> ## Documentation Index
> Fetch the complete documentation index at: https://docs.igrisecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Quickstart

> Go from zero to governed MCP tool calls in under 5 minutes.

# Quickstart

This guide walks you through signing up, creating a connection, writing your first policy, and making a governed MCP tool call.

## 1. Sign Up

Navigate to [app.igrisecurity.com/signup](https://app.igrisecurity.com/signup) and create an account using email/password or OAuth (GitHub, Google).

After signup you'll be prompted to create your first organization.

## 2. Create a Connection

Connections are encrypted credential vaults for your upstream MCP servers. Go to **Governance → Connections** and click **New Connection**.

Provide:

* **Name** — a human-readable label (e.g., "GitHub Production")
* **Slug** — a URL-safe identifier (e.g., `github-prod`)
* **Upstream URL** — where the real MCP server lives (e.g., `https://mcp.github.com`)
* **Credential** — the upstream API key or token (encrypted at rest)

Once created, Igris gives you a gateway URL:

```
https://api.igrisecurity.com/v1/mcp/github-prod
```

## 3. Install the SDK

```bash theme={null}
npm install @igris-security/sdk
```

## 4. Connect to MCP

```typescript theme={null}
import { Igris } from "@igris-security/sdk";

const igris = new Igris({
  apiKey: "ig_your_api_key",  // from Settings → API Keys
});

const config = igris.connectHttp("github-prod", {
  user: "alice@company.com",
  metadata: { role: "developer" },
});

// Use with any MCP client
// Spread config.headers alongside Authorization — it carries session and metadata headers
// that Igris requires. Both are needed; neither alone is sufficient.
const client = new McpClient({
  transport: new StreamableHttpTransport(config.baseUrl, {
    headers: {
      Authorization: `Bearer ${config.apiKey}`,
      ...config.headers,
    },
  }),
});
```

Or for direct MCP client usage (Claude Desktop, Cursor):

```json theme={null}
{
  "mcpServers": {
    "github": {
      "url": "https://api.igrisecurity.com/v1/mcp/github-prod",
      "headers": {
        "Authorization": "Bearer ig_your_api_key"
      }
    }
  }
}
```

Every tool call now flows through Igris before reaching the upstream server.

## 5. Create Your First Policy

Go to **Governance → Policies** and click **Create Policy**.

Example: block destructive operations for interns.

```json theme={null}
{
  "connectionSlugs": ["github-prod"],
  "name": "Block destructive ops for interns",
  "rules": [
    { "tool": "delete_*", "action": "deny", "conditions": { "metadata.role": "intern" } },
    { "tool": "drop_*", "action": "deny", "conditions": { "metadata.role": "intern" } },
    { "tool": "*", "action": "allow" }
  ]
}
```

<Note>
  `connectionSlugs` is an array — a single policy can apply to multiple connections.
</Note>

Rules are evaluated **first match wins**. The catch-all `*` at the end allows everything not explicitly denied. Conditions on `metadata.role` only apply when the SDK passes that metadata.

## 6. Trigger a Tool Call

Use your MCP client as normal. The gateway will:

* Authenticate your API key
* Inject the upstream credential (from the connection)
* Evaluate policies (including metadata conditions)
* Log everything to the audit trail

<Warning>
  **Quota exhaustion:** when your organization's monthly log quota is reached, tool calls continue to succeed but audit events are silently dropped. Monitor your usage in **Settings → Usage** to avoid gaps in your audit trail.
</Warning>

## 7. View the Audit Trail

Go to **Monitoring → Audit Trail** to see every tool call, including:

* User (the API key owner; `X-Igris-User` is stored in request metadata, not the User field)
* Trace ID (for correlating multi-step requests)
* Tool name + arguments
* Policy action (allowed / denied / alerted)
* Connection used
* Latency

Filter by user, trace ID, or connection to drill down.

## What's Next?

<CardGroup cols={2}>
  <Card title="LLM Gateway" icon="rocket" href="/connect/llm-gateway">
    Route LLM calls through Igris for audit, policies, and cost tracking.
  </Card>

  <Card title="Connections" icon="key" href="/connect/connections">
    Manage encrypted credentials, rotate tokens, and control access.
  </Card>

  <Card title="Policy Conditions" icon="shield" href="/govern/policies">
    Metadata-based rules, deny-by-default, and condition operators.
  </Card>

  <Card title="Anomaly Detection" icon="triangle-alert" href="/govern/anomaly">
    Set up rate spike and destructive pattern alerts.
  </Card>
</CardGroup>
