KeypostKeypost

Claude Code Integration

Add policy enforcement to Claude Code's MCP connections.

Overview

Claude Code is Anthropic's official CLI for Claude. It supports MCP servers through its settings configuration. Keypost works with both HTTP and stdio MCP servers in Claude Code.

Configuration

Claude Code stores MCP configuration in ~/.claude/settings.json. You can also configure servers via the /mcp command within Claude Code.

HTTP servers

For MCP servers with HTTP endpoints, replace the URL with your Keypost URL:

{
  "mcpServers": {
    "my-server": {
      "url": "https://abc123xyz.keypost.ai/mcp"
    }
  }
}

Stdio servers

For local MCP servers, use keypost-wrapper to add policy enforcement:

Install the wrapper

# macOS/Linux
curl -fsSL https://keypost.ai/install.sh | sh

# Or build from source
cargo install keypost-wrapper

Configure in settings.json

{
  "mcpServers": {
    "github": {
      "command": "keypost-wrapper",
      "args": [
        "--keypost-url", "my-github-keypost",
        "--",
        "npx", "-y", "@modelcontextprotocol/server-github"
      ],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxx"
      }
    }
  }
}

The --keypost-url accepts either a slug (e.g., my-github-keypost) which defaults to https://my-github-keypost.keypost.ai, or a full URL for local development.

Example: Filesystem with access control

Protect sensitive directories when using the filesystem MCP server:

  1. Create a Keypost for the filesystem server
  2. Add a parameter constraint policy to block paths containing .ssh, .aws, or .env
  3. Add a throttle policy to limit file operations
{
  "mcpServers": {
    "filesystem": {
      "command": "keypost-wrapper",
      "args": [
        "--keypost-url", "my-fs-keypost",
        "--",
        "npx", "-y", "@modelcontextprotocol/server-filesystem", "/home/user/projects"
      ]
    }
  }
}

Example: GitHub with rate limiting

Prevent excessive GitHub API usage:

  1. Create a Keypost for GitHub
  2. Add a throttle policy: max 50 calls per hour
  3. Add an access control policy to block destructive operations like delete_repository

Using the /mcp command

You can also configure MCP servers interactively within Claude Code using the /mcp command. The configuration will be saved to your settings file.

Troubleshooting

Wrapper not found

Ensure keypost-wrapper is installed and in your PATH. You can verify with:

which keypost-wrapper

Connection errors

Check that your Keypost slug is correct and the keypost is active in your dashboard. For local development, use the full URL:

"--keypost-url", "http://localhost:8080/my-keypost"

Policy denied

Check the audit log in your Keypost dashboard to see which policy blocked the request.