overwatch wrap
Wrap a single MCP server with a security proxy. All tool calls are intercepted and analyzed before execution.Usage
Arguments
| Argument | Description |
|---|---|
command | The MCP server command to run |
args | Arguments to pass to the MCP server |
Options
| Option | Description |
|---|---|
-c, --config <path> | Path to configuration file |
-n, --name <name> | Server name (default: “wrapped”) |
-t, --timeout <ms> | Approval timeout in milliseconds (default: 60000) |
--fail-mode <mode> | Fail mode: open, closed, readonly (default: closed) |
--no-audit | Disable audit logging |
--approval <method> | Approval method: terminal, webhook |
--approval-webhook-url <url> | Webhook URL for remote approvals |
--approval-webhook-secret <secret> | Secret for HMAC signing webhook payloads |
Examples
Basic Usage
With Custom Timeout
With Environment Variables
Named Server
How It Works
- Overwatch spawns the MCP server as a child process
- All JSONRPC messages pass through the proxy
- Tool definitions are captured and hashed for shadowing detection
tools/callrequests are evaluated against policies- Based on policy, the call is allowed, denied, or prompts for approval
- Approved calls are forwarded to the upstream server
- All operations are logged to the audit trail
Approval Flow
When a tool call requires approval:Session Grants
After approving, you can grant permissions for a duration:| Grant | Duration | Use Case |
|---|---|---|
| Once | Single use | One-time operations |
| 5 min | 5 minutes | Short tasks |
| 15 min | 15 minutes | Moderate tasks |
| Session | 24 hours | Full development session |
Use with Claude Desktop
Update~/Library/Application Support/Claude/claude_desktop_config.json:
Fail Modes
Control behavior when the upstream server fails:| Mode | Description |
|---|---|
closed | Deny all requests (default, safest) |
open | Allow requests to continue (risky) |
readonly | Allow reads, deny writes |