PalveronPalveronDocs

MCP Gateway

Monitor and enforce policies for MCP tool calls between AI agents and external services.

The MCP Gateway sits as a transparent proxy between AI agents and MCP servers. Every tool call passes through the Palveron Verify flow: Policy Check → Budget Check → Trace → optional Flare Anchor.

Two Operating Modes

ModeHow it worksUse case
Enforcement GatewayPalveron forwards HTTP/SSE traffic — tool calls are intercepted, inspected, and forwardedCoding agents (Cursor, Windsurf, Claude Code), in-house MCP servers
Governance Control PlaneSaaS platforms send events via the Extension APISalesforce Einstein, Microsoft Copilot, ServiceNow (native agents that cannot be proxied)

How It Works

  1. Register an MCP server in the dashboard or via API
  2. Scan the server to discover available tools and their risk levels
  3. Create policies that control which agents can use which tools
  4. Route traffic through the Palveron proxy endpoint
  5. Every tool call produces a tamper-evident trace with optional Flare blockchain attestation

Proxy Endpoint

Agents connect to the Palveron-generated proxy endpoint instead of directly to the MCP server:

POST /api/v1/mcp/proxy/{server_id}
Content-Type: application/json
Authorization: Bearer {project_api_key}

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": { "name": "query_records", "arguments": { "query": "SELECT Id FROM Account" } },
  "id": 1
}

Palveron forwards the JSON-RPC request to the actual MCP server after all checks have passed.

Policy Actions

Four enforcement actions available per tool:

ActionBehavior
ALLOWTool call is allowed (default when no policy matches)
DENYTool call is blocked — the agent receives a JSON-RPC error
REQUIRE_APPROVALTool call is queued for manual approval — 30 min expiry
LOG_ONLYTool call is allowed but produces a detailed audit trace

Security Features

  • Tool poisoning detection — SHA-256 hash of tool descriptions, alerts on changes (rug-pull detection)
  • Risk classification — Automatic CRITICAL/HIGH/MEDIUM/LOW based on tool capabilities
  • Emergency stop — Instantly block all MCP servers or a specific server/agent
  • Blockchain audit trail — BLOCKED decisions and HIGH/CRITICAL-risk calls are attested on Flare

Connector Templates

Preconfigured setups for major SaaS platforms:

TemplatePoliciesCoverage
Salesforce Einstein6CRM queries, record CRUD, bulk export blocking
Microsoft Copilot7Email, documents, Teams, prevention of external sharing
ServiceNow7Incidents, workflows, change requests, delete blocking

Create via API: POST /api/v1/mcp/servers/from-template { "template": "salesforce" }

Agent Budgets

Daily request, token, and cost limits per agent.

Server Management

Register, scan, and monitor MCP servers connected to your Palveron project.

On this page

Two Operating ModesHow It WorksProxy EndpointPolicy ActionsSecurity FeaturesConnector Templates