Skip to main content

Architecture

How the QuilrAI MCP Gateway processes every tool call - from your AI agent to the MCP server and back.

Your AI Agent
// claude_desktop_config.json
{
"mcpServers": {
  "github": {
    "url": "https://mcp.quilr.ai/mcp/github/"
  }
}
}
QuilrAI MCP Gateway
Authenticate
Bearer Token
API token auth
mcpuser identity header
Agent-scoped tokens
OAuth
Dynamic Client Registration
Manual client credentials
Auto token refresh
Authorize
Agent Access
Per-MCP agent mapping
User-Agent detection
Custom agent support
Tool Controls
Risk categorization
Per-tool enable/disable
Hidden when disabled
Scan
PII / PHI / PCI
Contextual detection
Exact data matching
Block / redact / anonymize
Adversarial Detection
Prompt injection
Jailbreak detection
Context corruption
Policy (Web Search)
Domain Filtering
URL filter rules
Category blocking
Group-based policies
Enterprise Gateways
Zscaler ZIA
Palo Alto Prisma Access
FortiGate
Cisco Umbrella
Connect
OAuth → Token
Gateway holds OAuth creds
Agents use Bearer token
Auto token refresh
Token → Token
Direct token passthrough
Gateway manages keys
Credential rotation
No Auth → OAuth
Gateway adds auth layer
Secures open MCPs
OAuth / token required
Logging · Authorization · Tool Safety · Token Optimization
MCP Servers
GitHub (OAuth)Slack (OAuth)Jira (Token)Web Search (Built-in)Internal APIs (No Auth)Custom MCPs
QuilrAI

Pipeline Stages

Every MCP tool call flows through these stages in order. Each stage is independently configurable from the dashboard.

StageDescriptionDetails
Bearer Token / OAuthAuthenticates the agent via API token or OAuth (DCR or manual credentials).API Tokens → · OAuth Connect →
Agent AccessControls which agents can access each MCP server. Matches User-Agent headers.Access Control → · Agents Configuration →
Tool ControlsCategorizes tools by risk level and lets admins enable or disable each tool individually.Tools Management →
Security GuardrailsDetects PII, PHI, PCI, and financial data. Catches prompt injection, jailbreak, and social engineering.Security Guardrails →
Web Search PolicyEnforces enterprise domain filtering rules on web search tool calls via connected security gateways.Web Search Policy →
Auth MediationConverts between auth modes - handles OAuth for token-only agents, adds auth to unauthenticated MCPs.Integration Guide →

Response Path

Responses from MCP servers pass back through the security guardrails for output scanning before being returned to your agent. The same detection categories and configurable actions (block, redact, anonymize, monitor) apply to both tool call inputs and outputs.

Auth Mediation

The gateway decouples agent authentication from MCP server authentication, supporting three conversion modes:

ModeAgent Connects WithMCP Server RequiresGateway Handles
OAuth → TokenBearer tokenOAuth 2.0Holds OAuth credentials, manages token refresh
Token → TokenBearer tokenAPI tokenManages and relays credentials
No Auth → OAuthOAuth / Bearer tokenNo authenticationAdds auth layer in front of open MCPs

Observability

Every tool call is logged with latency, guardrail actions, and agent identity. Use the dashboard to review request history and monitor per-agent usage statistics.