Skip to main content
Secure · MCP Firewall

The unsafe action never runs

FORG inspects every MCP tool call on-device and blocks the dangerous ones before they execute — then proves it with a hash-chained audit trail.

forg firewall --watch
$ forg firewall --watch
● armed  3 rules · metadata-only
12:04  mcp.fetch  BLOCK ssrf 10.0.0.1
12:07  fs.write   BLOCK path ../secrets
12:09  mcp.tool   SCRUB api key removed
12:11  shell.exec ALLOW within repo
3attack classes blocked
On-deviceblocked before execution
Metadata-onlycapture, no payloads
Ed25519signed releases
14tools supported
8.5MBon-device agent
three attack classes

Caught on-device, before execution

Exfiltration

An agent trying to ship your secrets or code somewhere it should not go.

Tool-poisoning

A malicious MCP server feeding hostile instructions into the agent loop.

SSRF

A tool call reaching into your internal network or metadata service.

Detection

Blocked by type (illustrative)

Detections are privacy-preserving: metadata only, never your prompts or code. Each block lands in a tamper-evident, hash-chained ledger you can export.

How privacy works →

Blocked by type · illustrative

47blocked
Exfiltration24
Tool-poisoning14
SSRF9

Block the next incident

The firewall is on by default the moment your agent connects.

Start 14-day trial