This is a security layer that sits between your MCP host and external MCP servers, scanning tool calls and responses for prompt injection, leaked secrets, and dangerous commands before they execute. It exposes tools like gate_mcp_tool_call, gate_mcp_response, and review_mcp_manifest that return allow, block, redact, or warn decisions. You maintain a trust registry (trusted, monitor, blocked) for known servers and get manifest drift detection when a server's capabilities change. Useful if you're chaining multiple MCP servers together and want guardrails before an agent shells out or accesses the filesystem through an untrusted tool. The hosted demo runs on Railway with API key auth, or run it locally as a Python service.
claude mcp add --transport http josephibra-shadowgate-mcp https://shadowgate-mcp.mcp.xpay.sh/mcp