mcpwall 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +44 -7
  2. package/dist/index.js +1 -2
  3. package/package.json +5 -4
package/README.md CHANGED
@@ -1,8 +1,13 @@
1
1
  # mcpwall
2
2
 
3
- Deterministic security proxy for [MCP](https://modelcontextprotocol.io) tool calls. Sits between your AI coding tool (Claude Code, Cursor, Windsurf) and MCP servers, intercepting every JSON-RPC message and enforcing YAML-defined policies — no LLM, no cloud, pure rule-based.
3
+ [![npm version](https://img.shields.io/npm/v/mcpwall)](https://www.npmjs.com/package/mcpwall)
4
+ [![CI](https://github.com/behrensd/mcp-firewall/actions/workflows/ci.yml/badge.svg)](https://github.com/behrensd/mcp-firewall/actions/workflows/ci.yml)
5
+ [![Node.js](https://img.shields.io/node/v/mcpwall)](https://nodejs.org)
6
+ [![License: FSL-1.1-ALv2](https://img.shields.io/badge/license-FSL--1.1--ALv2-blue)](./LICENSE)
4
7
 
5
- Think **iptables**, but for MCP tool calls.
8
+ **iptables for MCP.** Blocks dangerous tool calls, scans for secret leakage, logs everything. No AI, no cloud, pure rules.
9
+
10
+ Sits between your AI coding tool (Claude Code, Cursor, Windsurf) and MCP servers, intercepting every JSON-RPC message and enforcing YAML-defined policies.
6
11
 
7
12
  ## Why
8
13
 
@@ -30,7 +35,37 @@ npx mcpwall -- npx -y @modelcontextprotocol/server-filesystem /path/to/dir
30
35
 
31
36
  ## Quick Start
32
37
 
33
- ### Option 1: Interactive setup
38
+ ### Option 1: Docker MCP Toolkit
39
+
40
+ If you use [Docker MCP Toolkit](https://docs.docker.com/ai/mcp-catalog-and-toolkit/toolkit/) (the most common setup), change your MCP config from:
41
+
42
+ ```json
43
+ {
44
+ "mcpServers": {
45
+ "MCP_DOCKER": {
46
+ "command": "docker",
47
+ "args": ["mcp", "gateway", "run"]
48
+ }
49
+ }
50
+ }
51
+ ```
52
+
53
+ To:
54
+
55
+ ```json
56
+ {
57
+ "mcpServers": {
58
+ "MCP_DOCKER": {
59
+ "command": "npx",
60
+ "args": ["-y", "mcpwall", "--", "docker", "mcp", "gateway", "run"]
61
+ }
62
+ }
63
+ }
64
+ ```
65
+
66
+ That's it. mcpwall now sits in front of all your Docker MCP servers, logging every tool call and blocking dangerous ones. No config file needed — sensible defaults apply automatically.
67
+
68
+ ### Option 2: Interactive setup
34
69
 
35
70
  ```bash
36
71
  npx mcpwall init
@@ -38,7 +73,7 @@ npx mcpwall init
38
73
 
39
74
  This finds your existing MCP servers in `~/.claude.json` or `.mcp.json` and wraps them.
40
75
 
41
- ### Option 2: Manual wrapping
76
+ ### Option 3: Manual wrapping (any MCP server)
42
77
 
43
78
  Change your MCP config from:
44
79
 
@@ -69,7 +104,7 @@ To:
69
104
  }
70
105
  ```
71
106
 
72
- ### Option 3: Wrap a specific server
107
+ ### Option 4: Wrap a specific server
73
108
 
74
109
  ```bash
75
110
  npx mcpwall wrap filesystem
@@ -79,7 +114,7 @@ npx mcpwall wrap filesystem
79
114
 
80
115
  ```
81
116
  ┌──────────────┐ stdio ┌──────────────┐ stdio ┌──────────────┐
82
- │ Claude Code │ ──────────▶ │ MCP Firewall │ ──────────▶ │ Real MCP │
117
+ │ Claude Code │ ──────────▶ │ mcpwall │ ──────────▶ │ Real MCP │
83
118
  │ (MCP Host) │ ◀────────── │ (proxy) │ ◀────────── │ Server │
84
119
  └──────────────┘ └──────────────┘ └──────────────┘
85
120
  ```
@@ -203,7 +238,7 @@ Options:
203
238
 
204
239
  ## Audit Logs
205
240
 
206
- Logs are written as JSON Lines to `~/.mcpwall/logs/YYYY-MM-DD.jsonl`:
241
+ All tool calls are logged by default — both allowed and denied. Logs are written as JSON Lines to `~/.mcpwall/logs/YYYY-MM-DD.jsonl`:
207
242
 
208
243
  ```json
209
244
  {"ts":"2026-02-16T14:30:00Z","method":"tools/call","tool":"read_file","action":"allow","rule":null}
@@ -212,6 +247,8 @@ Logs are written as JSON Lines to `~/.mcpwall/logs/YYYY-MM-DD.jsonl`:
212
247
 
213
248
  Denied entries have args redacted to prevent secrets from leaking into logs.
214
249
 
250
+ mcpwall also prints color-coded output to stderr so you can see decisions in real time.
251
+
215
252
  ## Security Design
216
253
 
217
254
  - **Fail closed on invalid config**: Bad regex in a rule crashes at startup, never silently passes traffic
package/dist/index.js CHANGED
@@ -577,9 +577,8 @@ var Logger = class {
577
577
  case "deny":
578
578
  return "warn";
579
579
  case "ask":
580
- return "info";
581
580
  case "allow":
582
- return "debug";
581
+ return "info";
583
582
  default:
584
583
  return "info";
585
584
  }
package/package.json CHANGED
@@ -1,10 +1,10 @@
1
1
  {
2
2
  "name": "mcpwall",
3
- "version": "0.1.0",
3
+ "version": "0.1.2",
4
4
  "description": "Deterministic security proxy for MCP tool calls — iptables for MCP. Blocks dangerous tool calls, scans for secret leakage, logs everything. No AI, no cloud, pure rules.",
5
5
  "type": "module",
6
6
  "bin": {
7
- "mcpwall": "./dist/index.js"
7
+ "mcpwall": "dist/index.js"
8
8
  },
9
9
  "files": [
10
10
  "dist",
@@ -32,9 +32,10 @@
32
32
  "license": "FSL-1.1-Apache-2.0",
33
33
  "repository": {
34
34
  "type": "git",
35
- "url": "https://github.com/behrensd/mcp-firewall.git"
35
+ "url": "git+https://github.com/behrensd/mcp-firewall.git"
36
36
  },
37
- "homepage": "https://github.com/behrensd/mcp-firewall",
37
+ "mcpName": "io.github.behrensd/mcpwall",
38
+ "homepage": "https://mcpwall.dev",
38
39
  "bugs": {
39
40
  "url": "https://github.com/behrensd/mcp-firewall/issues"
40
41
  },