Claude Code / MCP
Screen every MCP tool call through the safety shield. Works with Claude Code, Cursor, and Windsurf.
Step 1: Install the MCP proxy
npm install -g tyga-mcp-proxy
Then add it to your MCP configuration. For Claude Code, edit ~/.claude/mcp.json:
{
"mcpServers": {
"my-server": {
"command": "tyga-mcp-proxy",
"args": ["--api-key", "a2a_YOUR_KEY", "--", "node", "my-server.js"]
}
}
}
The -- separates proxy args from your MCP server command. Everything after -- is the server that gets wrapped.
Step 2: How it works
The proxy spawns your MCP server as a subprocess and pipes stdio through the safety shield:
// What happens under the hood: // 1. MCP client sends tools/call { "name": "shell", "arguments": { "command": "rm -rf /" } } // 2. tyga-mcp-proxy intercepts the JSON-RPC message // 3. Extracts the command, runs Gate 1 (regex denylist, <5ms) // 4. If --api-key set: also runs Gate 2 (LLM judge via /v1/evaluate) // 5. If allowed → forward to your MCP server // 6. If blocked → return error to client, command never runs
Local mode (no API key)
Gate 1 only. Zero latency, zero cost. No network calls.
tyga-mcp-proxy -- node my-server.js
Cloud mode (with API key)
Gate 1 + Gate 2 + OCSF audit trail.
tyga-mcp-proxy --api-key a2a_YOUR_KEY -- node my-server.js
Step 3: Verify
Test the proxy directly from the command line:
# Check the proxy starts and shows help: npx tyga-mcp-proxy --help # Usage: tyga-mcp-proxy [options] -- <mcp-server-command> [args...] # Test Gate 1 locally (Node.js): node -e " const { SafetyShield } = require('tyga-mcp-proxy'); const fw = new SafetyShield(); console.log(fw.evaluate('rm -rf /')); // { allowed: false, reason: 'Safety Gate 1: matched [rm\\s+-rf\\s+\\/]' } console.log(fw.evaluate('ls -la')); // { allowed: true } "
For Cursor or Windsurf, add the same server block to their respective MCP config files.
Gate 1 runs locally with 38 built-in denylist patterns (free, no API key needed). Set
A2A_API_KEY for Gate 2 (LLM judge) + OCSF audit trail.