Lasso Security

Lasso MCP Gateway

Open-source (MIT, Python) plugin-based gateway that proxies and orchestrates Model Context Protocol (MCP) servers, intercepting requests and responses to mask secrets and PII, block prompt injection, scan server reputation, and enforce custom policies via the Lasso v3 classify API using a LASSO_API_KEY.

GitHub OpenAPI

Documentation

📖
Documentation
https://github.com/lasso-security/mcp-gateway
📖
Documentation
https://www.lasso.security/resources/lasso-releases-first-open-source-security-gateway-for-mcp

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/lasso-security/refs/heads/main/openapi/lasso-security-openapi.yml

OpenAPI Specification

lasso-security-openapi.yml Raw ↑ 
openapi: 3.0.1
info:
  title: Lasso Security Classify / Threat Detection API
  description: >-
    REST API for Lasso Security's GenAI guardrails. The Classify endpoint scores
    LLM prompts and completions for security violations - prompt injection,
    jailbreaks, harmful content, custom policies, and PII - and returns structured
    findings ("deputies") with action levels (BLOCK, WARN, AUTO_MASKING) and
    severity. The Classifix endpoint additionally returns PII-masked messages.
    Endpoints and field names are derived from public integrations (LiteLLM,
    Portkey) and the open-source Lasso MCP Gateway; consult Lasso for the
    authoritative reference.
  termsOfService: https://www.lasso.security/
  contact:
    name: Lasso Security
    url: https://www.lasso.security/
  version: '3.0'
servers:
  - url: https://server.lasso.security/gateway/v3
    description: Lasso Security v3 gateway
security:
  - LassoApiKey: []
paths:
  /classify:
    post:
      operationId: classify
      tags:
        - Classify
      summary: Classify messages for security violations.
      description: >-
        Submit an array of chat messages (a prompt or a completion) for
        real-time security classification. Returns whether violations were
        detected along with per-deputy findings and action levels.
      parameters:
        - name: lasso-user-id
          in: header
          required: false
          description: Optional end-user identifier for tracking and attribution.
          schema:
            type: string
        - name: lasso-conversation-id
          in: header
          required: false
          description: ULID grouping related calls within one conversation/session.
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ClassifyRequest'
      responses:
        '200':
          description: Classification result.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ClassifyResponse'
        '401':
          description: Missing or invalid API key.
        '422':
          description: Invalid request payload.
        '429':
          description: Rate limit exceeded.
  /classifix:
    post:
      operationId: classifix
      tags:
        - Classify
        - Masking
      summary: Classify messages and return PII-masked content.
      description: >-
        Behaves like /classify but, when violations such as PII are detected and
        masking is enabled, also returns a masked copy of the input messages with
        sensitive values (emails, phone numbers, secrets, etc.) replaced by
        placeholders.
      parameters:
        - name: lasso-user-id
          in: header
          required: false
          description: Optional end-user identifier for tracking and attribution.
          schema:
            type: string
        - name: lasso-conversation-id
          in: header
          required: false
          description: ULID grouping related calls within one conversation/session.
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ClassifyRequest'
      responses:
        '200':
          description: Classification result with masked messages.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ClassifixResponse'
        '401':
          description: Missing or invalid API key.
        '422':
          description: Invalid request payload.
        '429':
          description: Rate limit exceeded.
components:
  securitySchemes:
    LassoApiKey:
      type: apiKey
      in: header
      name: lasso-api-key
      description: Lasso API key issued from the Lasso dashboard (app.lasso.security).
  schemas:
    Message:
      type: object
      required:
        - role
        - content
      properties:
        role:
          type: string
          description: Role of the message author.
          enum:
            - system
            - user
            - assistant
            - tool
        content:
          type: string
          description: Message text to be classified.
    ClassifyRequest:
      type: object
      required:
        - messages
      properties:
        messages:
          type: array
          description: Ordered array of chat messages to classify.
          items:
            $ref: '#/components/schemas/Message'
        messageType:
          type: string
          description: Whether the payload represents a prompt or a completion.
          enum:
            - PROMPT
            - COMPLETION
        userId:
          type: string
          description: Optional end-user identifier.
        sessionId:
          type: string
          description: Conversation/session identifier (ULID).
        tools:
          type: array
          description: Optional tool / function definitions associated with the request.
          items:
            type: object
            additionalProperties: true
    Finding:
      type: object
      properties:
        name:
          type: string
          description: Name of the specific finding.
        category:
          type: string
          description: High-level category of the finding (e.g., SAFETY).
        action:
          type: string
          description: Recommended enforcement action.
          enum:
            - BLOCK
            - WARN
            - AUTO_MASKING
        severity:
          type: string
          description: Severity of the finding.
          enum:
            - LOW
            - MEDIUM
            - HIGH
    ClassifyResponse:
      type: object
      properties:
        violations_detected:
          type: boolean
          description: True if one or more violations were detected.
        deputies:
          type: object
          description: >-
            Map of deputy (detector) name to a boolean indicating whether that
            deputy fired - e.g. jailbreak, custom-policies, sexual, hate,
            illegality, codetect, violence, pattern-detection.
          additionalProperties:
            type: boolean
        findings:
          type: object
          description: Map of deputy name to an array of structured findings.
          additionalProperties:
            type: array
            items:
              $ref: '#/components/schemas/Finding'
    ClassifixResponse:
      allOf:
        - $ref: '#/components/schemas/ClassifyResponse'
        - type: object
          properties:
            messages:
              type: array
              description: >-
                Masked copy of the input messages with PII / sensitive values
                replaced by placeholders (present when masking applied).
              items:
                $ref: '#/components/schemas/Message'