Claude Code

Fit

Claude Code is one of the strongest current fits for SecureMCP-Lite.

Why it fits well:

• Claude Code supports local MCP servers
• SecureMCP-Lite is stdio-first
• project-scoped MCP commands are easy to share in a repo workflow

Recommended setup

Use a project-scoped MCP entry that launches SecureMCP-Lite, not the raw target server.

Example:

claude mcp add repo-guard --scope project -- \
  npx securemcp-lite start \
  --target "npx -y @modelcontextprotocol/server-filesystem ." \
  --target-cwd /absolute/path/to/project \
  --config /absolute/path/to/project/secure-mcp.yml

Rollout steps

1. create or validate secure-mcp.yml
2. add the Claude Code MCP entry shown above
3. run a simple repository-reading task
4. try one out-of-policy request to confirm blocking

First task to try

Ask Claude Code to:

• list the tools available from repo-guard
• read package.json
• summarize src/index.ts

Then try something that should not be allowed, such as a destructive filesystem action.

What success looks like

• Claude Code still sees the target tools
• SecureMCP-Lite decides which calls may pass
• the policy file can live in the repo
• blocked actions return a proper local error instead of silently failing

Suggested first use case

Start with a read-only filesystem policy:

• allow read_file
• allow list_dir
• allow search_files
• block everything else

Documentation sources

• Claude Code MCP docs: https://docs.anthropic.com/en/docs/claude-code/mcpExternal
• Claude Code SDK MCP docs: https://docs.anthropic.com/en/docs/claude-code/sdk/sdk-mcpExternal