MCP security proxy that protects AI tool connections by intercepting and analyzing MCP (Model Context Protocol) traffic locally before it reaches your MCP servers.
Golf Local sits between your MCP client (Claude Desktop, Cursor, VS Code, etc.) and your MCP servers, sending each message to a Golf Gateway for real-time threat detection — prompt injection screening, rate limiting, and audit logging — with zero changes to your existing setup.
brew install golf-mcp/tap/golf-localDownload the binary for your platform from the latest release, make it executable, and move to your PATH:
chmod +x golf-local-*
sudo mv golf-local-* /usr/local/bin/golf-localConnect golf-local to your Golf Gateway:
golf-local setupThis opens your browser for OAuth authentication, then lets you select which gateway to connect to.
golf-local wrap -- npx -y @modelcontextprotocol/server-filesystem /path/to/dirgolf-local proxy --target http://localhost:3001 --port 8081golf-local status- Block mode (default): Blocks messages identified as threats
- Monitor mode: Logs threats but allows all traffic through
Set via golf-local setup or the GOLF_LOCAL_MODE environment variable.
| Platform | Architecture | Binary |
|---|---|---|
| macOS | Apple Silicon (M1/M2/M3/M4) | golf-local-darwin-arm64 |
| macOS | Intel | golf-local-darwin-amd64 |
| Linux | x86_64 | golf-local-linux-amd64 |
| Linux | ARM64 | golf-local-linux-arm64 |
| Windows | x86_64 | golf-local-windows-amd64.exe |
For full documentation, visit golf.dev.
Apache 2.0 — see LICENSE.