I added agent verification to my MCP server in 3 minutes. Here's the before and after.

I run an MCP server that exposes tools to AI agents. Last week I checked my logs. Agents I'd never heard of were calling my tools. No identity. No verification. Just raw JSON-RPC requests from unknown callers. This is normal for MCP servers. The protocol has no built-in security. 10,000+ servers in production, and most accept connections from anything. I fixed mine. Here's what changed. Before app . use ( express . json ()); app . post ( ' /mcp ' , mcpHandler ); Any agent calls any tool. No questions asked. After import { McpGuard } from ' mcp-trust-guard ' ; const guard = new McpGuard ({ abuseCheck : true , rateLimit : { window : 60 , max : 30 }, rules : [ { minTrust : 0 , tools : [ ' get_* ' , ' read_* ' ] }, { minTrust : 30 , tools : [ ' create_* ' , ' update_* ' ] }, { minTrust : 60 , tools : [ ' delete_* ' , ' execute_* ' ] }, ], audit : true , }); app . use ( express . json ()); app . use ( ' /mcp ' , guard . middleware ()); app . post ( ' /mcp ' , mcpHandler ); Now every tools/c