Skip to main content
Claude Code supports MCP servers over HTTP transport. Point it at mcp-gate and every tools/call will be evaluated against your Sentrail policies before reaching the upstream server.

Prerequisites

  • A Sentrail workspace with an MCP server connected (Tools → MCP → Connect)
  • An API key with the mcp scope

Configuration

Add the following to your Claude Code MCP configuration file. The location depends on your setup:
  • Global: ~/.claude/mcp_servers.json
  • Project: .claude/mcp_servers.json in the project root
{
  "mcpServers": {
    "sentrail": {
      "url": "https://<project-ref>.supabase.co/functions/v1/mcp-gate/sse",
      "headers": {
        "Authorization": "Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "X-Agent-Id": "claude-code"
      },
      "transport": "sse"
    }
  }
}
Replace agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx with your actual API key.
Do not commit your API key to version control. Use environment variable substitution if your tooling supports it, or store the config outside the repository.

Verifying the connection

After saving the config, restart Claude Code and run: 
/mcp
You should see sentrail listed as a connected server with the tools from your upstream MCP server.

How it works

Claude Code sends all MCP calls to mcp-gate instead of your upstream server:
  1. initializemcp-gate responds with Sentrail server info and protocol version 2024-11-05
  2. tools/listmcp-gate fetches the tool list from your upstream server (cached 60 seconds) and returns it unchanged
  3. tools/callmcp-gate evaluates the call against your policies, then either forwards it, blocks it, or defers it
When a call requires approval, Claude Code receives a result with _meta.sentrail.status = "require_approval" and a message explaining that approval is needed. Claude Code will surface this to you. Poll the status endpoint or wait for the dashboard notification.

Agent identity

The X-Agent-Id: claude-code header identifies this connection in audit logs. You can create agent-specific policies using this ID: 
{
  "name": "Allow Claude Code to create issues",
  "tool": "mcp",
  "actionPattern": "*",
  "toolNamePattern": "create_issue",
  "conditions": { "allowedAgents": ["claude-code"] },
  "mode": "allow",
  "priority": 10
}

Troubleshooting

Check that the Sentrail MCP endpoint ends with /mcp-gate/sse. stdio is not supported by mcp-gate.
Verify the API key is valid, not expired, and has the mcp scope. Check Settings → API Keys in the dashboard.
Go to Tools → MCP in the dashboard and connect an upstream MCP server before using mcp-gate.