CuratedMCP
Local-first · No cloud required for core runtime

CuratedMCP Sentinel

A local stdio proxy that intercepts every MCP tool call before execution, evaluates it against your policy rules, and logs everything in SQLite on your machine. Block dangerous tools, require approval for sensitive ones, and audit everything.

npm install -g @curatedmcp/sentinel
View on GitHub Get Sentinel Pro — $19.99/mo

How it works

01

Install Sentinel

npm install -g @curatedmcp/sentinel

One global install. No daemon, no background service unless you want one.

02

Wrap your MCP server

sentinel proxy -- npx some-mcp-server

Sentinel becomes the MCP server your client talks to. It forwards allowed calls downstream.

03

Open the dashboard

open http://localhost:4242

See every intercepted action in real time. Approve or reject pending calls with one click.

Architecture

Client (Claude, Cursor, Claude Code)

↓ MCP stdio

Sentinel Proxy — policy evaluated here

↓ ALLOW / BLOCK / REQUIRE_APPROVAL

Downstream MCP Server

Every CallToolRequest is intercepted, evaluated against your policy rules, logged to SQLite, and either forwarded, blocked, or held for approval — before the downstream server ever sees it.

Three policy actions

BLOCK

Immediately reject the tool call and return a clear error to the client.

REQUIRE_APPROVAL

Pause execution and surface the pending call in the local dashboard for manual review.

ALLOW

Pass the call through immediately. Useful for explicitly whitelisting trusted tools.

Default policy rules

Sentinel ships with three rules out of the box. You can add, remove, or override any of them with the CLI.

RuleMatchesAction
Block Shell ExecutiontoolName: "*exec*", "*shell*", "*run*"
BLOCKCRITICAL
Block File DeletiontoolName: "*rm*", "*delete*"
BLOCKCRITICAL
Secrets Require ApprovalargumentContains: "SECRET", "TOKEN", "PASSWORD"
REQUIRE_APPROVALCRITICAL

CLI examples

# Add a blocking rule

sentinel policy add --name "No Eval" --tool "*eval*" --action BLOCK

# Require approval for file writes

sentinel policy add --name "File Writes" --tool "*write*" --action REQUIRE_APPROVAL --severity WARNING

# List active rules

sentinel policy list

Free — open source

$0 forever

  • stdio proxy — wraps any MCP server in one command
  • Policy engine: ALLOW, BLOCK, REQUIRE_APPROVAL
  • Local SQLite action log — nothing sent to the cloud
  • Approval workflow dashboard at localhost:4242
  • CLI for policy management
  • Configurable log retention / zero-retention mode
  • Default rules block shell, file deletion, and secrets
npm install -g @curatedmcp/sentinel
PRO

Sentinel Pro

$19.99 /month

  • Cloud sync — view your action log from the CuratedMCP dashboard
  • Email alerts when a BLOCK or REQUIRE_APPROVAL action fires
  • Slack / webhook notifications for critical events
  • Action history across machines — not just the local SQLite file
  • Policy distribution — push rules to all your machines from the dashboard
Start Sentinel Pro — $19.99/mo

Cancel anytime · Billed via Stripe

How Sentinel Pro works

  1. 1Buy Sentinel Pro — you'll receive a license key by email (cmcp_...)
  2. 2Run sentinel proxy --key cmcp_... -- npx your-mcp-server
  3. 3Action logs sync to your CuratedMCP dashboard automatically
  4. 4Get an immediate email when a BLOCK or REQUIRE_APPROVAL fires
  5. 5Configure Slack or webhook alerts for your team

Local by default

All data lives in ~/.sentinel/ on your machine. No cloud sync happens without explicit opt-in via --key. Sentinel's core runtime has zero network dependencies.

~/.sentinel/policy.json

Active policy rules

~/.sentinel/actions.db

SQLite action log

~/.sentinel/config.json

Settings & retention

Managing MCP across a team?

CuratedMCP Enterprise adds centralized policy distribution, team-wide approval chains, and an audit trail your security team can query. Sentinel Pro is the local enforcement layer — Enterprise adds the command-and-control plane.

Learn about Enterprise