A firewall and password manager for AI coding agents: scoped, expiring access to their tools.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-wkoverfield-switchboard": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A firewall and password manager for AI coding agents: scoped, expiring access to their tools.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
This server is missing a description. Tools and install config are also missing.If you've used it, help the community.
Add informationBe the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP server for Atomic Red Team
MCP Security Weekly
Get CVE alerts and security updates for io.github.wkoverfield/switchboard and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A firewall and password manager for your AI coding agents.
Switchboard controls what Claude Code and Codex can reach in a repo. It finds the MCP servers and tokens your agents can already touch, gets secrets out of plaintext config and behind named keychain refs, and puts each agent on a scoped pass that expires on its own.

Everything runs locally. No account, no hosted service, no telemetry.
switchboard scan shows which MCP servers and tokens agents can reach in
this repo, and which routes bypass Switchboard entirely.switchboard import consolidates scattered Claude/Codex MCP config into one
Switchboard route, with timestamped backups and exact rollback commands.secretRef: "github/ci/token", never the token itself.switchboard grant puts the agent on a pass: named tools reachable,
everything else denied, gone in a few hours.switchboard status answers whether a pass is live right now.
switchboard revoke ends one early.switchboard logs reads it.npm install -g @switchboard-mcp/cli
Or without installing:
npx -y @switchboard-mcp/cli@latest scan
Requires Node 22 or newer. Daily use is on macOS, CI runs on Linux, and a Windows keychain backend exists but gets less exercise.
Start in a repo where your agents already work:
$ switchboard scan
This looks like acme-app.
Detected:
- Codex Switchboard route missing
- Claude Switchboard route missing
- Claude direct MCP server "github" detected
Authority bypasses:
high claude:github (github; direct-mcp-server, secret-env-name)
Warnings:
- 1 direct MCP bypass finding(s), including 1 high-risk finding(s), were detected.
That high-risk finding is a GitHub token sitting in plaintext in .mcp.json.
Move it behind Switchboard:
switchboard import --dry-run # see the plan first
switchboard import --write --cleanup-client
switchboard secrets set <ref> # store the token; import prints the exact command
switchboard install claude --write # route the agent through Switchboard
Import rewrites client config to a single Switchboard route, replaces the
plaintext token with a named keychain ref, and leaves a backup plus the exact
rollback command. Import never reads secret values itself; the secrets set
step is where the token actually enters your keychain. Then scope the agent:
switchboard grant --for 4h
You get the pass above. When you want it gone early:
$ switchboard revoke
Revoked pass grant-main (main). The agent's scoped access is off now.
switchboard doctor tells you the next thing to fix at any point. If a repo
has no MCP config yet, switchboard setup github-ci starts from a safe
provider template instead.
switchboard run. An agent with raw shell
access, a provider CLI, a browser session, or a direct MCP route can bypass
it. switchboard scan reports those bypass routes so you can clean them up
or acce