Security
Coming soon. Request validation, IP whitelisting, per-tool ACLs, and schema-level enforcement.
What it will do
Section titled “What it will do”- Request validation — validate JSON-RPC requests against the server’s schema before forwarding
- IP whitelisting — restrict which IPs can connect to the proxy
- Per-tool ACLs — control which clients can call which tools
- Schema enforcement — reject calls to tools not listed in the server schema
Why at the proxy
Section titled “Why at the proxy”Security enforcement at the proxy means your MCP server doesn’t need to implement access control. Add rules in mcpr.toml, and every client — ChatGPT, Claude, VS Code, Cursor — is governed by the same policy.
Follow progress on the roadmap.