v0.1.0 - stdio proxy + audit log
First working version: a transparent stdio proxy that sits between an MCP client (like Claude Desktop) and an MCP server, logs every JSON-RPC frame to SQLite, and lets you tail the audit log live.
What works
- stdio proxy with asyncio + subprocess, half-close handling, signal-aware shutdown
- Audit log in SQLite (WAL mode), batched async writes, drop-on-overflow protection
- CLI:
mcp-firewall run(proxy) andmcp-firewall logs --tail/--follow(viewer) - JSON-RPC 2.0 parser with pydantic v2 models, batch-aware
- Config precedence: CLI flags → env vars → YAML → defaults
Verified end-to-end
Tested against the real @modelcontextprotocol/server-filesystem@2025.11.25:
handshake → tools/list → list_directory → read_text_file all flow through cleanly, every frame captured in the audit log.
Quality gates
- 27 tests (models, storage, e2e proxy round-trip)
- ruff + ruff format + mypy strict — clean
- bandit + pip-audit — 0 issues
- All 10 commits validated against Conventional Commits
- CI matrix: Python 3.11 + 3.12
What's NOT in this release
No detection layer yet — that's Week 2 (rules-based regex + local LLM classifier via Ollama).
This release is just the plumbing: the proxy and the audit trail. You can run it now and see what your AI agent is actually doing through MCP, but it won't block anything.
Install
git clone https://github.com/churik5/mcp-firewall.git
cd mcp-firewall
pip install -e .
mcp-firewall run --server "npx -y @modelcontextprotocol/server-filesystem@2025.11.25 /tmp"See docs/RUNBOOK.md for full setup instructions and Claude Desktop integration.