A transparent stdio proxy that wraps any MCP server and logs every tools/call request, with optional enforcement of per-tool policies. Ships in shadow mode by default so you can observe what AI agents are actually doing before you block anything. Add a policy file to rate limit expensive tools, block destructive ones, or require tier-based admission. Run init to generate local Ed25519 keys and emit signed receipts for each decision, verifiable offline without a dashboard. The bundle command exports self-contained audit artifacts. Built after real incidents like CVE-2025-6514, with policy packs that prevent specific attacks. No account required, works locally between Claude Desktop or Cursor and your existing MCP servers.
claude mcp add --transport stdio io.github.tomjwxf-scopeblind-mcp uvx scopeblind-mcp