MCP GuardMCP Guard

VS Code Extension

Configure MCP Guard using the VS Code extension interface.

Features

  • Auto-Discovery: Automatically detects MCP servers from Claude Code, Cursor, and GitHub Copilot configurations
  • Network Allowlists: Control which hosts each MCP can access
  • File System Controls: Restrict read/write access to specific directories
  • Resource Limits: Set execution time, memory, and API call limits
  • Per-MCP Settings: Configure each MCP server independently

Quick Start

Open the Panel

Click the shield icon 🛡️ in the activity bar (left sidebar) to open MCP Guard.

View Your MCPs

Your MCP servers are automatically discovered from IDE configurations. Each MCP shows:

  • Name and status
  • Protection toggle
  • Configuration options

Enable Protection

Toggle guard protection on for any MCP you want to isolate. When enabled, all tool calls for that MCP will route through the secure Worker environment.

Configure Settings

Click on any MCP to expand its settings and configure network, file system, and resource options.

Configuration Options

Network Access

OptionDescription
Enable Network AccessAllow the MCP to make outbound requests
Allowed HostsSpecific domains that can be accessed (e.g., api.github.com)
Allow LocalhostPermit requests to localhost/127.0.0.1

Default: No Network

By default, guarded MCP executions have zero outbound network access. Outbound requests are blocked unless explicitly enabled and allowlisted.

What this controls

These settings control network access from code executed inside MCP Guard’s Worker isolate. When enabled, MCP Guard allows fetch() in the isolate but enforces the host allowlist (and optional localhost).

File System Access

OptionDescription
Enable File SystemAllow the MCP to access files
Read PathsDirectories the MCP can read from
Write PathsDirectories the MCP can write to

Resource Limits

OptionDefaultDescription
Max Execution Time30sMaximum time per execution
Max Memory128MBMemory limit
Max MCP Calls100Maximum tool calls per execution

Commands

Access these commands via the Command Palette (Ctrl+Shift+P / Cmd+Shift+P):

CommandDescription
MCP Guard: Open SettingsOpen the configuration panel
MCP Guard: Refresh MCP ListRe-scan for MCP servers
MCP Guard: Import from IDE ConfigImport MCP configurations

Security Model

The VS Code extension uses Cloudflare Workers isolates for execution:

  • Network Isolation: All outbound access blocked by default
  • Process Isolation: Each execution runs in a fresh isolate
  • Configurable Allowlists: Granular control over what each MCP can access

OAuth MCPs

OAuth MCPs Cannot Be Guarded

MCPs that require OAuth authentication (like Atlassian, Google, or Slack MCPs) cannot be guarded by MCP Guard. These MCPs must be used directly through your IDE (Cursor or Claude Code).

Why OAuth MCPs Are Not Supported

OAuth authentication requires a complex flow:

  1. The IDE (Cursor/Claude) registers as an OAuth client with the provider
  2. Users authenticate through a browser redirect
  3. The IDE receives and stores access/refresh tokens
  4. Tokens are automatically included in MCP requests

When MCP Guard "guards" an MCP, it intercepts and proxies all communication. This breaks the OAuth token association because:

  • The OAuth tokens are bound to the IDE's session
  • MCP Guard cannot access or forward these tokens
  • Guarding would require re-authenticating through MCP Guard (not supported)

How to Use OAuth MCPs

  1. Leave unguarded: Keep the MCP Guard toggle OFF for OAuth MCPs
  2. Connect via IDE: Use your IDE's native MCP settings to connect and authenticate
  3. Use normally: The MCP will work directly through your IDE without isolation

MCP Guard automatically detects OAuth requirements and displays a "Cannot Guard" badge. You can still view and modify other configuration options for these MCPs.

Identifying OAuth MCPs

OAuth MCPs are detected by:

  • WWW-Authenticate: Bearer header in 401 responses
  • .well-known/oauth-protected-resource endpoint (RFC 9728)

Common OAuth MCPs include:

  • Atlassian (Jira, Confluence)
  • Google Workspace
  • Slack
  • Microsoft/Azure
  • GitHub (when using OAuth instead of PAT)

Troubleshooting

MCPs Not Appearing

  1. Ensure your IDE configuration files exist:

    • Claude Code: ~/.claude/mcp.jsonc (or ~/.config/Claude Code/User/globalStorage/mcp.jsonc on Linux)
    • Cursor: ~/.cursor/mcp.jsonc (or ~/.config/Cursor/User/globalStorage/mcp.jsonc on Linux)
    • GitHub Copilot: ~/.github/copilot/mcp.jsonc (or ~/.config/Code/User/globalStorage/github.copilot/mcp.jsonc on Linux)

  2. Use the Refresh MCP List command to re-scan

  3. Check the Output panel (View → Output → MCP Guard) for errors

Protection Not Working

  1. Ensure the MCP has protection enabled (toggle is on)
  2. Check that the MCP Guard server is running (visible in status bar)
  3. Restart VS Code if needed

Network Requests Failing

If an MCP needs network access:

  1. Enable Network Access for that MCP
  2. Add specific domains to the Allowed Hosts list
  3. Only allow the minimum necessary domains

Support

Previous

Installation

Next

CLI Usage

On this page