Architecture

How the QuilrAI MCP Gateway processes every tool call - from your AI agent to the MCP server and back.

Your AI Agent

// claude_desktop_config.json
{
"mcpServers": {
  "github": {
    "url": "https://mcp.quilr.ai/mcp/github/"
  }
}
}

QuilrAI MCP Gateway

Authenticate

Bearer Token

API token auth

mcpuser identity header

Agent-scoped tokens

OAuth

Dynamic Client Registration

Manual client credentials

Auto token refresh

Authorize

Agent Access

Per-MCP agent mapping

User-Agent detection

Custom agent support

Tool Controls

Risk categorization

Per-tool enable/disable

Hidden when disabled

Scan

PII / PHI / PCI

Contextual detection

Block / redact / anonymize

Adversarial Detection

Prompt injection

Jailbreak detection

Context corruption

Policy (Web Search)

Domain Filtering

URL filter rules

Category blocking

Group-based policies

Enterprise Gateways

Zscaler ZIA

Palo Alto Prisma Access

FortiGate

Cisco Umbrella

Connect

OAuth → Token

Gateway holds OAuth creds

Agents use Bearer token

Auto token refresh

Token → Token

Direct token passthrough

Gateway manages keys

Credential rotation

No Auth → OAuth

Gateway adds auth layer

Secures open MCPs

OAuth / token required

Logging · Authorization · Tool Safety · Token Optimization

MCP Servers

GitHub (OAuth)Slack (OAuth)Jira (Token)Web Search (Built-in)Internal APIs (No Auth)Custom MCPs

QuilrAI

Pipeline Stages

Every MCP tool call flows through these stages in order. Each stage is independently configurable from the dashboard.

Stage	Description	Details
Bearer Token / OAuth	Authenticates the agent via API token or OAuth (DCR or manual credentials).	API Tokens → · OAuth Connect →
Agent Access	Controls which agents can access each MCP server. Matches User-Agent headers.	Access Control → · Agents Configuration →
Tool Controls	Categorizes tools by risk level and lets admins enable or disable each tool individually.	Tools Management →
Security Guardrails	Detects PII, PHI, PCI, and financial data. Catches prompt injection, jailbreak, and social engineering.	Security Guardrails →
Web Search Policy	Enforces enterprise domain filtering rules on web search tool calls via connected security gateways.	Web Search Policy →
Auth Mediation	Converts between auth modes - handles OAuth for token-only agents, adds auth to unauthenticated MCPs.	Integration Guide →

Response Path

Responses from MCP servers pass back through the security guardrails for output scanning before being returned to your agent. The same detection categories and configurable actions (block, redact, anonymize, monitor) apply to both tool call inputs and outputs.

Auth Mediation

The gateway decouples agent authentication from MCP server authentication, supporting three conversion modes:

Mode	Agent Connects With	MCP Server Requires	Gateway Handles
OAuth → Token	Bearer token	OAuth 2.0	Holds OAuth credentials, manages token refresh
Token → Token	Bearer token	API token	Manages and relays credentials
No Auth → OAuth	OAuth / Bearer token	No authentication	Adds auth layer in front of open MCPs

Observability

Every tool call is logged with latency, guardrail actions, and agent identity. Use the dashboard to review request history, the MCP Gateway Log Export API to export logs programmatically, and per-agent usage statistics to monitor adoption.