of other tools to run the classification model via vLLM, and access llama3.2 via Ollama.
Requirements
- Rust 1.89 or higher
- vLLM installed
- Ollama running with a tool enabled model (check ollama.com for smaller models)
- uv (optional, but has the best python environment handling so far)
1. Classication model
The Classification model is split into multiple parts and is available at:
- mcpurify-classification-model.zip
- mcpurify-classification-model.z01
- mcpurify-classification-model.z02
- mcpurify-classification-model.z03
- mcpurify-classification-model.z04
- mcpurify-classification-model.z05
- mcpurify-classification-model.z06
- mcpurify-classification-model.z07
- mcpurify-classification-model.z08
- mcpurify-classification-model.z09
Once downloaded and extracted, the model can be run via vLLM:
vllm serve model --max-num-batched-tokens=8192 --port 11560modelis the directory containing the*.safetensorfiles.max-num-batched-tokensreduces the token size, such that less performant systems can easily run the classification model.portsets the port to access the vLLM API from localhost
2. Tool Enabled Model
Start your tool enabled model with the runtime of your choice. We recommend Ollama for best results.
3. Create Configuration
In order to run MCPurify in proxy model, we will require a configuration file quickstart.conf with following contents:
repl = falsetimeout = 1000
[[aiprovider]]name = "VLLM"endpoint = "http://localhost:11560/classify"model = "model"
[proxy]downstream = "http://compute.local:11434"listenaddr = "127.0.0.1:3000"Make sure that the downstream url is correct. That is the URL where Ollama or another runtime for the tool enabled model is reachable.
4. Execute MCPurify
We can run the CLI tool, that ships with MCPurify.
cargo run -- -c quickstart.confThis will start the forwarding proxy. Inside your tool you can now use the local address and port to access your model, while MCPurify will try to filter any malicious tools request. Check the logs on the console ( or file system ).
Note: MCPurify ships with an open source licensed model for tool call classification. While the model has been trained to detect most common attack vectors, shell vulnerabilities, and other text based exploits, it is impossible to detect unknown attacks and block them. MCPurify takes a best effort approach to mitigate well known attacks.