Quickstart
Get MCPShield running in 5 minutes. This guide walks you through installation, creating your first policy, and securing a Postgres connection.
1. Install MCPShield
npm install -g mcpshield2. Create a Policy File
Create policy.yaml with your allowed operations:
# policy.yaml
default: deny
allow:
- pattern: "SELECT * FROM products WHERE id = ?"
description: "Allow reading individual products"
- pattern: "SELECT * FROM orders WHERE user_id = ?"
description: "Allow reading user's orders"
- pattern: "INSERT INTO feedback (user_id, message) VALUES (?, ?)"
description: "Allow users to submit feedback"3. Start the Gateway
mcpshield gateway \
--policy policy.yaml \
--adapter postgres \
--connection "postgresql://user:pass@localhost/db" \
--audit audit.logMCPShield is now running as an MCP stdio server. Point your AI tool at it!
4. Test It
MCPShield will allow queries matching your policy and block everything else:
# ✅ ALLOWED
SELECT * FROM products WHERE id = 123
# ❌ BLOCKED
DROP TABLE usersClaude Code Setup
MCPShield works seamlessly with Claude Code as a drop-in replacement for direct MCP server connections.
Configure Claude MCP Settings
Edit your ~/.claude/mcp_settings.json:
{
"mcpServers": {
"postgres-secure": {
"command": "mcpshield",
"args": [
"gateway",
"--policy", "/path/to/policy.yaml",
"--adapter", "postgres",
"--connection", "postgresql://localhost/mydb",
"--audit", "/path/to/audit.log"
]
}
}
}Use in Claude Code
Claude will now route all database requests through MCPShield. You get full policy enforcement and audit logging automatically.
Policies
Policies define what operations are allowed. MCPShield uses deterministic pattern matching—no LLM interpretation, no surprises.
Policy Structure
default: deny # Start with nothing allowed
allow:
- pattern: "SELECT * FROM table WHERE id = ?"
description: "Human-readable description"
tags: ["read-only", "public-data"]
deny:
- pattern: "DROP TABLE *"
description: "Explicitly block dangerous operations"
audit_all: true # Log both allowed and denied requestsPattern Matching
- •
?matches a single parameter - •
*matches any value - •Patterns are case-sensitive by default
- •Exact matches are fastest; wildcards are evaluated in order
Adapters
Adapters translate MCP operations into backend-specific commands. MCPShield ships with adapters for Postgres, REST APIs, and more.
Postgres Adapter
--adapter postgres
--connection "postgresql://..."Secure SQL queries with pattern-based policies.
REST API Adapter
--adapter rest
--base-url "https://api.example.com"Control which endpoints AI can call.
Audits
Every request is logged with timestamp, operation, and decision. Audit logs are append-only and tamper-evident.
Audit Log Format
[2026-02-09T12:34:56Z] ALLOWED | SELECT * FROM products WHERE id = 42 | policy_match: allow[0]
[2026-02-09T12:35:01Z] BLOCKED | DROP TABLE users | reason: no_policy_match
[2026-02-09T12:35:12Z] ALLOWED | GET /api/public/status | policy_match: allow[3]What We Log
- ✓Timestamp (ISO 8601, UTC)
- ✓Decision (ALLOWED or BLOCKED)
- ✓Full operation/query attempted
- ✓Policy rule that matched (if any)
- ✗We do NOT log credentials or sensitive params
FAQ
Does MCPShield slow down my AI?
Policy evaluation adds <1ms overhead. Network latency to your backend dominates request time.
Can I use MCPShield in production?
Yes! MCPShield is designed for production. Start with read-only policies and expand as you gain confidence.
What if a query doesn't match any policy?
Default deny means it's blocked. MCPShield logs the attempt so you can decide whether to add it to your policy.
How do I write good policies?
Start restrictive (SELECT only, specific tables). Run in audit mode to see what your AI tries to do. Expand policies incrementally.
Is MCPShield open source?
The core gateway is open source (MIT). Enterprise features like SSO and custom adapters are commercial.