Feature Overview

SecureMCP-Lite is more than a “block tool.”

Core control features

• tool allowlist
• per-tool parameter rules
• regex-based deny and allow patterns
• path traversal blocking
• in-memory rate limiting
• local JSON-RPC policy denials

Reliability features

• malformed JSON handling
• invalid JSON-RPC rejection
• local fallback errors when the target dies or closes early
• clean stdout versus stderr separation
• stdio-first transport behavior

Operator and DX features

• readable ALLOWED and BLOCKED logs
• init, start, and validate-config CLI commands
• config advisories for risky settings
• validate-config --strict
• executable demos bundled in the repo

What SecureMCP-Lite is best at

• making local MCP setups safer
• giving teams one shared policy file
• keeping the product easy to audit
• reducing accidental over-permissioning

What SecureMCP-Lite intentionally does not do

• sandbox the target server
• replace OS permissions
• provide a GUI approval flow
• act as a remote MCP gateway

Those omissions are deliberate. The project stays narrow so it can remain maintainable and trustworthy.