Skip to contentAgent? Read agent.txt
DocumentationChangelog

MCP Server

Connect your agent to Decoy Guard so it can query your workspace — triggers, agents, scans, threat intel — as MCP tools.

Decoy Guard is a hosted MCP server. You don't install it — you point your agent at a URL with your workspace token, and Guard's tools show up in the agent's catalog.

Endpoint

POST https://app.decoy.run/guard/{token}

Grab your token from the dashboard. Guard speaks MCP over HTTP using JSON-RPC 2.0 (protocol version 2024-11-05).

Claude Desktop / Cursor / Windsurf

If your client supports HTTP transport, point it directly at the URL:

{
  "mcpServers": {
    "decoy-guard": {
      "url": "https://app.decoy.run/guard/YOUR_TOKEN"
    }
  }
}

For clients that only speak stdio, use an MCP HTTP bridge such as mcp-remote:

{
  "mcpServers": {
    "decoy-guard": {
      "command": "npx",
      "args": ["mcp-remote", "https://app.decoy.run/guard/YOUR_TOKEN"]
    }
  }
}

Tools exposed

Guard scopes tools to your plan. Free workspaces see five read-only tools; Pro and Business unlock the full catalog. See Guard overview for the full tool list.

Security

  • Tokens are scoped to a single workspace. Revoke any token from the dashboard without affecting others.
  • Every Guard request is logged against your workspace audit trail.
  • The endpoint enforces per-tier rate limits and returns -32000 on an invalid or revoked token.