Pipelock wraps Junie MCP server configurations through its MCP proxy, scanning all tool calls and responses bidirectionally. Works with IntelliJ IDEA, PyCharm, WebStorm, GoLand, and any JetBrains IDE that uses Junie.
Quick Start
# Install pipelock
brew install luckyPipewrench/tap/pipelock
# Wrap all Junie MCP servers
pipelock jetbrains install
# Restart your JetBrains IDE
Verify protection with pipelock discover.
What Gets Scanned
Once installed, pipelock sits between your IDE and every MCP server:
JetBrains IDE <--> pipelock mcp proxy <--> MCP Server
(Junie) (scan both directions) (subprocess)
All scanning layers apply: DLP pattern matching, prompt injection detection, tool poisoning checks, chain detection, and session binding.
Install Options
# User-level (default)
pipelock jetbrains install
# Project-level (current directory only)
pipelock jetbrains install --project
# Preview changes without writing
pipelock jetbrains install --dry-run
# Use a specific config
pipelock jetbrains install --config ~/.config/pipelock/pipelock.yaml
How It Works
jetbrains install reads ~/.junie/mcp/mcp.json, wraps each MCP server through pipelock mcp proxy, and writes the modified config back. Original configs are stored in a _pipelock metadata field for clean removal.
Stdio servers get their command wrapped:
// Before
{"command": "node", "args": ["server.js"]}
// After
{"command": "pipelock", "args": ["mcp", "proxy", "--", "node", "server.js"]}
Environment variables from env blocks are passed through automatically via --env KEY flags.
Remove
# Restore original configs
pipelock jetbrains remove
# Preview first
pipelock jetbrains remove --dry-run
Limitations
- Header passthrough: HTTP/SSE servers with custom headers cannot be wrapped yet. Use environment variable authentication instead.
- Project-local configs are not visible to
pipelock discover. The default user-level install is visible. - IDE restart required after install or remove.
See also: Claude Code · Cursor · VS Code · Full documentation