Claude Desktop Integration
Add policy enforcement to Claude Desktop's MCP connections.
Overview
Claude Desktop supports two types of MCP servers:
- HTTP servers - Remote servers accessed via URL
- Stdio servers - Local processes that communicate via stdin/stdout
Keypost supports both. HTTP servers work out of the box. For stdio servers, use the keypost-wrapper CLI.
HTTP servers
For MCP servers that expose an HTTP endpoint, simply replace the URL with your Keypost URL.
Before (direct connection)
{
"mcpServers": {
"my-server": {
"url": "https://my-mcp-server.com/mcp"
}
}
}After (via Keypost)
{
"mcpServers": {
"my-server": {
"url": "https://abc123xyz.keypost.ai/mcp"
}
}
}Stdio servers
For local MCP servers (like the official GitHub, Slack, or filesystem servers), use the keypost-wrapper CLI to add policy enforcement.
Update your config
Wrap your existing stdio command with keypost-wrapper:
{
"mcpServers": {
"github": {
"command": "npx",
"args": [
"keypost-wrapper",
"--keypost", "keypost-slug",
"--",
"npx", "-y", "@modelcontextprotocol/server-github"
],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_xxx"
}
}
}
}How it works
The wrapper intercepts MCP messages between Claude and the stdio server:
- Claude sends a request to the wrapper (via stdio)
- Wrapper sends request to Keypost for policy evaluation
- If allowed, wrapper forwards to the real MCP server
- Response flows back through the same path
Example: GitHub with rate limiting
Here's a complete example that adds rate limiting to the GitHub MCP server:
- Create a Keypost for the GitHub server
- Add a throttle policy: max 100 calls per hour
- Update your Claude Desktop config as shown above
Now Claude can only make 100 GitHub API calls per hour through this connection.
Troubleshooting
Connection refused
Make sure your Keypost URL is correct and the keypost is active in your dashboard.
Policy denied
Check the audit log to see which policy blocked the request and why.
Wrapper not found
Ensure keypost-wrapper is in your PATH, or use the full path in your config.