◆ Igris Sentinel

Govern Every MCP Tool Call Your AI Agents Make — in Real Time

Igris Sentinel is the MCP gateway from Igris Security. Add the SDK to your AI agent application and every tool call is instantly governed: RBAC policies enforced, upstream credentials injected, unauthorized calls blocked, and every interaction logged — with less than 1ms of overhead and a single function call.

Request a Demo Read the Docs

SDK-First

Integration

Deny-by-Default

Security

<1ms

Latency

AES-256

Encryption

RBAC

Policies

◆ Capabilities

Built for Runtime Governance

Seven core capabilities that give your security team complete control over what your AI agents can and cannot do

MCP Connections — Encrypted Credential Vault

Store upstream API keys, tokens, and certificates in the Igris Sentinel credential vault — encrypted at rest with AES-256-GCM. Your SDK users and agents never see real upstream secrets.

RBAC Policy Engine

Define who can call what, and under what conditions. First-match-wins rule evaluation with metadata conditions on role, team, environment, and any custom field. One policy, enforced on every call.

Deny-by-Default Security Posture

No rule = no access. Every MCP tool call must be explicitly allowed by a policy rule. Unknown tools, unknown users, and unrecognized conditions are blocked automatically.

Credential Injection

Igris Sentinel strips your users' API key from outbound requests and injects the secure upstream credential from the vault. Your MCP users only ever interact with Sentinel — never with the upstream server directly.

Real-Time Call Blocking & Session Kill Switch

Block individual tool calls based on policy, or instantly suspend an entire user session from the Igris Lens dashboard. Stop suspicious activity in seconds without touching your agent code.

Token Usage & User Management

Track token consumption per user, per connection, and per team. Set budget limits. Manage user access, roles, and onboarding directly from the Igris Security dashboard.

Complete Audit Trail

Every tool call is logged with user identity, trace ID, tool name, action taken, policy decision, and latency. Filter, search, and export directly from Igris Lens.

Alert Dispatch

Real-time alerts via Slack and Discord webhooks. Configurable per event type: policy denials, anomalies, session suspensions. Block Kit formatting for Slack, embed formatting for Discord.

Anomaly Detection

Detects unusual tool call patterns using rolling window statistics. Volume spikes, unusual tool usage, and pattern deviation — all flagged automatically without blocking the request path.

◆ How It Works

Running in 3 Steps

From SDK install to governed MCP calls in under five minutes

Install the Igris Sentinel SDK

One command adds Igris Sentinel governance to your application. The SDK handles authentication, config generation, connection management, and automatic retries.

# Install the SDK
npm install @igris/sdk

# Initialize
import { Igris } from "@igris/sdk";

const igris = new Igris({
  apiKey: process.env.IGRIS_API_KEY,
});

Define Your RBAC Policies

Create deny-by-default policies with metadata conditions using the Igris Security JSON policy DSL or the no-code policy builder in the dashboard. Policies take effect immediately — no restart required. Or configure policies visually in the Igris dashboard — no code required.

// Policy with metadata conditions
{
  "name": "Intern safety guardrails",
  "connection": "vk_github_prod",
  "rules": [
    {
      "tool": "delete_*",
      "action": "deny",
      "conditions": { "role": "intern" }
    },
    { "tool": "*", "action": "allow" }
  ]
}

Every Tool Call is Now Governed

Call igris.getMcpConfig() to get a signed URL for your MCP client. From this point forward, every tool call flows through Igris Sentinel — policies enforced, credentials injected, and a full audit trail recorded in Igris Lens.

// Get governed config
const config = igris.getMcpConfig(
  "vk_github_prod",
  {
    user: "alice@company.com",
    metadata: { role: "developer" },
  }
);

// Use with any MCP client
const client = new McpClient({
  transport: new StreamableHttp(
    config.url,
    { headers: config.headers }
  ),
});

◆ Use Cases

Built for Every Team

AI Security Teams

CISOs, Security Architects

Get complete visibility and control over every MCP tool your AI agents can reach. Set organizational RBAC policies, enforce metadata-based access control, and receive real-time alerts for policy violations.

Prevent data exfiltration via over-permissioned MCP tools
Role-based access control with metadata conditions
Real-time anomaly detection and session kill switch

Platform Builders & SaaS Companies

Engineering & Product Teams

Add enterprise-grade MCP governance to the AI product you are shipping. Give your customers multi-tenant policy isolation, per-user credential management, and a complete audit trail — without building it yourself.

Per-tenant credential vault and policy isolation
Scoped API keys with usage metering
White-label-ready audit trail and reporting

Compliance & Legal Teams

Compliance Officers, Legal Counsel

Maintain an auditable, immutable record of every action your AI agents take via MCP. Demonstrate that your AI systems operate within defined policies and regulatory requirements at all times.

Full audit trail export with user attribution
Policy version history for change management
Compliance-ready reports via Igris Lens

◆ Get Started

Start Governing Your AI Agents Today

Igris Sentinel is available as a managed cloud service or self-hosted. Get up and running in minutes with the SDK quickstart.

Request a Demo View All Igris Security Products