MCP Server Protection
How Edison Watch protects you from unauthorized MCP servers.
Edison Watch can monitor your AI tools' MCP configurations and quarantine any server that hasn't been approved by your organization. Auto-quarantine is disabled by default and can be enabled by admins for their domain under Ext Config → Tenant Backend URLs in the dashboard.
How It Works
When auto-quarantine is enabled and Edison Watch starts, it scans your system for MCP server configurations across all supported AI tools. Any server that isn't the Edison Watch gateway is quarantined-moved to a disabled state until you or your admin reviews it.
This prevents:
- Supply chain attacks: Malicious servers added without your knowledge
- Shadow IT: Unapproved tools connecting to enterprise data
- Accidental exposure: Misconfigured servers leaking sensitive information
Supported AI Tools
Edison Watch monitors MCP configurations for:
| Tool | Configuration Location |
|---|---|
| Cursor | ~/.cursor/mcp.json |
| VS Code | ~/Library/Application Support/Code/User/mcp.json |
| VS Code Insiders | ~/Library/Application Support/Code - Insiders/User/mcp.json |
| Claude Code | ~/.claude/settings.json and ~/.claude.json |
| Claude Desktop | ~/Library/Application Support/Claude/claude_desktop_config.json |
| Windsurf | ~/.codeium/windsurf/mcp_config.json |
| Zed | ~/.config/zed/settings.json |
Paths shown are for macOS. Windows and Linux paths vary but are automatically detected.
What Happens When a Server is Quarantined
- Detection: Edison Watch detects a new MCP server in your configuration
- Backup: Your original config file is backed up (e.g.,
mcp.json.backup.20250127-143022.json) - Quarantine: The server is moved to a
.disabledfile alongside your config - Notification: You receive a notification about the quarantined server
The quarantined server cannot run until it's been reviewed and approved.
Reviewing Quarantined Servers
When a server is quarantined, you'll see a notification. Click it to review the server details:
- Server name: The identifier used in your config
- Source app: Which AI tool had this server configured
- Command/URL: What the server runs or connects to
Actions You Can Take
- Request Approval: Submit the server for admin review (enterprise users)
- Delete: Remove the server permanently
- View Details: See the full server configuration
Only approve servers you recognize and trust. If you didn't add a server yourself, it may have been added by malicious software.
Project-Level Monitoring
Edison Watch also monitors project-specific MCP configurations. When you open a project in an AI tool, the app can detect and monitor:
.mcp.jsonfiles in project roots- Workspace-level MCP configurations
- Project-specific server definitions
This ensures that even project-scoped servers go through the same approval process.
Automatic Hook Injection
To track which projects you're working on, Edison Watch can inject lightweight hooks into supported AI tools. These hooks simply record the current working directory when you start a session.
Supported Hook Systems
| Tool | Hook Location | Event |
|---|---|---|
| Claude Code | ~/.claude/settings.json | PreToolUse |
| Cursor | ~/.cursor/hooks.json | sessionStart |
| Windsurf | ~/.codeium/windsurf/hooks.json | pre_user_prompt |
Hooks are optional and only record your working directory. They don't monitor your code or conversations.
How Hooks Work
- When you start a session in an AI tool, the hook runs
- It writes a small JSON file to
~/.edison-watch/pending/ - Edison Watch picks up the file and registers the project
- Project-specific MCP configs are then monitored
Managing Hooks
You can view and manage hooks from the Edison Watch menu:
- View Status: See which tools have hooks installed
- Remove Hooks: Disable project tracking for specific tools
Restoring a Server
If a legitimate server was quarantined by mistake:
- Open the Edison Watch menu
- Go to Quarantined Servers
- Find the server you want to restore
- Click Request Approval or contact your admin
For enterprise users, approved servers are automatically restored across all team members.
Troubleshooting
"My server keeps getting quarantined"
This happens when you add a server and Edison Watch quarantines it before you can use it. To add a new server:
- Contact your IT admin to pre-approve the server
- Or use the Edison Watch dashboard to submit an approval request first
- Then add the server to your config-it won't be quarantined if already approved
"I can't find my quarantined server"
Quarantined servers are stored in .disabled files next to your config:
mcp.json→mcp.json.disabledsettings.json→settings.json.disabled
"Hooks aren't working"
- Ensure Edison Watch is running
- Check that the hook file exists (see paths above)
- Restart your AI tool after hooks are installed