Open Source

Security gateway for
MCP tool calls

Cordon sits between your LLM client and MCP servers — enforcing policies, logging every tool call, and pausing dangerous operations for human approval.

View on GitHub → Talk to us
✓ read_data("customers") allowed ✓ read_data("sessions") allowed   ⚠ APPROVAL REQUIRED Server : demo-db Tool : execute_sql Args : { "query": "DELETE FROM sessions WHERE expires_at < NOW()" }   [A]pprove [D]eny > _   ✗ drop_table("users") blocked by policy ✗ delete_file("/var/log/app") blocked by policy

MCP has no security model

MCP lets LLMs call real tools — query databases, write files, call APIs. That's powerful. But out of the box, there's nothing between the model and your production systems. No audit log. No way to block a class of operations. No human checkpoint before something irreversible runs.

You're just trusting the model. Cordon closes that gap.

How it works

Cordon is a transparent proxy. It requires no changes to your existing MCP servers or Claude Desktop config — cordon init handles the wiring.

Claude Desktop  ──stdio──▶  Cordon  ──stdio──▶  MCP server A
                                               ──stdio──▶  MCP server B
                                               ──stdio──▶  MCP server N

What you get

🛡

Policy enforcement

Block entire tool categories or specific tools by name. Reads pass, writes require approval — or block everything except an explicit allowlist.

Human-in-the-loop approvals

Dangerous operations pause and wait. Approve or deny from the terminal or a Slack channel before anything runs.

📋

Full audit log

Every tool call — args, result, policy decision, timestamp — logged to a file or shipped to the hosted dashboard.

☁️

Hosted dashboard

Centralized audit logs across your team. Manage API keys, view call history, export for compliance.

Get started in 2 minutes

Step 1 — Install
npm install -g cordon-cli
Step 2 — Initialize (patches Claude Desktop automatically)
cordon init
Step 3 — Configure your policy
// cordon.config.ts
import { defineConfig } from 'cordon-sdk';

export default defineConfig({
  servers: [
    {
      name: 'my-db',
      transport: 'stdio',
      command: 'npx',
      args: ['-y', '@my-org/db-mcp'],
      policy: 'approve-writes',
      tools: {
        drop_table: { action: 'block' },
      },
    },
  ],
});
Step 4 — Start
cordon start

Design partners

Deploying AI agents at your company?

We're looking for a handful of teams to work closely with as we build out the enterprise features — centralized policy management, SSO, compliance exports. Early partners shape the roadmap and get priority support.

Get in touch →