tomjwxf/scopeblind-gateway
by Various
Active development continues at ScopeBlind/scopeblind-gateway. - Security gateway for MCP servers. Cedar policy engine, Ed25519-signed receipts, per-tool enforcement. IETF Internet
MCP
tomjwxf/scopeblind-gateway
Added 1 June 2026
Overview
A security gateway for MCP servers that enforces per-tool policies using the Cedar engine and produces Ed25519-signed receipts for accountability. Also documented as an IETF Internet-Draft with four patents pending. Available via npx protect-mcp.
Best for
Best for
Developers needing to secure MCP server deployments with policy-driven access control and auditable receipts
Use cases
- Restrict which tools an MCP client can invoke based on policy rules
- Audit every MCP tool invocation with tamper-evident receipts
- Enforce granular permissions per MCP server tool endpoint
How to use
Install
npx @scopeblind/passport wrap --runtime openclaw --config ./openclaw.json --policy email-safe Tools exposed
min_tierrate_limit
Tested with
Claude Desktop, Cursor, VS Code
Notes
A security gateway for MCP servers that enforces per-tool policies using the Cedar engine and produces Ed25519-signed receipts for accountability. Also documented as an IETF Internet-Draft with four patents pending. Available via npx protect-mcp.
8 stars on GitHub. Last updated 2026-04-11. Licensed MIT.
Use cases
- Restrict which tools an MCP client can invoke based on policy rules
- Audit every MCP tool invocation with tamper-evident receipts
- Enforce granular permissions per MCP server tool endpoint
Pros
- Leverages Cedar, a well-known policy engine for fine-grained access control
- Ed25519-signed receipts provide strong non-repudiation for audit logs
- Per-tool enforcement allows precise security boundaries
Cons
- Very early stage with only 8 GitHub stars and minimal community adoption
- Patents pending may limit licensing or community contributions
- Requires integration into existing MCP server workflows
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Leverages Cedar, a well-known policy engine for fine-grained access control
- Ed25519-signed receipts provide strong non-repudiation for audit logs
- Per-tool enforcement allows precise security boundaries
Cons
- Very early stage with only 8 GitHub stars and minimal community adoption
- Patents pending may limit licensing or community contributions
- Requires integration into existing MCP server workflows
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.