MCP Gateway
Monitor and enforce policies for MCP tool calls between AI agents and external services.
The MCP Gateway sits as a transparent proxy between AI agents and MCP servers. Every tool call passes through the Palveron Verify flow: Policy Check → Budget Check → Trace → optional Flare Anchor.
Two Operating Modes
| Mode | How it works | Use case |
|---|---|---|
| Enforcement Gateway | Palveron forwards HTTP/SSE traffic — tool calls are intercepted, inspected, and forwarded | Coding agents (Cursor, Windsurf, Claude Code), in-house MCP servers |
| Governance Control Plane | SaaS platforms are registered via MCP connector templates; their tool calls are governed by tool policies | Salesforce Einstein, Microsoft Copilot, ServiceNow (native agents that cannot be proxied) |
How It Works
- Register an MCP server in the dashboard or via API
- Scan the server to discover available tools and their risk levels
- Create policies that control which agents can use which tools
- Route traffic through the Palveron proxy endpoint
- Every tool call produces a tamper-evident trace with optional Flare blockchain attestation
Proxy Endpoint
Agents connect to the Palveron-generated proxy endpoint instead of directly to the MCP server:
POST /api/v1/mcp/proxy/{server_id}
Content-Type: application/json
Authorization: Bearer {project_api_key}
{
"jsonrpc": "2.0",
"method": "tools/call",
"params": { "name": "query_records", "arguments": { "query": "SELECT Id FROM Account" } },
"id": 1
}Palveron forwards the JSON-RPC request to the actual MCP server after all checks have passed.
Policy Actions
Four enforcement actions available per tool:
| Action | Behavior |
|---|---|
ALLOW | Tool call is allowed (default when no policy matches) |
DENY | Tool call is blocked — the agent receives a JSON-RPC error |
REQUIRE_APPROVAL | Tool call is queued for manual approval (pending approvals expire) |
LOG_ONLY | Tool call is allowed but produces a detailed audit trace |
Security Features
- Tool poisoning detection — SHA-256 hash of tool descriptions, alerts on changes (rug-pull detection)
- Risk classification — Automatic CRITICAL/HIGH/MEDIUM/LOW based on tool capabilities
- Emergency stop — Instantly block all MCP servers or a specific server/agent
- Blockchain audit trail — BLOCKED decisions and HIGH/CRITICAL-risk calls are attested on Flare
Connector Templates
11 preconfigured setups for major SaaS platforms and coding agents: Salesforce, Microsoft Copilot, ServiceNow, Slack AI, Teams Copilot, Zendesk AI, Intercom Fin, AWS Bedrock, Azure AI, Cursor, Claude Code. Each template seeds recommended tool policies and triggers an immediate tool scan.
Create via API: POST /api/v1/mcp/servers/from-template { "template": "salesforce" }