Roadmap · In Progress · Q2 & Beyond

Bigger
things are
on the way.

The checker is the opening move. Here's the shape of the product we're slowly, deliberately building — a dashboard for teams, drift detection, a shareable hygiene badge, and a few surprises we're keeping quiet about.

Now · Live today

Client-side validator & scoring

v0.1.0

Next · Private beta

Web dashboard & team configs

target: Q3 2026

Later · On the whiteboard

CLI, code-host integration, drift alerts

target: late 2026

Someday · Aspirational

Registry, signed configs, SOC2 flow

tbd

§ 01 · Preview

The dashboard, in outline.

A quiet command center for every MCP config across your org — scores, drift, risky servers, rotation reminders. The screenshot below is a design mockup; the product is being built.

app.mcpcleaner.com/dashboard

Average Score

87/100

▲ 4 from last week

Configs Tracked

▲ 3 new this week

Hardcoded Secrets

▼ needs rotation

Servers In Use

178

▲ 11 this week

Hygiene score, 30 days

Weekly median

Risky servers

Top 5

legacy-database

workspace-a · 3 env keys

↓ 22

chat-prod

workspace-b · 2 warnings

↓ 6

internal-fetch

workspace-c · http://

—

filesystem

workspace-a · clean

↑ 2

code-host

workspace-b · clean

↑ 1

Recent drift

Last 24 hours

09:42

nina.k modified mcpServers.code-host.env — added CODE_HOST_TOKEN (placeholder)

08:17

ci-bot detected hardcoded secret in chat-prod — alert sent to #security

Yesterday

raj.p added server puppeteer to dev workspace

Yesterday

Score delta: +4 after legacy-database env keys rotated

§ 02 · The backlog

Features, in order of
honest likelihood.

R · 01

Team dashboard

Aggregate every MCP config across your org. See scores trend. Catch regressions before they ship. Shared visibility, not surveillance.

Next · In design

R · 02

Drift detection

Know the moment someone swaps an env placeholder for a literal key. Alert via email, chat, or a webhook of your choosing.

Next · Prototyping

R · 03

Code-host integration

Scan every PR that touches a config file. Comment with a diff-level score and block merges on hardcoded secrets.

Soon

R · 04

CLI companion

npx mcpcleaner check ~/.config/mcp.json — same rules, scriptable, pre-commit-hook-shaped.

Soon

R · 05

Shareable badge

A README badge proving your config passes. Because if your repo is clean, you might as well say so.

Planned

R · 06

Custom policies

Write org-specific rules. "No server may use http://", "All env keys must start with TEAM_", "Disallow sudo anywhere." We enforce; you define.

Planned

R · 07

Signed configs

Verify the config your client loads is the one your team approved. Cryptographic peace of mind for high-trust environments.

Researching

R · 08

Private server registry

Curate the MCP servers your org is allowed to run. Reviewed, tagged, versioned, auditable.

Aspirational

Bigger things are on the way.