MCP gateway

Drop AxioRank between an MCP client and an MCP server. Every tools/call is inspected by the same content-risk + policy engine as the SDK before it reaches the upstream, and written to a redacted audit log — governance by changing one config block.

Local (stdio) servers

For servers your client launches locally, wrap the command with the @axiorank/mcp-gateway shim.

1. In the dashboard: Outbound → MCP Gateway → Add MCP Server, choose Local (stdio shim), pick the governing agent, and copy the slug.
2. Wrap your server command in your client config (claude_desktop_config.json, Cursor mcp.json, …):

{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@axiorank/mcp-gateway", "--", "npx", "-y", "@modelcontextprotocol/server-github"],
      "env": {
        "AXIORANK_KEY": "axr_live_xxxxxxxxxxxxxxxx",
        "AXIORANK_SERVER": "github-mcp",
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_..."
      }
    }
  }
}

Everything after -- is your upstream server command, launched and managed by the shim. Only the (server-side redacted) call arguments ever leave your machine.

Environment

Remote (Streamable HTTP) servers

You don't need the shim. Register the server in the dashboard and point your client's HTTP transport at the gateway URL AxioRank generates for it.

Next steps

• Gateway API — the underlying verdict contract.
• Content-inspection engine — what each call is scored against.