Securing AI Agents with 42 Built-in Plugins

In Part 1 , we covered why MCP gateways matter. In Part 2 , we set up ContextForge and executed tool calls. Now let's talk about what makes ContextForge genuinely different from other MCP proxies: the plugin pipeline . ContextForge ships with 42 built-in plugins covering security, performance, content processing, input validation, and policy enforcement. In this post, we'll enable them, see them in action, and understand how they protect AI agents in production. How the Plugin Pipeline Works Every tool call and resource fetch passes through a chain of plugins, organized by hooks : Agent Request ↓ [tool_pre_invoke] ← Validate, filter, rate-limit BEFORE the tool runs ↓ Tool Execution ↓ [tool_post_invoke] ← Filter, compress, audit AFTER the tool returns ↓ Response to Agent The same pattern applies to resources ( resource_pre_fetch / resource_post_fetch ) and prompts ( prompt_pre_fetch / prompt_post_fetch ). Plugins execute in priority order within each hook band. Same-priority plugins run