Built-in Plugins

Reference for the eight built-in plugins that ship with Argus MCP, including secrets detection, PII filtering, rate limiting, and more.

Argus MCP ships with eight built-in plugins. Enable any of them by name in your config.yaml under plugins.entries.

secrets_detection

Scans request and response content for leaked secrets (API keys, tokens, passwords). Blocks the request when a secret is found and block is true.

An optional Rust-accelerated variant (RustSecretsScanner) is used automatically when the native extension is available, falling back to the pure-Python implementation otherwise.

SettingTypeDefaultDescription
blockbooleantrueBlock requests containing secrets
- name: secrets_detection
  execution_mode: enforce
  priority: 10
  settings:
    block: true

pii_filter

Detects and redacts personally identifiable information. Specify which categories to scan for, or leave the list empty to scan all.

An optional Rust-accelerated variant (RustPiiFilter) is used when available.

SettingTypeDefaultDescription
categorieslist[string][]PII categories to filter (empty = all)
- name: pii_filter
  priority: 15
  settings:
    categories: ["email", "phone", "ssn"]

rate_limiter

Enforces request rate limits using a sliding window counter. Rejects requests that exceed the threshold.

SettingTypeDefaultDescription
max_requestsinteger100Maximum requests per window
window_secondsinteger60Window duration in seconds
- name: rate_limiter
  priority: 20
  settings:
    max_requests: 100
    window_seconds: 60

circuit_breaker

Trips open after a threshold of consecutive failures. While open, requests are rejected immediately until the cooldown elapses and the circuit resets.

An optional Rust-accelerated state machine (circuit_breaker_rs) is used when the native extension is available.

SettingTypeDefaultDescription
failure_thresholdinteger5Failures before tripping
cooldown_secondsfloat30.0Seconds before reset attempt
- name: circuit_breaker
  priority: 25
  settings:
    failure_threshold: 5
    cooldown_seconds: 30

retry_with_backoff

Retries failed tool calls with exponential backoff and jitter. Only retries on transient errors.

SettingTypeDefaultDescription
max_retriesinteger3Maximum retry attempts
base_delayfloat1.0Initial delay in seconds
backoff_factorfloat2.0Multiplier per retry
max_delayfloat30.0Delay cap in seconds
- name: retry_with_backoff
  priority: 80
  settings:
    max_retries: 3
    base_delay: 1.0
    backoff_factor: 2.0
    max_delay: 30.0

response_cache_by_prompt

Caches tool responses keyed by the full prompt text. Reduces backend load for repeated identical requests.

An optional Rust-accelerated cache key hasher (hash_rs) is used when available. It combines JSON serialization and SHA-256 hashing in a single FFI call, falling back to Python's json.dumps + hashlib.sha256 otherwise.

SettingTypeDefaultDescription
ttl_secondsinteger300Cache entry time-to-live in seconds
max_entriesinteger256Maximum cached entries
- name: response_cache_by_prompt
  priority: 30
  settings:
    ttl_seconds: 300
    max_entries: 256

output_length_guard

Truncates tool responses that exceed the maximum character length. Prevents oversized payloads from reaching the client.

SettingTypeDefaultDescription
max_lengthinteger50000Maximum response length in characters
- name: output_length_guard
  priority: 90
  settings:
    max_length: 50000

markdown_cleaner

Strips images, links, and HTML tags from markdown responses. Useful for terminals or clients that do not render rich content.

SettingTypeDefaultDescription
strip_imagesbooleantrueRemove image tags
strip_linksbooleantrueRemove hyperlinks
strip_htmlbooleantrueRemove raw HTML
- name: markdown_cleaner
  priority: 95
  settings:
    strip_images: true
    strip_links: true
    strip_html: true

Combined Example

A full configuration enabling all eight built-in plugins in recommended priority order:

plugins:
  enabled: true
  entries:
    - name: secrets_detection
      execution_mode: enforce
      priority: 10
      settings:
        block: true

    - name: pii_filter
      priority: 15
      settings:
        categories: []

    - name: rate_limiter
      priority: 20
      settings:
        max_requests: 200
        window_seconds: 60

    - name: circuit_breaker
      priority: 25
      settings:
        failure_threshold: 5
        cooldown_seconds: 30

    - name: response_cache_by_prompt
      priority: 30
      settings:
        ttl_seconds: 300
        max_entries: 256

    - name: retry_with_backoff
      priority: 80
      settings:
        max_retries: 3

    - name: output_length_guard
      priority: 90
      settings:
        max_length: 50000

    - name: markdown_cleaner
      priority: 95