MCP (Model Context Protocol)
TapPass integrates with MCP on both sides: wrap an outbound MCP client to audit every call_tool, or add middleware to an inbound MCP server to govern every incoming tool request.
Install
Section titled “Install”pip install 'tappass[mcp]'As an MCP client
Section titled “As an MCP client”Wrap an existing MCP client. Every call_tool emits a structured audit event with correlation IDs inherited from the active tappass_session.
from tappass.integrations.mcp import guard_mcp_client
async with guard_mcp_client(mcp_client, tappass_url="https://tappass.example.com", api_key="tp_...") as session: result = await session.call_tool("search", {"q": "GDPR article 17"}) print(session.audit_url)As an MCP server
Section titled “As an MCP server”Add TapPassMCPMiddleware to your MCP server. Every inbound tool call is governed: correlation headers from the caller are joined, a per-request TapPass session is opened and closed, and governance decisions are surfaced as typed errors.
from tappass.integrations.mcp_server import TapPassMCPMiddleware
server.add_middleware(TapPassMCPMiddleware( tappass_url="https://tappass.example.com", api_key="tp_...",))Handling governance decisions (client side)
Section titled “Handling governance decisions (client side)”from tappass import GovernanceDecision, PolicyBlockError
try: async with guard_mcp_client(mcp_client, tappass_url=..., api_key="tp_...") as session: await session.call_tool("read_file", {"path": "/sensitive"})except PolicyBlockError as e: print(f"Blocked by {e.blocked_by}: {e.reason}") print(f"See {e.audit_url}")except GovernanceDecision as e: print(f"Governance: {e}")Migrating from 0.5
Section titled “Migrating from 0.5”The 0.5 MCPClient helper is replaced by guard_mcp_client (context manager) for explicit session scope and typed decisions. See the migration guide.