JadeGate – A deterministic safety proxy for MCP servers (no LLMs)
Integrating an MCP server into Claude or Cursor right now is essentially running curl | bash from a stranger. I found tools claiming to be "weather checkers" that basically have unprompted, silent access to read ~/.ssh/ or environment variables.
This isn't a bug; the MCP protocol currently just has zero security boundaries.
Letting an LLM decide if a tool is safe is like asking a suspect to write their own police report. So I spent the last few weeks building JadeGate—an open-source, transparent proxy. It uses deterministic math and static analysis instead of AI:
Policy Engine: Strict allow/deny per tool.
Call-Chain Tracking: Stops rogue recursive calls via DAG verification.
Transparent: Wraps the servers without changing your workflow.
GitHub Repo: https://github.com/JadeGate/jade-core Website: https://jadegate.io/
Our philosophy: You can't use a probabilistic tool to reliably audit another probabilistic tool. Instead, we treat an agent's skill like source code and apply the same deterministic static analysis used in compilers to prove its safety boundaries before it ever runs.
We are using BSL 1.1 converting to Apache 2.0. Would love any feedback on the static analysis approach! OP here. Happy to answer any technical questions about the implementation, especially around the static analysis of the call-graph (DAG) or the BSL 1.1 license choice. (I also have a GIF demo of it blocking a malicious tool in real-time if anyone is interested, but didn't want to clutter the main post).