mcpwall

mcpwall is a deterministic security proxy for Model Context Protocol (MCP) servers, designed to add a strict policy enforcement layer between AI coding tools (e.g., Claude Code, Cursor, Windsurf) and MCP servers. It enforces YAML-defined rules to block dangerous tool calls, scans for secret leakage (API keys, tokens, SSH credentials), redacts sensitive data in server responses, and provides a comprehensive audit trail of all tool invocations. mcpwall integrates at the protocol level, intercepting JSON-RPC messages between clients and servers, and can be deployed easily in both Docker and direct MCP setups. It is particularly useful for developers, teams, and organizations seeking to secure AI-assisted coding environments that have access to sensitive filesystem, shell, and API resources.