"Speed is Armor. Hold the Line."
Project Patton is a high-velocity security daemon written in Rust, engineered for Counter-Intelligence in Model Context Protocol (MCP) traffic. It intercepts, inspects, and neutralizes PII (Personally Identifiable Information) leaks before they cross the wire to external servers.
- Zero Latency: Uses
aho-corasickfor O(n) multi-pattern vault matching and bounded regex for PII detection with ReDoS protection. - Surgical Precision: MCP-protocol-aware JSON-RPC parsing targets only methods that carry user data (
tools/call,resources/read,sampling/createMessage), skipping safe methods likeinitializeandping. - Command & Control: Every detected leak triggers a native macOS alert, putting the final decision in your hands: Advance or Retreat.
Captures raw packets via pnet datalink. Attempts structural JSON-RPC parsing, falls back to raw string scanning. Triggers macOS dialog on detection.
sudo patton sniff [--interface en0]HTTP/1.1 interception proxy that scans requests and responses bidirectionally. Forwards sanitized payloads to upstream MCP server. Includes rate limiting, body size limits, and optional TLS MITM.
patton proxy [--addr 127.0.0.1:8080] [--upstream http://localhost:3000] [--enable-tls]Real-time TUI showing interceptions as they happen, with live statistics.
sudo patton dashboard [--interface en0]macOS LaunchAgent for running the proxy as a persistent service.
patton service install
patton service status
patton service uninstallUser-defined sensitive patterns stored in config and matched via aho-corasick automaton.
patton vault add "MY_SECRET_TOKEN"
patton vault list
patton vault clearPatton detects the following PII types:
| Type | Method | Marker |
|---|---|---|
| Credit Cards | Regex + Luhn validation | [REDACTED_CARD] |
| Email Addresses | Bounded regex | [REDACTED_EMAIL] |
| AWS Access Keys | AKIA... pattern |
[REDACTED_AWS_KEY] |
| Generic API Keys | Common key formats | [REDACTED_API_KEY] |
| Vault Patterns | Aho-Corasick automaton | [REDACTED_SECRET] |
All detection includes:
- Unicode normalization to prevent bypass attacks
- Chunked scanning for large payloads (>1MB) to prevent ReDoS
- Case-insensitive vault matching
src/
main.rs CLI entry point (clap subcommands)
lib.rs Library root, integration tests
recon.rs Packet capture via pnet datalink
redact.rs PII detection engine (regex + aho-corasick)
sigint.rs Generic JSON-RPC parser (sniff/dashboard)
mcp.rs MCP-protocol-aware message parser (proxy)
proxy.rs HTTP interception proxy (hyper + reqwest)
tls.rs TLS MITM cert generation (rcgen + rustls)
config.rs Persistent config via confy
daemon.rs macOS LaunchAgent management
dashboard.rs Real-time TUI (ratatui + crossterm)
ui.rs Native macOS alerts via AppleScript
- OS: macOS (Darwin)
- Toolchain: Rust (stable)
- Permissions: Root access required for packet capture modes (sniff, dashboard)
cargo build --release
cargo testConfig location: ~/Library/Application Support/patton/default-config.toml
version = 1
vault = ["MY_SECRET_TOKEN", "API_KEY_123"]
interface = "en0"
auto_block = false
upstream_url = "http://localhost:3000"
verify_tls = true"No PII shall pass to a global MCP server without explicit clearance."
Project Patton operates as a transparent proxy. It doesn't just block; it inspects, redacts, and reports. If it sees your API keys or emails leaving the wire, it forces a decision: Neutralize or Authorize.
- eBPF Integration: Linux-based packet interception
- WFP Implementation: Windows Filtering Platform support
- Secure Vault: Integration with local secret managers to auto-populate PII patterns
Submit PRs and help hold the line.
Author: Karan (@phenom249646)