Skip to main content

Quickstart

This guide walks you through signing up, creating an organization, registering an MCP server, writing your first policy, and viewing tool calls in the audit trail.

1. Sign Up

Navigate to app.igris.dev/signup and create an account using email/password or OAuth (GitHub, Google). After signup you’ll be prompted to create your first organization.

2. Create an Organization

Every resource in Igris is scoped to an organization. Enter a name (e.g., “Acme AI Team”) and you’ll be assigned the owner role. You can invite teammates later under Settings → Members with roles:
  • Owner — full access, billing
  • Admin — manage servers, policies, compliance
  • Developer — view dashboard, manage own servers
  • CISO — compliance artifacts, audit trail
  • Auditor — read-only access to everything

3. Register an MCP Server

Go to Governance → Servers and click Add Server. Provide:
  • Name — a human-readable label (e.g., “Database Production”)
  • Server ID — a slug used in the proxy URL (e.g., db-production)
  • Upstream URL — where the real MCP server lives (e.g., http://localhost:5432/mcp)
Once created, Igris gives you a proxy URL: 
https://your-igris.fly.dev/proxy/db-production

4. Point Your MCP Client at the Proxy

Update your MCP client configuration to route through Igris. For example, in Claude Code’s .mcp.json: 
{
  "mcpServers": {
    "db-production": {
      "url": "https://your-igris.fly.dev/proxy/db-production",
      "headers": {
        "Authorization": "Bearer ig_your_api_key_here"
      }
    }
  }
}
Every tool call now flows through Igris before reaching the upstream server.

5. Create Your First Policy

Go to Governance → Policies and click Create Policy. Example: block all destructive database operations. 
{
  "serverId": "db-production",
  "name": "Block destructive ops",
  "rules": [
    { "tool": "delete_*", "action": "deny" },
    { "tool": "drop_*", "action": "deny" },
    { "tool": "truncate_*", "action": "deny" },
    { "tool": "*", "action": "allow" }
  ]
}
Rules are evaluated first match wins — the catch-all * at the end allows everything not explicitly denied.

6. Trigger a Tool Call

Use your MCP client as normal. Try calling a tool that matches your policy: 
# This will be ALLOWED — matches the catch-all
mcp call db-production read_users

# This will be DENIED — matches delete_*
mcp call db-production delete_user --id 42

7. View the Audit Trail

Go to Observe → Audit Events to see every tool call, including:
  • Timestamp
  • Tool name
  • Action taken (allowed / denied / alerted)
  • Server ID
  • Session ID
  • Latency
Denied calls show the policy rule that blocked them.

What’s Next?

Policy Deep Dive

Learn about glob patterns, rate limits, and alert actions.

Ingest Logs

Connect Portkey, Helicone, or other providers to unify your audit trail.

Compliance

Generate HIPAA BAAs, SOC 2 evidence, and regulatory documents.

Anomaly Detection

Set up rate spike and destructive pattern alerts.