Built-in Plugins

Gatekit ships with plugins for common use cases. All built-in plugins follow the same interfaces as user plugins - they receive no special treatment.

Auditing Plugins

Auditing plugins observe MCP traffic and log it without affecting message flow.

JSON Lines Auditor

Handler: jsonl_auditor

Logs MCP messages in JSON Lines format (one JSON object per line). Ideal for machine processing and log aggregation systems.

plugins:
  - handler: jsonl_auditor
    config:
      output_file: logs/audit.jsonl
      include_content: true       # Include full message content
      include_pipeline: true      # Include plugin processing info

CSV Auditor

Handler: csv_auditor

Logs MCP messages in CSV format. Useful for spreadsheet analysis and simple reporting.

plugins:
  - handler: csv_auditor
    config:
      output_file: logs/audit.csv
      include_content: false      # Exclude content for smaller files

Human-Readable Auditor

Handler: human_auditor

Logs MCP messages in a human-readable format. Best for development and debugging.

plugins:
  - handler: human_auditor
    config:
      output_file: logs/audit.log
      include_content: true
      timestamp_format: "%Y-%m-%d %H:%M:%S"

Middleware Plugins

Middleware plugins can transform requests/responses or complete requests themselves.

Tool Manager

Handler: tool_manager

Controls which tools are exposed to the LLM. Filter, rename, or customize tool descriptions.

plugins:
  - handler: tool_manager
    config:
      mode: allowlist           # or "blocklist"
      tools:
        - name: read_file
          description: "Read a file (max 1MB)"  # Override description
        - name: write_file
          rename: save_file     # Rename the tool

See Managing Tools for detailed usage.

Call Trace

Handler: call_trace

Adds tracing information to tool calls for debugging and observability.

plugins:
  - handler: call_trace
    config:
      include_timing: true
      include_server: true

Security Plugins

Security plugins make allow/block decisions on MCP messages.

PII Detector

Handler: pii_detector

Detects personally identifiable information in tool arguments and responses using regex patterns.

plugins:
  - handler: pii_detector
    config:
      action: block             # or "flag" to allow but mark
      patterns:
        - name: email
          pattern: '[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}'
        - name: ssn
          pattern: '\b\d{3}-\d{2}-\d{4}\b'
        - name: phone
          pattern: '\b\d{3}[-.]?\d{3}[-.]?\d{4}\b'

Secrets Detector

Handler: secrets_detector

Detects potential secrets and API keys in MCP traffic.

plugins:
  - handler: secrets_detector
    config:
      action: block
      patterns:
        - name: api_key
          pattern: '(?i)(api[_-]?key|apikey)["\s:=]+["\']?([a-zA-Z0-9_-]{20,})'
        - name: aws_key
          pattern: 'AKIA[0-9A-Z]{16}'
        - name: github_token
          pattern: 'gh[pousr]_[A-Za-z0-9_]{36,}'

Prompt Injection Detector

Handler: prompt_injection_detector

Detects potential prompt injection attempts in tool arguments.

plugins:
  - handler: prompt_injection_detector
    config:
      action: block
      sensitivity: medium       # low, medium, high

Plugin Configuration Options

All plugins support these common options:

Option	Type	Default	Description
`critical`	bool	`true`	If true, plugin failure blocks the request. If false, failure is logged but request proceeds.
`priority`	int	`50`	Execution order (0-100). Lower numbers run first.

plugins:
  - handler: jsonl_auditor
    critical: false           # Don't block requests if logging fails
    priority: 90              # Run after security plugins
    config:
      output_file: logs/audit.jsonl

Writing Custom Plugins

See the Plugin Development Guide for information on writing your own plugins.