Show HN: MCP-firewall: I created a policy engine for CLI Agents (github.com)

A new tool called MCP-firewall has been introduced, designed to enhance the control of tool usage via a policy engine that employs regex-based policies tailored to specific folders, Git repositories, and users. The tool currently integrates with Claude Code and GitHub Copilot CLI through a "pre-tool-use" hook, enabling developers to create and enforce policies that dictate permissible command usage. Setting up MCP-firewall requires the inclusion of specific configuration snippets into the agent's settings, allowing users to craft rules that govern command execution while preventing misuse. This tool is significant for the AI/ML community as it addresses the growing need for fine-grained access control in coding environments powered by AI assistants. By implementing regex-based policies, developers can better manage security risks associated with running AI-generated code, ensuring that only safe and intended commands are executed. The tool's reliance on jsonnet for policy files allows for more complex configurations and shared rulesets across projects, enhancing its adaptability for diverse development scenarios. With installation options and further extensibility features in development, MCP-firewall represents a practical solution for developers looking to safeguard their coding environments while leveraging AI tools.