PalveronPalveronDocs

MCP Gateway

Monitor and enforce policies for MCP tool calls between AI agents and external services.

The MCP Gateway sits as a transparent proxy between AI agents and MCP servers. Every tool call passes through the Palveron Verify flow: Policy Check → Budget Check → Trace → optional Flare Anchor.

Two Operating Modes

ModeHow it worksUse case
Enforcement GatewayPalveron forwards HTTP/SSE traffic — tool calls are intercepted, inspected, and forwardedCoding agents (Cursor, Windsurf, Claude Code), in-house MCP servers
Governance Control PlaneSaaS platforms are registered via MCP connector templates; their tool calls are governed by tool policiesSalesforce Einstein, Microsoft Copilot, ServiceNow (native agents that cannot be proxied)

How It Works

  1. Register an MCP server in the dashboard or via API
  2. Scan the server to discover available tools and their risk levels
  3. Create policies that control which agents can use which tools
  4. Route traffic through the Palveron proxy endpoint
  5. Every tool call produces a tamper-evident trace with optional Flare blockchain attestation

Proxy Endpoint

Agents connect to the Palveron-generated proxy endpoint instead of directly to the MCP server:

POST /api/v1/mcp/proxy/{server_id}
Content-Type: application/json
Authorization: Bearer {project_api_key}

{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": { "name": "query_records", "arguments": { "query": "SELECT Id FROM Account" } },
  "id": 1
}

Palveron forwards the JSON-RPC request to the actual MCP server after all checks have passed.

Policy Actions

Four enforcement actions available per tool:

ActionBehavior
ALLOWTool call is allowed (default when no policy matches)
DENYTool call is blocked — the agent receives a JSON-RPC error
REQUIRE_APPROVALTool call is queued for manual approval (pending approvals expire)
LOG_ONLYTool call is allowed but produces a detailed audit trace

Security Features

  • Tool poisoning detection — SHA-256 hash of tool descriptions, alerts on changes (rug-pull detection)
  • Risk classification — Automatic CRITICAL/HIGH/MEDIUM/LOW based on tool capabilities
  • Emergency stop — Instantly block all MCP servers or a specific server/agent
  • Blockchain audit trail — BLOCKED decisions and HIGH/CRITICAL-risk calls are attested on Flare

Connector Templates

11 preconfigured setups for major SaaS platforms and coding agents: Salesforce, Microsoft Copilot, ServiceNow, Slack AI, Teams Copilot, Zendesk AI, Intercom Fin, AWS Bedrock, Azure AI, Cursor, Claude Code. Each template seeds recommended tool policies and triggers an immediate tool scan.

Create via API: POST /api/v1/mcp/servers/from-template { "template": "salesforce" }

On this page