Skip to main content
MCP Trail MCP Trail

Stop risky MCP tool calls
before they run

See every MCP tool call, block what looks dangerous, and keep a clear audit trail.

MCP Trail is the MCP firewall and security gateway between your assistants and your MCP servers. Traffic is checked against your rules first—risky calls can be blocked or sent for approval before they run.

Start free Contact us Explore features Try free MCP Playground + risk monitor
Log the call. Block the bad ones. Approve the rest.

Early teams & pilots

Named logos and case studies go here when customers are ready to share. Running MCP Trail in production? We’d love your feedback.

Free MCP Playground for Fast Testing

Use the Free MCP Playground to test MCP endpoints through Guardian, inspect risky tool behavior, and validate safe configuration before production rollout. It also includes a free MCP session risk calculator and a free MCP traffic monitor.

free MCP Playground, free MCP session risk calculator, free MCP traffic monitor.

Open Free MCP Playground
Why teams put a gateway in front of MCP

Model Context Protocol (MCP) lets AI reach real tools and data. Without an MCP firewall–style control point, that traffic is hard to see, hard to prove, and easy to misuse.

You can’t secure what you can’t see

Tool calls often happen with little logging. A single weak or mis-set server can leak secrets or run damaging commands before anyone notices.

Allowing a tool name isn’t enough

Risk hides in the payload: arguments, shell-like strings, and sensitive fields inside JSON. Name-only allowlists miss most of that.

Security and compliance need receipts

You need a dated record of who called what, what was blocked, and who approved an exception—without shutting down every developer.

Deployments

HTTP, npm, or Docker—one Guardian setup

Cover HTTP, npm, and Docker-based MCP servers with the same control plane: one proxy URL per server, tokens scoped per server, shared policies.

Stdio-only servers usually need a bridge first; point Guardian at that HTTP URL. Double-check transports in the live product docs.

How you run MCP How Guardian fits in
HTTP / remote MCP The usual production setup: MCP over HTTPS. Register your server URL in MCP Trail; assistants call Guardian’s proxy instead of hitting the upstream directly.
npm / Node-based MCP Many Node servers start with npm or npx (often over stdio in dev). When Guardian needs HTTP, add a small JSON-RPC bridge and register that HTTP address.
Docker MCP servers Containers typically expose HTTP for the proxy—or sit behind the same kind of bridge. Guardian stores that URL; clients never need the raw container endpoint.
What you get with MCP Trail

What you configure in the dashboard is what the proxy enforces: registered servers, shared state, and a full audit trail in one product.

Guardian proxy

Place MCP Trail’s gateway—your MCP firewall—in front of each MCP server. Clients use one stable proxy URL per server; you get scoped tokens, routing, and policy checks before any tool runs.

Catalog policies for tools, resources & prompts

Open vs catalog allowlists, per-entity modes (disabled, log, HITL, auto), and destructive-shell detection—so unknown or high-risk surfaces do not run silently.

Custom policies & policy packs

Organization-level policy stance and packs you attach to Guardian servers—so DLP posture, tool visibility, and approval defaults stay consistent across teams.

Custom rules

Org-defined patterns and keyword rules on top of defaults—catch sector-specific tokens, internal project codes, or phrases your security team cares about.

Argument protection

Structural limits on JSON-RPC tool arguments—depth, string size, array length, object keys—before expensive work or upstream calls; pairs with DLP and shell-safety checks.

DLP on arguments & tool results

Scan tool call payloads and JSON results for secrets, payment-card-shaped data, tokens, and org-defined patterns—with monitor, block, or redact modes.

SSRF & safe egress

Upstream URLs are validated and resolved IPs are checked against private, loopback, and cloud-metadata ranges by default—shrinking SSRF blast radius from MCP connectors.

Tool sequencing & suspicious chains

Set safe step-by-step rules, like lint then build, test before deploy, and deploy only after checks. Guardian looks at what already happened in the session and can allow, pause for approval (HITL), or block the next call when a chain looks risky.

Human approval (HITL)

Queue sensitive calls for review. Approvers work in the dashboard or via Slack links when you set them up.

Audit log

Searchable history of tool calls, blocks, and outcomes—so incidents and compliance questions get answers from logs, not guesses.

Abuse and cost controls

Rate limits, payload caps, and budgets help stop floods, noisy clients, and surprise load on your MCP servers.

Where MCP Trail fits

AI security has three layers. MCP Trail focuses on the MCP layer—the path between assistants and your servers and tools.

AI and agents

Prompt safety, which tools an app may use, and policies on the assistant side.

MCP layer

Guardian lives here—your MCP firewall on the wire: policies, logging, data checks, approvals, and limits on MCP traffic before it reaches your servers.

APIs and backends

Traditional API security, auth, and hardening for the systems behind your tools.

How it works
1

Point clients at Guardian

Register each MCP server in MCP Trail and give assistants the Guardian proxy URL. They never need the raw upstream endpoint.

2

Set policies and data rules

Tune allowlists, shell-safety rules, and data-loss checks to match how your teams actually use tools over MCP.

3

Monitor, block, and approve

Use analytics and the audit log to spot issues. Pull risky calls into the approval queue and decide without leaving the app.

Visibility built for operators and security

Spikes, noisy tools, and error rates show up next to the same audit records you already rely on for reviews.

Usage and outcome views so owners can answer what happened

Tokens scoped per Guardian server—not one key for everything

Payload checks at the gateway before traffic hits your MCP server

Evidence you can show—not a policy PDF nobody reads

When someone asks what called what, what was blocked, and who approved it, the answer should be in the log. We build for that—not for slide decks.

Contact us View Features
Core pieces

What Guardian does for you

A proxy in front of your MCP servers, tool allowlists, data-loss checks, optional human approval, full audit history, and rate limits—so you can show what ran and what you stopped.

Guardian proxy

Place MCP Trail’s gateway—your MCP firewall—in front of each MCP server. Clients use one stable proxy URL per server; you get scoped tokens, routing, and policy checks before any tool runs.

Audit log

Searchable history of tool calls, blocks, and outcomes—so incidents and compliance questions get answers from logs, not guesses.

Human approval (HITL)

Queue sensitive calls for review. Approvers work in the dashboard or via Slack links when you set them up.

Abuse and cost controls

Rate limits, payload caps, and budgets help stop floods, noisy clients, and surprise load on your MCP servers.

Live activity and monitoring

See MCP traffic as it moves through Guardian—so ops and security can spot spikes and odd patterns early.

Policies and rules you control

Set organization-wide policies and finer rules where the product supports them. Audit export and advanced packaging are available—confirm options in the dashboard or with our team.

Explore All Features
Customer stories

Coming soon — with permission

We don’t publish made-up quotes or stock photos. When teams approve public write-ups and logos, they’ll show up here.

What we hear most in pilots

  • A clear audit trail: what called what, what was blocked, and who approved the exception.
  • Human review for sensitive tool calls without freezing every developer.
  • Rules that look at arguments and payloads, not just the tool name on the label.

Try Guardian on your next MCP rollout

Add a server, point clients at the proxy, and read the audit trail. Get started in the app—no purchase order required.

Get Started Contact us
Newsletter

Low-volume MCP security notes

We send mail when we have something worth reading: product changes, rough edges we fixed, and occasional threat write-ups. Unsubscribe anytime.

By subscribing, you agree to our Privacy Policy. Privacy Policy