MCP Proxy
The MCP Proxy is Overwatch’s core component. It sits between AI clients and MCP servers, intercepting and analyzing all tool calls.Architecture
How It Works
- Spawn MCP Server: Overwatch starts the upstream MCP server as a child process
- Intercept Messages: All JSONRPC messages pass through the proxy
- Detect Tool Shadowing: Check for tool collisions and mutations across servers
- Apply Policies:
tools/callrequests are evaluated by the policy engine - Prompt if Needed: Based on policy, calls are allowed, denied, or prompt for approval
- Forward or Block: Approved calls go to the upstream server; denied calls return errors
- Log Everything: All decisions are recorded in the audit log
Message Types
| Message Type | Handling |
|---|---|
tools/list | Pass through, collect tool definitions for shadowing detection |
tools/call | Intercept, apply policy, prompt if needed |
resources/* | Pass through |
prompts/* | Pass through |
| Other | Pass through directly |
Tool Call Interception
When atools/call request arrives:
- Extracts the tool name and arguments
- Looks up the matching policy for this tool
- Applies the policy action (allow, deny, or prompt)
- Either forwards the call, prompts for approval, or denies
- Logs the decision to the audit trail
Timeouts and Circuit Breaker
Overwatch includes protective mechanisms:Request Timeout
Tool calls have a configurable timeout (default: 60 seconds):Circuit Breaker
If the upstream server fails repeatedly, the circuit breaker opens:- Rejects new requests immediately
- Prevents cascading failures
- Auto-recovers after cooldown
Multi-Server Mode
Withoverwatch start, multiple servers are proxied simultaneously:
- Approval handler (single prompt interface)
- Audit logger (unified log)
- Session manager (cross-server grants)
- Tool shadowing detector (cross-server collision detection)
Transport Layer
Overwatch uses stdio transport:- Reads JSONRPC from stdin
- Writes JSONRPC to stdout
- Errors go to stderr