Document optional Armorer Guard MCP proxy

[armorer-labs]

Adds an optional macOS/Linux stdio configuration showing how to wrap Unity MCP with armorer-guard mcp-proxy -- ....

This gives Unity MCP users a local pre-call guardrail for prompt injection, credential leakage, exfiltration risk, and dangerous actions before requests reach the Unity MCP server.

Summary by CodeRabbit

• Documentation
  • Added setup instructions for an optional macOS/Linux configuration to route tool execution through a security-focused proxy. The proxy inspects arguments for prompt injection, credential leakage, exfiltration risks, and dangerous actions before processing requests.

[coderabbitai]

📝 Walkthrough

Walkthrough

The README's Stdio configuration section is extended with optional documentation for macOS/Linux users. A JSON configuration example and description explain how to optionally route uvx through an armorer-guard proxy that inspects tool-call arguments for security risks before forwarding calls to the Unity MCP server.

Changes

Tool-Call Guard Configuration Documentation

Layer / File(s)	Summary
Optional macOS/Linux armorer-guard proxy configuration README.md	Documentation adds an optional Stdio (uvx) setup section for macOS/Linux that routes through armorer-guard proxy, including JSON configuration example and explanation of argument inspection for prompt injection, credential leakage, exfiltration, and dangerous action detection.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Poem

🐰 A proxy stands guard at the gate today,
Armorer shields what users say,
Arguments inspected, dangers denied,
Safe tool calls forward with gentle pride! 🛡️

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete; it lacks the structured sections required by the template including Type of Change, Changes Made, Testing/Screenshots, and Related Issues.	Complete the PR description by filling in all required template sections: explicitly state 'Documentation update' as Type of Change, detail the specific README modifications, confirm documentation updates were made, and link any related issues.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: documenting an optional Armorer Guard MCP proxy configuration in the README.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Around line 151-170: Add a short prerequisite note above the JSON example
explaining that the "armorer-guard" executable must be installed and available
on PATH before using the mcpServers.unityMCP.command configuration; describe how
to install it (e.g., via the project's recommended installer or npm/yarn global
install) and/or provide the expected repository/package name and a brief
verification step (run `armorer-guard --version`) so users won't hit "command
not found" when using the shown configuration.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6ef48475-6573-4d0c-8062-ed92f2bb65f1

📥 Commits

Reviewing files that changed from the base of the PR and between 4c29526 and 1c17710.

📒 Files selected for processing (1)

• README.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add installation prerequisites for armorer-guard.

The configuration example assumes armorer-guard is already installed, but doesn't mention installation steps. Users copying this configuration will encounter "command not found" errors without prior setup.

📝 Suggested addition before the JSON example

 **macOS/Linux with a local tool-call guard:**
+
+> [!NOTE]
+> Requires [Armorer Guard](https://github.com/ArmorerLabs/Armorer-Guard) to be installed first.
+> Install via: `pip install armorer-guard` or follow the [installation guide](https://github.com/ArmorerLabs/Armorer-Guard#installation).
+
 ```json

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` around lines 151 - 170, Add a short prerequisite note above the
JSON example explaining that the "armorer-guard" executable must be installed
and available on PATH before using the mcpServers.unityMCP.command
configuration; describe how to install it (e.g., via the project's recommended
installer or npm/yarn global install) and/or provide the expected
repository/package name and a brief verification step (run `armorer-guard
--version`) so users won't hit "command not found" when using the shown
configuration.