Source-controlled project tree. dist/ is generated by npm run build and intentionally excluded from git.
.
├── .github/
│ └── workflows/
│ └── ci.yml
├── .gitignore
├── apps/
│ └── frontend/
│ ├── app/
│ ├── components/
│ ├── lib/
│ ├── package.json
│ ├── scripts/
│ ├── tsconfig.json
│ └── next.config.ts
├── CONTRIBUTING.md
├── DELIVERY.md
├── LICENSE
├── OSS_READINESS_ID.md
├── README.md
├── SECURITY.md
├── TEST_REPORT_ID.md
├── docs/
│ ├── assets/
│ │ └── securemcp-lite-logo.svg
│ ├── compatibility-matrix.md
│ ├── demo-playbook.md
│ ├── feature-overview.md
│ ├── getting-started.md
│ ├── integrations.md
│ ├── integrations/
│ │ ├── anthropic-messages-api.md
│ │ ├── antigravity.md
│ │ ├── chatgpt-developer-mode.md
│ │ ├── claude-code.md
│ │ ├── codex.md
│ │ ├── cursor.md
│ │ ├── custom-local-agents.md
│ │ ├── github-copilot-chat.md
│ │ └── github-copilot-cli.md
│ ├── release-notes-v0.1.0.md
│ ├── threat-scenarios.md
│ └── use-cases.md
├── eslint.config.mjs
├── examples/
│ ├── ai-safe-filesystem.yml
│ ├── ai-safe-shell.yml
│ ├── ai-safe-sql.yml
│ ├── copilot-cli.mcp-config.json
│ ├── cursor.mcp.json
│ ├── secure-mcp.yml
│ ├── strict-secure-mcp.yml
│ └── vscode.mcp.json
├── package-lock.json
├── package.json
├── scripts/
│ ├── demo-allowed-call.mjs
│ ├── demo-blocked-call.mjs
│ ├── demo-lib.mjs
│ └── demo-mcp-session.mjs
├── src/
│ ├── cli/
│ │ └── index.ts
│ ├── config/
│ │ ├── configAdvisories.ts
│ │ ├── defaultConfig.ts
│ │ ├── loadConfig.ts
│ │ └── schema.ts
│ ├── errors/
│ │ └── jsonRpcErrors.ts
│ ├── index.ts
│ ├── logger/
│ │ └── createLogger.ts
│ ├── policy/
│ │ ├── policyEngine.ts
│ │ └── rateLimiter.ts
│ ├── proxy/
│ │ └── secureProxy.ts
│ ├── transports/
│ │ ├── stdioClientTransport.ts
│ │ ├── stdioServerTransport.ts
│ │ └── streamChannel.ts
│ └── types/
│ ├── config.ts
│ └── jsonrpc.ts
├── test/
│ ├── cli.smoke.test.ts
│ ├── config.test.ts
│ ├── configAdvisories.test.ts
│ ├── fixtures/
│ │ ├── broken-target.sh
│ │ ├── echo-target.js
│ │ └── mcp-fixture-server.sh
│ ├── policyEngine.test.ts
│ ├── secureProxy.test.ts
│ ├── stdioClientTransport.test.ts
│ └── streamChannel.test.ts
├── tsconfig.json
└── vitest.config.ts
This delivery tightens the original MVP into a more credible public OSS release candidate.
Main changes:
- added local parse and invalid-request JSON-RPC handling for malformed client input
- added pending-request tracking and local target-unavailable responses when the target exits early
- fixed half-close behavior so blocked requests and fallback errors are not lost during stdin shutdown
- improved target start sequencing and start-failure handling
- added config advisories plus
validate-config --strict - cleaned build output before compile so deleted artifacts are not leaked into publish tarballs
- expanded the automated suite with transport, proxy, config-advisory, and CLI smoke coverage
- rebuilt README around public adoption and compatibility clarity
- added a polished Next.js docs website under
apps/frontend - added step-by-step integration docs for Claude Code, Codex, Cursor, Copilot, Antigravity, and custom local agents
- strengthened SECURITY, CONTRIBUTING, release notes, examples, and launch-readiness reports
src/types/jsonrpc.ts: explicit parse and invalid-request classification with JSON-RPC error codessrc/transports/streamChannel.ts: cleaner stream framing, protocol-error surfacing, and safer stdio writessrc/transports/stdioServerTransport.ts: preserves response delivery after client stdin closessrc/transports/stdioClientTransport.ts: better child startup failure handlingsrc/proxy/secureProxy.ts: pending-request tracking, local fallback errors, and safer session shutdownsrc/config/configAdvisories.ts: operational warnings for risky configssrc/cli/index.ts: stricter validation UX and safer config initializationpackage.json: build hygiene for publish correctness
README.mdapps/frontend/*CONTRIBUTING.mdSECURITY.mddocs/getting-started.mddocs/feature-overview.mddocs/compatibility-matrix.mddocs/demo-playbook.mddocs/integrations.mddocs/integrations/claude-code.mddocs/integrations/codex.mddocs/integrations/cursor.mddocs/integrations/github-copilot-chat.mddocs/integrations/github-copilot-cli.mddocs/integrations/custom-local-agents.mddocs/integrations/antigravity.mddocs/integrations/chatgpt-developer-mode.mddocs/integrations/anthropic-messages-api.mddocs/use-cases.mddocs/release-notes-v0.1.0.mdexamples/ai-safe-filesystem.ymlexamples/ai-safe-shell.ymlexamples/ai-safe-sql.ymlexamples/cursor.mcp.jsonexamples/copilot-cli.mcp-config.jsonexamples/vscode.mcp.jsonscripts/demo-blocked-call.mjsscripts/demo-allowed-call.mjsscripts/demo-mcp-session.mjssrc/config/configAdvisories.tssrc/errors/jsonRpcErrors.tssrc/proxy/secureProxy.tssrc/transports/streamChannel.tssrc/transports/stdioClientTransport.tssrc/transports/stdioServerTransport.tstest/cli.smoke.test.tstest/configAdvisories.test.tstest/secureProxy.test.tstest/streamChannel.test.tsOSS_READINESS_ID.mdTEST_REPORT_ID.md
npm install
npm run lint
npm run build
npm run test -- --run
npm run site:build
npm run site:dev
npm pack --dry-runInitialize a config:
npx securemcp-lite initValidate a config:
npx securemcp-lite validate-config --config ./secure-mcp.ymlValidate strictly:
npx securemcp-lite validate-config --config ./secure-mcp.yml --strictStart the proxy:
npx securemcp-lite start --target "npx -y @modelcontextprotocol/server-filesystem ." --config ./secure-mcp.ymlBlocked-call demo:
tmpdir=$(mktemp -d)
cat > "$tmpdir/secure-mcp.yml" <<'EOF'
tools:
allow:
- read_file
EOF
printf '%s\n' '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"delete_file","arguments":{"path":"/tmp/demo"}}}' \
| node dist/cli/index.js start --target "cat" --config "$tmpdir/secure-mcp.yml"Current automated suite:
- 7 test files
- 23 passing tests
- unit, regression, and shell-smoke coverage
Covered areas:
- config parsing and validation failures
- config advisory generation
- allowlist enforcement
- regex argument checks
- malformed JSON input
- invalid
tools/callparameters - rate limiting
- blocked request isolation
- allowed request forwarding
- concurrent request handling
- malformed target output
- end-to-end multi-message MCP fixture session
- stdout versus stderr separation
- target start failure
- target close with pending requests
Verified successfully:
npm run lintnpm run buildnpm run test -- --runnpm run site:buildnpm run demo:allnpm pack --dry-runnode dist/cli/index.js init --config <tempfile>node dist/cli/index.js validate-config --config <tempfile>- blocked-call smoke test via shell pipe
Additional behavior checked:
validate-config --strictfails when advisories are present- the publish tarball no longer contains stale deleted build artifacts
- blocked local JSON-RPC responses remain on
stdoutwhile logs stay onstderr
- stdio only
- regex rules are intentionally simple and not schema-aware per MCP tool
- rate limiting is process-local and in-memory
- no Windows CLI smoke coverage in CI because the smoke tests use
bashandtimeout - target stderr relay should be treated as best-effort operational visibility, not audit-grade evidence
- the docs site is static and intentionally documentation-only, not an operational dashboard or approval UI
- there is still no proof of real-world adoption or downstream dependency value
- Test against multiple real MCP servers, not just shell fixtures.
- Publish an initial GitHub release and npm package.
- Document a compatibility matrix for tested MCP clients and servers.
- Collect early user feedback and concrete usage examples.
- Add at least one end-to-end regression case against a real filesystem-style MCP server.