MCP (Model Context Protocol)
Register MCP gateways and tools, control which agents can access which capabilities, and enforce policies on all MCP tool invocations in real time.
Overview
MCP (Model Context Protocol) enables AI agents to discover and use external tools and data sources. Without governance, MCP creates a large, ungoverned attack surface — agents can invoke shell commands, read files, query databases, and call external APIs.
Rivaro governs MCP at the gateway level: every tool invocation passes through enforcement, detection runs on inputs and outputs, and access is controlled by detection keys.
Gateways and Tools
Rivaro uses a two-tier MCP model:
| Role | Description |
|---|---|
| Gateway | A governed MCP server entry point. Has its own detection key. Agents connect to the gateway — not directly to tools. The gateway controls which tools are accessible. |
| Tool | A specific capability bound to a gateway (e.g. file_read, database_query, web_search). Each tool has its own detection configuration and enabled detectors. |
Registration Workflow
Step 1: Create a gateway
POST /api/admin/mcp/configurations
{
"name": "Production MCP Gateway",
"role": "gateway",
"upstreamEndpoint": "https://your-mcp-server.internal/mcp",
"enabledDetectors": [
"PII Detection",
"Credentials Detection",
"Agent Tool Detection"
]
}
On creation, a detection key is generated and shown once. Copy it now — it cannot be retrieved again.
Step 2: Register tools
POST /api/admin/mcp/configurations
{
"name": "file_read",
"role": "tool",
"boundGateway": "Production MCP Gateway",
"enabledDetectors": [
"PII Detection",
"Credentials Detection"
]
}
Repeat for each tool. Tools that are not registered are not discoverable by agents connecting through the gateway.
Step 3: Configure your agent
Point your agent's MCP client at the Rivaro gateway with the detection key:
# Example: configuring an MCP client to use Rivaro as the gateway
mcp_client = MCPClient(
gateway_url="https://your-org.rivaro.ai/mcp",
headers={
"X-Detection-Key": "detect_live_your_mcp_key_here"
}
)
Configuration Fields
| Field | Description |
|---|---|
name | Gateway or tool name |
role | gateway or tool |
active | Whether this gateway/tool is enabled |
upstreamEndpoint | The upstream MCP server URL (gateways only) |
boundGateway | Which gateway this tool belongs to (tools only) |
boundTools | List of tool names bound to this gateway (gateways only) |
enabledDetectors | Risk categories to enforce (e.g. "PII Detection", "Agent Tool Detection") |
detectorCount | Number of active detectors on this configuration |
Access Control
Each gateway and tool has its own detection key. Only agents with the correct key can access a gateway or invoke a tool through it. Keys can be regenerated at any time — rotating a gateway key immediately revokes access for all agents using the old key.
# Regenerate a gateway's detection key
POST /api/admin/mcp/configurations/{configId}/regenerate-key
# Enable or disable a gateway/tool
POST /api/admin/mcp/configurations/{configId}/toggle
What Gets Detected
Every MCP tool invocation passes through the Rivaro detection engine. Tool calls generate AGENT_TOOL_* detection events that appear in the dashboard and in session history.
Rivaro also detects MCP-specific infrastructure risks via discovery:
| Detection type | What it catches |
|---|---|
INFRASTRUCTURE_MCP_PUBLIC_ENDPOINT | MCP server exposed to the internet without authentication |
INFRASTRUCTURE_MCP_DANGEROUS_TOOLS | MCP server exposing shell execution, database writes, or other high-risk capabilities |
INFRASTRUCTURE_SHADOW_AI_AGENT | MCP-connected agent running outside approved infrastructure |
Viewing MCP Activity
MCP tool invocations are visible in session history as MCP_TOOL events. Each event records the tool name, arguments, and any detections triggered. Aggregate statistics — total invocations, active gateways, active tools — are available at:
GET /api/admin/mcp/stats
Managing MCP Configurations
| Endpoint | Description |
|---|---|
GET /api/admin/mcp/configurations | List all gateways and tools |
POST /api/admin/mcp/configurations | Create a gateway or tool |
PUT /api/admin/mcp/configurations/{configId} | Update configuration |
DELETE /api/admin/mcp/configurations/{configId} | Delete (cascades to bound tools) |
POST /api/admin/mcp/configurations/{configId}/toggle | Enable or disable |
POST /api/admin/mcp/configurations/{configId}/regenerate-key | Rotate detection key |
GET /api/admin/mcp/stats | Invocation statistics |
Next steps
- Agent Tool Use detections — Full list of
AGENT_TOOL_*detection types - Sessions — How MCP_TOOL events appear in session history
- Discovery & Shadow AI — Find unregistered MCP servers in your environment
- Enforcement & Policies — Configure policies for tool invocation events