mcpwall is a transparent stdio proxy that scans both directions. Block dangerous requests, redact secrets from responses, catch prompt injection. No AI, no cloud, pure rules.
And there’s no open, programmable way to stop them.
MCP servers execute whatever the AI asks. read_file ~/.ssh/id_rsa? Done. rm -rf /? Done. IDE guardrails are ad-hoc and closed. There’s no way to say “allow reads, block writes outside my project.”
In one academic study, mcp-scan detected only 4 of 120 poisoned servers (arXiv:2509.24272). Scanners check at install time. You need runtime enforcement too.
Some security tools route tool calls through cloud APIs for screening. Your code, secrets, and data leave your machine. For privacy-sensitive work, local-only enforcement is the safer default.
Wrap any MCP server in your config. Everything else stays the same.
Every JSON-RPC message is captured on stdin/stdout. Nothing gets through unchecked.
Rules are checked top-to-bottom, first match wins. Regex, glob, path checks, secret scanning.
Requests: allow or deny. Responses: allow, deny, or redact secrets. Both directions logged.
8 default deny rules. Zero config required.
Define rules in plain YAML. Glob patterns, regex, path restrictions, secret scanning. First-match-wins, just like iptables. Version-control your security policy.
Regex patterns + Shannon entropy analysis detect AWS keys, GitHub tokens, Stripe keys, JWTs, private keys, database URLs, and more. Catches high-entropy strings that static patterns miss.
Every tool call logged as JSON Lines. See exactly what your MCP servers are doing. Denied calls have arguments redacted to prevent secrets leaking into logs.
v0.2.0 scans both directions. Server responses are inspected before reaching your AI client. Leaked secrets are surgically redacted. Prompt injection patterns are blocked.
Runs entirely on your machine. No API calls, no telemetry, no accounts, no cloud. Your code and secrets never leave your environment. Same input + same rules = same output, every time.
mcpwall’s local-first architecture helps satisfy GDPR (DSGVO) and EU AI Act obligations. No tool call data leaves your infrastructure. Audit logs provide accountability evidence. Policy enforcement serves as a technical security measure (TOM) under Art. 32.
Install globally, then wrap any server with one command.