Server data from the Official MCP Registry
Governed local MCP gateway for workspace, sandbox, document and profile operations.
Governed local MCP gateway for workspace, sandbox, document and profile operations.
PLwC is a policy-controlled MCP gateway with thoughtfully designed security architecture, including path traversal protections, sandboxing, and governance controls. However, the codebase is extremely large and complex, making comprehensive analysis challenging. Several moderate concerns exist: file operations accept user-controlled paths that must be validated by the adapter layer (defense-in-depth risk if validation fails), environment variable access is present without clear scoping documentation, and the audit system relies on external logging which could fail silently. The sandboxed execution design is sound, but dependencies like fastembed and qdrant-client are not pinned in pyproject.toml, creating supply chain risk. Despite these concerns, the overall architecture demonstrates good security practices appropriate for a governance-focused tool. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity).
4 files analyzed · 11 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-mhoedt-ai-plwc-gateway": {
"args": [
"plwc-gateway"
],
"command": "uvx"
}
}
}From the project's GitHub README.
PLwC is a local, model-independent governance gateway for AI tool access, persistent context and controlled memory. It is not the agent and it is not the language model. It is the independent control layer between the AI host, the model and local tools.
AI host / model
|
v
PLwC governance gateway
|
v
tools, files, profiles, memory and sandbox
PLwC exposes one visible MCP server, routes all capabilities through policy and governance checks, and provides workspace, document, sandbox, profile, reflection and audit-oriented controls. The gateway is designed for MCP-capable hosts in general. Claude Desktop is the current primary packaged and smoke-tested Open Beta route, but the boundary remains useful when a host, such as ChatGPT Work, Claude or another MCP client, also offers its own file access or agent features.
v0.2.0-rc18.dev9.v0.2.0-rc18.dev9 combines PR-005 privacy-filtered packaging with
RC18-ALIAS-001: reflection marker/trust inputs are English-first while
preserving PBA2 canonical storage.v0.2.0-rc18.dev9 with verdict PASS.PLwC is not production-certified. It is local infrastructure under active development.
PLwC is:
plwc-gateway.PLwC is not:
plwc-gateway.DOCX, XLSX, PPTX and PDF artifacts.plan / apply flows including
reflection_condensation with plan_id apply.PLwC v0.2 exposes exactly these eight public facade tools:
| Tool | What it does |
|---|---|
plwc_status | Reports gateway, sandbox, and profile runtime state; generates a ready-to-paste Claude Desktop config snippet. |
plwc_describe | Returns a self-description of all supported tools, operations, plan types, and capability boundaries — the single source of truth for what PLwC can do in the current session. |
plwc_profile | Loads, inspects, and activates profiles; compiles the configured profile into the active session context. |
plwc_reflection | Writes governed reflection entries to reflection.md with semantic validation — rejects pure technical logs and requires a reusable user, collaboration, or system insight. |
plwc_governor | Two-stage plan / apply flow for promoting insights to memory.md or PERSONA.md, condensing stale reflection candidates, and creating new profiles — all requiring explicit confirmation before any write. |
plwc_sandbox_run | Executes Python or Shell snippets in an isolated Docker container with no network access and no silent fallback to a host shell. |
plwc_workspace_operation | Reads, writes, lists, searches, copies, moves, and renames files within configured workspace roots; includes binary and base64 paths and an exact-replace mode. Delete is not public. |
plwc_document_operation | Creates and manipulates DOCX, XLSX, PPTX, and PDF files; inspects, merges, splits, rotates, and extracts text from PDFs; handles ZIP archives; reads workspace images as MCP image content blocks. |
The 19 individual public tool names from earlier scaffolds
(plwc_compile_profile, plwc_write_workspace_file,
plwc_governor_plan, plwc_write_reflection, ...) are no longer
public in v0.2. Their behavior is reachable through the eight facade
tools above via operation / scope / lang dispatch parameters.
auto_filter, merges).read_image (governed workspace image reads).PERSONA.md, memory.md,
reflection.md, governance/config.yaml, ...) cannot be edited
through workspace operations.The following are intentionally not implemented in v0.2:
.docm / .xlsm / .pptm generation).For step-by-step installation, see
docs/QUICKSTART_CLAUDE_DESKTOP.md.
For full installation context, prerequisites and configuration
options, including local GPT and Odysseus stdio setup plus hosted ChatGPT
web/custom-app status, see docs/INSTALLATION.md.
docs/PROGRAM_AND_SOFTWARE_DESCRIPTION_OPEN_BETA.mddocs/INSTALLATION.md,
docs/QUICKSTART_CLAUDE_DESKTOP.mddocs/TOOLS.mddocs/PROJECT_SCOPE.mddocs/SECURITY_MODEL.md,
docs/SAFE_MODE.mddocs/ONBOARDING.md,
docs/FIRST_RUN.mddocs/CONFIGURATION.md,
docs/TROUBLESHOOTING.mdBETA_TESTING.md. Details:
docs/EXTERNAL_TESTER_GUIDE.md,
docs/EXTERNAL_TEST_PLAN.md,
docs/BUG_REPORT_TEMPLATE.md,
docs/GITHUB_BETA_WORKFLOW.mddocs/AUDIT_LOG.mdUse GitHub Issues for reproducible bugs and feature requests. For security-sensitive reports, contact info@plwc.de privately. Do not include secrets, real profile content, private paths or other sensitive details in public issues.
If PLwC helps you, you can support development via Ko-fi:
Ko-fi support is voluntary and not required to use PLwC.
PLwC is licensed under the Apache License 2.0. See LICENSE.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.