MCP GUARD

Agent-fleet control plane

Ship more with agents.Spend less. Prove everything.

Coding agents multiply your output — and your spend, and your audit surface. MCP Guard is the control plane that keeps all three honest: fleets governed by policy, costs priced to the cent, and every line provable — across every runtime you run.

built-in gates + plugin SDK
11built-in gates + plugin SDK
ledger, re-verified hourly
SHA-256ledger, re-verified hourly
per-session attestation
Ed25519per-session attestation
fleet spend precision
$0.01fleet spend precision

Governs Claude Code · Cursor · Devin · Copilot · in-house agents

The thesis

The IDE was built for writing code. This is where you ship it. The center of gravity is moving — out of the editor, into the control plane. The terminal and the IDE become where agents work. This is where you do.

01

Typing Delegating

One engineer used to mean one cursor. Now it means a fleet of agent sessions running in parallel — and the constraint stops being how fast anyone types.

02

Reviewing Policy

You cannot eyeball ten thousand diffs. You can write the rules once — approved agents, models, MCP servers, tools — and have every merge evaluated against them, mechanically.

03

Trust Proof

“An agent wrote this” satisfies no auditor. A hash-chained ledger of every decision, exportable and independently verifiable, does.

The control plane

Govern. Observe. Intervene. Prove.

Not a CCTV wall for watching a thousand agents — an exception-routed surface. Set policy once, let the fleet run, touch only what the policy escalates, and keep cryptographic evidence of all of it.

Govern

/policy

Policy as code, simulated before it ships.

  • Eleven built-in gates — test coverage, schema discipline, PII scanning, agent attestation, MCP-server allowlisting, model policy — plus a sandboxed plugin SDK.
  • Replay the last 30 days of real agent activity against a draft policy before publishing. Nobody else has the data substrate to do this.
  • Graduated cost limits per session, per actor, per agent type — breach notifications fire exactly once.

Observe

/fleet

Every in-flight session, every runtime, one surface.

  • Live via SSE, attested via Ed25519 — Claude Code, Cursor, Devin, Copilot, and in-house agents in the same view.
  • API spend priced per segment and verified to the cent, with ranked optimization insights and one-click model write-back.
  • Stuck sessions escalate through warn → alert → flag tiers; abandoned work can't hide.

Intervene

/inbox

Exception-routed triage, not a CCTV wall.

  • Gate failures, attestation misses, cost breaches, and policy denials land in one queue — most sessions never need a human at all.
  • Resolve, snooze, assign, waive — every action writes a hash-chained audit row with the operator's reasoning.
  • Moot exceptions auto-resolve when the PR ships; the queue stays about decisions, not housekeeping.

Prove

/audit

A ledger your auditor can verify alone.

  • Every policy decision and agent action chains by SHA-256 in Postgres; the chain re-verifies hourly.
  • CSV / JSON / PDF evidence packets on demand, scoped by repo, gate, actor, and time range.
  • PIN-gated, time-bounded auditor shares — never raw database access, never an opaque PDF.

What it looks like

Three surfaces. One control plane.

Mock screenshot of the MCP Guard fleet view: a table of in-flight agent sessions across Claude Code, Cursor, Devin, and an in-house runtime, with state chips and a live SSE indicator.
/fleetEvery in-flight agent session — across every runtime — in one operator surface. Live via SSE, attested via Ed25519.
Mock screenshot of the MCP Guard exceptions inbox: a list of policy violations grouped by type with severity chips and suggested resolutions.
/inboxPolicy violations land in a triage inbox. Resolve, snooze, dismiss — every action writes a hash-chained audit row.
Mock screenshot of the MCP Guard policy simulation view: a draft policy diff on the left, a replay outcome on the right with per-rule block counts.
/policy/simulateReplay the last 30 days of agent activity against a draft policy before you publish. See what would have blocked, and why.

How it works

Three steps from install to auditor-ready.

  1. 01

    Connect

    Install the GitHub App, point your agent runtimes at the /v1/agent-runs endpoint, and pick a policy template. First check-run in minutes.

  2. 02

    Govern

    Every PR runs the gates. Every session is attested and costed. The merge button becomes the policy boundary, not a hope.

  3. 03

    Attest

    Auditors get a signed-URL share into the hash-chained ledger. Compliance reviews evidence; engineering keeps shipping.

For delivery firms

A new operating model for consulting: sell outcomes, run fleets, prove everything.

The leverage of a consulting firm used to be headcount. Now it's a governed agent fleet with a senior engineer at the controls. We run our own delivery practice on MCP Guard — opportunity sourcing through client handoff — and license the same platform and playbook to firms making the shift.

  1. 01

    Source

    A read-only scout agent walks your saved searches and lands qualified opportunities in the Hunter pipeline.

  2. 02

    Engage

    Quote, discovery workspace, and kickoff brief in one engagement record — with a budget guardrail watching cost-to-deliver from day one.

  3. 03

    Deliver

    A governed agent fleet does the work inside a provisioned client repo, seeded with a PR-reviewed, versioned, licensed agent pack.

  4. 04

    Hand off

    Deliverables tracked against acceptance, a client status portal behind secure tokened shares, and audit-grade evidence of everything that ran.

What your client sees

A live status portal — deliverables against acceptance criteria, progress without meetings, behind a secure time-bounded link. Self-serve intake with secure document upload. Evidence, not vibes.

What your firm sees

Realized margin per engagement — fixed fee against cost-to-deliver, priced from the same to-the-cent fleet telemetry. Budget guardrails at 70 / 90 / 100%. A portfolio control tower across every engagement.

Instrumentation

Everything above is shipped. So is all of this.

01

Cost limits

Graduated thresholds per session, UTC-day, actor, or agent type. Worker-evaluated — breaches notify exactly once, even if nobody opens the dashboard.

02

Policy simulation

30-day replay of real agent activity against any draft. See exactly what would have blocked before you publish.

03

Optimization recs

Ranked cost and speed recommendations with one-click model write-back — and realized-savings tracking after you apply them.

04

Agent topology

Declared agent team versus the invocation graph that actually ran, cross-session, with gap and drift overlays.

05

Stuck-session escalation

Three configurable tiers — warn, alert, flag — with per-stretch re-arming and snooze. Terminal flags mark work abandoned.

06

Evidence export

CSV, JSON, and PDF packets from the hash-chained ledger; PIN-gated auditor shares with email allowlists and trust banners.

07

Plugin gates

Write custom gates against a typed SDK; they run in a hardened subprocess sandbox, never inside the engine.

08

Seven-role access control

Delivery, compliance, sales, and operator seats with server-enforced route floors — pending invitees see nothing until seated.

What auditors see

A hash-chained ledger, exported on demand.

Every policy decision and agent action is written into a Postgres ledger whose rows chain by SHA-256. The chain is verified hourly. Reviewers get a PIN-gated, read-only, time-bounded share of the slice you authorise — never raw database access, never an opaque PDF you have to vouch for in person.

Run your fleet like it's production.Because it is.