MCP Checkpoint traces data leaks

I’ll walk through how I built MCP Checkpoint, a small tool that reads an agent’s MCP config and shows where things can go wrong. The demo covers how we parse the config, map each tool and route, and trace the paths where sensitive data could leak once the agent starts running. I’ll also share a few mistakes from the early versions, odd MCP servers we tested against, and how we ended up with simple rules that catch risky source to sink flows. It’s a hands-on look at the code and the reasoning behind it.