MCP.so
Sign In

Rce Guard

@studiomeyer-io

About Rce Guard

Foundation Pillar 9: Layer-3 RCE defense for MCP servers via policy synthesis + behavioral CVE replay + cross-server canary tracking. v0.1 descriptor-only; v0.2 ships native enforcement.

Basic information

License

MIT

Runtime

node

Publisher

studiomeyer-io

Submitted by

Matthias Meyer - StudioMeyer

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "mcp-rce-guard": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-rce-guard",
        "serve"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Rce Guard?

Foundation Pillar 9: Layer-3 RCE defense for MCP servers via policy synthesis + behavioral CVE replay + cross-server canary tracking. v0.1 descriptor-only; v0.2 ships native enforcement.

How to use Rce Guard?

The README includes setup instructions such as npx -y mcp-rce-guard serve.

Key features of Rce Guard

  • A typed, validated way to describe what an MCP subprocess is allowed to read, write, spawn, and talk to
  • NFKC + zero-width strip + Bidi-block normalization shared with Pillar 8 (mcp-stdio-shellguard)
  • Audit-log rotation has a TOCTOU window (src/audit/log.ts
  • In-memory state lost on restart (src/state.ts). Registered
  • mcp-protocol-validator CI step is not a hard gate

Use cases of Rce Guard

  • Connect an MCP-compatible client to this repository's service.
  • Review the README-backed setup before enabling it in production.

FAQ from Rce Guard

Where is the source code for Rce Guard?

The source code is linked from the repository URL on this page.

Does Rce Guard include a standard MCP config?

If the README contains a parseable MCP configuration block, it is shown in the Config tab.

Comments

More MCP servers