Skip to main content

Proxy Setup

The Igris MCP Governance Proxy sits between your MCP clients and upstream MCP servers. Every tool call passes through Igris for policy evaluation, audit logging, and anomaly detection.

Proxy URL Format

Once you register a server in Igris, your proxy URL is: 
https://your-igris.fly.dev/proxy/{serverId}
Replace your-igris.fly.dev with your Igris deployment domain and {serverId} with the server’s slug.

Authentication

The proxy accepts two authentication methods:
  1. API Key (recommended for MCP clients) — pass in the Authorization header: 
    Authorization: Bearer ig_your_api_key_here
  2. Session Cookie — if the request comes from a browser context with a valid igris.session_token cookie.
Generate API keys in the dashboard under Settings → API Keys.

Client Configuration

Claude Code

Edit your .mcp.json (project-level) or ~/.claude/mcp.json (global): 
{
  "mcpServers": {
    "my-database": {
      "url": "https://your-igris.fly.dev/proxy/my-database",
      "headers": {
        "Authorization": "Bearer ig_abc123..."
      }
    }
  }
}

OpenCode

In your opencode.json: 
{
  "mcp": {
    "my-database": {
      "type": "remote",
      "url": "https://your-igris.fly.dev/proxy/my-database",
      "headers": {
        "Authorization": "Bearer ig_abc123..."
      }
    }
  }
}

Cursor

In Cursor’s MCP settings (.cursor/mcp.json): 
{
  "mcpServers": {
    "my-database": {
      "url": "https://your-igris.fly.dev/proxy/my-database",
      "headers": {
        "Authorization": "Bearer ig_abc123..."
      }
    }
  }
}

Generic MCP Client

Any MCP client that supports HTTP transport can use the proxy. Point the server URL to the Igris proxy and include the API key header.

What the Proxy Does

For every incoming tool call, the proxy:
  1. Authenticates the request
  2. Resolves the organization and server
  3. Creates or resumes an agent session
  4. Evaluates governance policies (first match wins)
  5. Executes the policy action (allow, deny, or alert)
  6. Runs anomaly detection checks
  7. Forwards to upstream (if allowed) and returns the response
  8. Writes an audit event and broadcasts via SSE

Tool Discovery

The proxy supports MCP’s tools/list method. When your client requests available tools, Igris forwards the request to the upstream server, returns the tool list, and caches it for future reference. You can also view discovered tools in the dashboard under Governance → Servers → [server] → Tools.

Latency

The proxy adds minimal overhead — typically 5-15ms for policy evaluation and audit logging. Policy rules are cached in Redis to avoid database lookups on every request.

Troubleshooting

IssueSolution
401 UnauthorizedCheck your API key is valid and hasn’t been revoked
404 Not FoundVerify the server ID matches a registered server
403 Policy DeniedA deny policy matched the tool call — check Audit Events for details
502 Bad GatewayIgris can’t reach the upstream MCP server — verify the upstream URL
503 Session SuspendedThe session’s kill switch is active — resume it in the dashboard