Model Context Protocol (MCP) Integration Guide

Overview

MCP is a central protocol for connecting AI agents to tools, files, terminals, browsers, databases, and services. Cup’n’String provides managed MCP proxying, allowlists, audit logs, and policy controls.

Support level

Active Proxy & Shielding

What Cup’n’String detects

• MCP server registrations
• Local MCP server processes
• Tool definitions and invocation patterns where routed through the proxy

What it governs

• Tool-call allowlists/denylists
• File path access
• Shell execution
• Environment variables and secrets
• Outbound network calls from tools

Recommended policies

• Allowlist approved MCP servers
• Require explicit policy for shell and filesystem tools
• Redact secrets from tool arguments/results
• Audit all tool calls

Setup outline

1. Ensure the Cup’n’String agent is active.
2. Intercept local MCP server commands.
3. Configure the agent to proxy and filter tool calls based on context schema definitions.

Verification

Deploy a new MCP server and run a shell execution command through your client agent. Check that the command execution is captured and allowed/blocked appropriately.

Troubleshooting

If MCP connections time out, verify that the local socket or port configurations are open and not blocked by local host security rules.

Known limitations

Unmanaged direct connections may reduce visibility.