Product scope
Known limitations
MCP Boundary should be evaluated with its current product boundaries in mind.
Current limits
- MCP Boundary focuses on local command-based MCP servers first.
- Remote and auth-heavy MCP servers need separate support.
- MCP Boundary is not a DLP system.
- MCP Boundary is not a prompt-injection detector.
- MCP Boundary is not automatic semantic safety for every MCP server.
- The dashboard is observability and configuration support, not the execution authority.
- Direct downstream server registration stays outside this boundary.
Practical reading
MCP Boundary can make tool access visible and policy-controlled, but it does not replace code review, downstream permissions, approval workflows, or operator judgment.
Start with local command-based servers, inspect discovered tools, and keep direct downstream server entries out of the MCP client when you expect calls to pass through MCP Boundary.