MCP Boundary by Impact Boundary Labs
Local MCP action boundary

Control MCP tool callsbefore they change real systems.

Wrap local command-based MCP servers, inspect discovered tools, and route concrete tool calls through policy and runtime checks before downstream execution.Use MCP Boundary when an agent can act through MCP tools and you want a visible boundary before real changes happen.

Download MCP BoundaryImpact Boundary Labs ↗

Tool-call path

Agent
MCP Boundary
Policy + runtime check
Downstream MCP server
Outcome recorded
Download

Download MCP Boundary v0.1.0.

Windows v0.1.0 RC ready. Linux tarball artifact smoke tested in Docker Linux. SHA-256 checksums are included for both artifacts.

Windows .zip

mcpboundary-v0.1.0-windows-amd64.zip · 3.9 MB

sha256:94f3531d6e5817fd60816a432eb48a806e28060e2a97c369c21c0dec7d7504f3

Windows artifact smoke passed.

Download

Linux .tar.gz

mcpboundary-v0.1.0-linux-amd64.tar.gz · 4.0 MB

sha256:482255eeaf04d140fc1490a663d0893dc01e894132622f24e3371aa4379a5737

Linux tarball artifact smoke passed in Docker Linux.

Download
ChecksumsRelease notes fileChangelog

Download links count aggregate website events. Local tool lists, policies, activity logs, and downstream results are not sent back to Impact Boundary Labs by MCP Boundary.

Getting started

Extract the package, run quickstart, check the dashboard.

The v0.1.0 package includes a local email demo that runs without provider credentials or a real inbox.

Step 1

Download and extract

Use the Windows RC ZIP or the Linux tarball artifact. Both release packages passed artifact smoke tests.

Step 2

Run quickstart

Start the local email demo from the extracted folder.

Step 3

Check the dashboard

Inspect tools, policy decisions, and activity before real effects.

Terminalgetting started
mcpboundary quickstart email

Works with local command-based MCP servers. Remote and login-heavy servers need separate support.

From an extracted Windows folder, run .\mcpboundary.exe quickstart email. From Linux, run ./mcpboundary quickstart email. If the binary is on PATH, use the shorter command above. Open the local dashboard at http://127.0.0.1:8799.

Product visual

A local dashboard for the run.

Inspect Setup, Tools, Activity, and Policy. See which tools are visible to the agent, which calls were blocked or allowed, and whether downstream execution happened.

OverviewSetupToolsActivityPolicy
Open interactive demo
127.0.0.1:8799
MCP Boundary dashboard showing setup, tools, activity, and policy views

Swipe to inspect the dashboard preview.

Click through the local dashboard.
Inspect discovered MCP tools.
See policy decisions before downstream execution.
Check activity after each tool call.
What it does

MCP Boundary can:

  • wrap a local MCP server
  • discover tools through initialize and tools/list
  • show the tool surface in a dashboard
  • hide tools from the agent
  • allow or block concrete tool calls
  • apply policy and technical limits
  • limit timeouts and response sizes
  • record activity and downstream outcomes
  • return feedback the agent can act on
Known limits

MCP Boundary is not:

  • a full enterprise security gateway
  • a DLP system
  • a prompt-injection detector
  • an automatic semantic safety engine for every MCP server
  • a replacement for code review, database permissions, or email approval processes
  • a hosted remote MCP gateway
Compatibility

Works best with local command-based MCP servers.

If your MCP client can start the server with a local command, MCP Boundary can usually wrap it. Remote and login-heavy servers need separate support.

Works best with

  • local command-based MCP servers
  • stdio transport
  • servers started with command + args
  • npx, uvx, python, node, local binaries, or similar
  • servers that support initialize and tools/list
  • workflows where tool calls should be visible, restricted, or logged

Not ideal yet for

  • remote OAuth-heavy MCP servers
  • servers that require interactive login during startup
  • servers that write logs to stdout
  • non-standard transports
  • servers that only work inside one specific client

Early Access Setup

€139 one-time for the first 15 setup slots.

For builders and small teams working with real MCP servers or agent-tool workflows.

Includes one focused setup session for one real MCP workflow.

We help you wrap one existing MCP server or workflow, inspect the available tools, define one guarded profile, and document which actions should be allowed, reviewed, or blocked.

Not a managed hosting plan, security audit, or custom OAuth/provider integration. It is a focused setup to test MCP Boundary on one real agent-tool workflow.

Reserve a €139 setup slot
Give feedback

MCP Boundary runs locally. Feedback still matters.

MCP Boundary does not send your local MCP server config, discovered tools, policy files, activity logs, or downstream results back to Impact Boundary Labs. The public website may count release downloads in aggregate, and feedback you send by email is processed so we can improve the product.

Give feedbackPrivacy details
Docs and support

More detail when you need it.

Getting startedHow it worksPolicy examplesTested servers and limitsReal Gmail setupRoadmapFAQKnown limitationsRelease notesGive feedback
Before using MCP Boundary

MCP Boundary is a local-first tool for command-based MCP servers. It is not a DLP system, not a prompt-injection detector, and not a full enterprise security gateway.

Read known limitations →