Skip to content

Feature Request: Support External REST Validation Service in Content Moderation Plugin Before MCP Tool Invocation #11

Description

@snmanikanta98

Body

Summary

We have an enterprise requirement to validate user prompts through an external REST API before an MCP tool is invoked.

Currently, the Content Moderation plugin supports built-in providers (IBM Granite, Watson, OpenAI, Azure, AWS), but there does not appear to be a generic mechanism to invoke an arbitrary REST endpoint as a moderation provider.

Use Case

In our environment, all user prompts must be validated by an enterprise Content Safety service exposed through IBM API Connect before any backend MCP tool is executed.

Expected execution flow:

User Prompt


Content Moderation Plugin


External REST Validation API

├── Validation Passed
│ │
│ ▼
│ Invoke MCP Tool

└── Validation Failed


Block Tool Execution

Example Validation Response

{
  "userPromptAnalysis": {
    "attackDetected": false
  }
}

If:

attackDetected = false → continue with tool invocation.
attackDetected = true → block the request and return an appropriate response.
Current Limitation

To implement this workflow, it appears necessary to modify the ContentModerationPlugin source code and add a new provider implementation.

This makes future upgrades more difficult because custom changes must be maintained across releases.

Feature Request

It would be useful if the Content Moderation plugin supported configurable external REST providers.

For example:

config:
  provider: external_rest

  external_rest:
    endpoint: https://example.company.com/content-safety
    method: POST
    timeout: 30

    headers:
      Authorization: "Bearer ${env.CONTENT_SAFETY_TOKEN}"
      Ocp-Apim-Subscription-Key: "${env.CONTENT_SAFETY_SUBSCRIPTION_KEY}"

    request:
      text_field: text
      categories:
        - Hate
        - Sexual
        - SelfHarm
        - Violence

    response:
      decision_path: userPromptAnalysis.attackDetected
      allow_value: false
Benefits
No source code modifications
Easier upgrades
Integration with enterprise security platforms
Support for internal AI Guardrails and Content Safety services
Greater flexibility for enterprise deployments

Is there already a supported extension point for this use case, or would this be a valuable enhancement for the project?


---

I think this is a strong feature request because it focuses on a generic capability ("external REST validation provider") rather than your organization's specific API. That makes it broadly useful to other Context Forge users and increases the likelihood that the maintainers will consider it.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions