Skip to content

v0.1.0 - stdio proxy + audit log

Choose a tag to compare

@churik5 churik5 released this 04 May 15:54

First working version: a transparent stdio proxy that sits between an MCP client (like Claude Desktop) and an MCP server, logs every JSON-RPC frame to SQLite, and lets you tail the audit log live.

What works

  • stdio proxy with asyncio + subprocess, half-close handling, signal-aware shutdown
  • Audit log in SQLite (WAL mode), batched async writes, drop-on-overflow protection
  • CLI: mcp-firewall run (proxy) and mcp-firewall logs --tail/--follow (viewer)
  • JSON-RPC 2.0 parser with pydantic v2 models, batch-aware
  • Config precedence: CLI flags → env vars → YAML → defaults

Verified end-to-end

Tested against the real @modelcontextprotocol/server-filesystem@2025.11.25:
handshake → tools/listlist_directoryread_text_file all flow through cleanly, every frame captured in the audit log.

Quality gates

  • 27 tests (models, storage, e2e proxy round-trip)
  • ruff + ruff format + mypy strict — clean
  • bandit + pip-audit — 0 issues
  • All 10 commits validated against Conventional Commits
  • CI matrix: Python 3.11 + 3.12

What's NOT in this release

No detection layer yet — that's Week 2 (rules-based regex + local LLM classifier via Ollama).
This release is just the plumbing: the proxy and the audit trail. You can run it now and see what your AI agent is actually doing through MCP, but it won't block anything.

Install

git clone https://github.com/churik5/mcp-firewall.git
cd mcp-firewall
pip install -e .
mcp-firewall run --server "npx -y @modelcontextprotocol/server-filesystem@2025.11.25 /tmp"

See docs/RUNBOOK.md for full setup instructions and Claude Desktop integration.