Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.igrisecurity.com/llms.txt

Use this file to discover all available pages before exploring further.

Gateway Setup

The Igris MCP Gateway sits between your MCP clients and upstream MCP servers. Every tool call passes through Igris for policy evaluation, audit logging, and anomaly detection.

Gateway URL Format

Once you create a connection in Igris, your gateway URL is: 
https://api.igrisecurity.com/v1/mcp/{slug}
Replace {slug} with your connection’s slug (e.g., github-prod). For self-hosted deployments, replace the domain with your own.

Authentication

The gateway accepts two authentication methods:
  1. API Key (recommended for MCP clients) — pass in the Authorization header: 
    Authorization: Bearer ig_your_api_key_here
  2. Session Cookie — if the request comes from a browser context with a valid igris.session_token cookie.
Generate API keys in the dashboard under Settings → API Keys.

Client Configuration

Claude Code

Edit your .mcp.json (project-level) or ~/.claude/mcp.json (global): 
{
  "mcpServers": {
    "my-database": {
      "url": "https://api.igrisecurity.com/v1/mcp/my-database",
      "headers": {
        "Authorization": "Bearer ig_abc123..."
      }
    }
  }
}

OpenCode

In your opencode.json: 
{
  "mcp": {
    "my-database": {
      "type": "remote",
      "url": "https://api.igrisecurity.com/v1/mcp/my-database",
      "headers": {
        "Authorization": "Bearer ig_abc123..."
      }
    }
  }
}

Cursor

In Cursor’s MCP settings (.cursor/mcp.json): 
{
  "mcpServers": {
    "my-database": {
      "url": "https://api.igrisecurity.com/v1/mcp/my-database",
      "headers": {
        "Authorization": "Bearer ig_abc123..."
      }
    }
  }
}

Generic MCP Client

Any MCP client that supports HTTP transport can use the gateway. Point the server URL to the Igris gateway and include the API key header.

What the Gateway Does

For every incoming tool call, the gateway:
  1. Authenticates the request (API key or session cookie)
  2. Resolves the connection and organization
  3. Checks the kill switch (blocks if session is suspended)
  4. Creates or resumes an agent session
  5. Evaluates governance policies (first match wins, with conditions)
  6. Executes the policy action (allow, deny, or alert)
  7. Forwards to upstream (if allowed), injecting the connection’s credential
  8. Runs anomaly detection checks
  9. Writes an audit event with user identity, trace ID, and metadata
  10. Broadcasts via SSE to connected dashboard clients

Tool Discovery

The gateway supports MCP’s tools/list method. When your client requests available tools, Igris forwards the request to the upstream server and returns the tool list.

Latency

The gateway adds minimal overhead — typically 5-15ms for policy evaluation and audit logging. Policy rules are cached in Redis to avoid database lookups on every request.

Troubleshooting

IssueSolution
401 UnauthorizedCheck your API key is valid and hasn’t been revoked
404 Not FoundVerify the connection slug matches a connection in your organization
403 Policy DeniedA deny policy matched the tool call — check Audit Events for details
502 Bad GatewayIgris can’t reach the upstream MCP server — verify the upstream URL
503 Session SuspendedThe session’s kill switch is active — resume it in the dashboard