MCP security
Secure MCP server traffic with a governance proxy
MCP (Model Context Protocol) uses standard HTTP for its Streamable HTTP transport. TameFlare's transparent proxy already intercepts, logs, and enforces permissions on every MCP tool call - no special configuration needed.
How MCP traffic works on the wire
When an AI agent calls an MCP tool, it sends a standard HTTP POST with a JSON-RPC 2.0 body. The tools/call method contains the tool name and arguments. This is regular HTTP - and TameFlare is an HTTP proxy.
POST /mcp HTTP/1.1
Content-Type: application/json
{
"jsonrpc": "2.0",
"method": "tools/call",
"params": {
"name": "create_pull_request",
"arguments": { "repo": "acme/backend", "head": "fix-auth" }
}
}
Why TameFlare already secures MCP traffic
TameFlare's built-in MCP connector parses JSON-RPC requests, extracts the tool name and arguments, and evaluates them against your permission rules. No MCP-specific setup - it works automatically when the MCP server uses Streamable HTTP transport.
MCP connector
Parses JSON-RPC tools/call and tools/list requests. Extracts tool name, arguments, and risk level from the request body.
Credential injection
MCP server tokens stored in the encrypted vault. The proxy injects them at request time. Your agent never sees the real credentials.
Action-level audit
Every MCP tool call logged with tool name, arguments, decision, and latency. Full visibility into what your agent did via MCP.
Permission control
Allow tools/list but deny tools/call for specific tools. Block dangerous operations while allowing safe reads.
How to proxy MCP traffic through TameFlare
# Run any MCP-connected agent through TameFlare
tf run -- python mcp_agent.py
# Or run an MCP server process itself
tf run -- npx @modelcontextprotocol/server-github
All outbound HTTP traffic from the process is routed through the proxy. MCP Streamable HTTP requests are intercepted and parsed by the MCP connector automatically.
Note: MCP stdio transport (local subprocess communication via stdin/stdout) does not use HTTP and is not proxied. Only Streamable HTTP transport is governed.
MCP proxy capabilities
| Capability | Status |
|---|---|
| Intercept MCP Streamable HTTP traffic | Supported |
| Parse tools/call JSON-RPC requests | Supported |
| Parse tools/list JSON-RPC requests | Supported |
| Extract tool name and arguments | Supported |
| Credential injection for MCP servers | Supported |
| Per-tool permission rules | Supported |
| Human-in-the-loop approvals for tools | Supported |
| MCP stdio transport | Not applicable (not HTTP) |
Govern MCP tool calls in minutes
Free Starter tier. No credit card. Works with any MCP server using Streamable HTTP.