MCP Dev Summit North America

MCP enables agent composition, but leaves security, policy, and governance enforcement to individual implementations. This results in inconsistent controls and security gaps across agents, tools, and environments, pushing platform-specific logic into otherwise portable MCP systems.

This talk presents a hook-based extension pattern for MCP, inspired by the Linux Security Modules (LSM) extensibility model and implemented in open source as part of the ContextForge MCP Gateway. Using standardized pre- and post-execution hooks, the gateway intercepts MCP interactions such as prompt handling, tool invocation, and data transformation. These hooks enable composable security modules—including prompt injection detection, PII redaction, and policy-based access control (OPA/Cedar)—without modifying agent or MCP server logic. By externalizing enforcement into reusable modules, this approach avoids extensibility lock-in and enables interoperability with existing security frameworks.

We show how developers can author MCP extensions and apply consistent controls across agent stacks, focusing on design patterns and interoperability for production-ready MCP systems.