How MCP Interception Works
Guardrly uses the Model Context Protocol (MCP) to intercept API calls at the source — before they reach external platforms.
The MCP Layer
When you install Guardrly, it registers two MCP tools:
make_http_request
Replaces the default HTTP tool. Every HTTP call your Agent makes goes through Guardrly first.
agentwatch_log_reasoning
Allows your Agent to log its decision reasoning before taking high-risk actions. This creates a human-readable audit trail.
Interception Flow
AI Agent
→ make_http_request(url, method, headers, body)
→ Guardrly MCP Server
→ Platform detection (shopify/meta/stripe/generic)
→ PII scrubbing (Authorization headers, tokens, emails)
→ Endpoint normalization (/products/123 → /products/{id})
→ Risk assessment (0–3 scale)
→ Local SQLite queue
→ Original API endpoint (request forwarded unchanged)
→ Response returned to Agent
Background (every 30s):
→ Log shipper sends queue to cloud API
→ Semantic parser labels operations
→ Alert engine evaluates 8 rules
→ Notifications sent if needed
Zero Performance Impact
The interception adds less than 5ms latency. All processing is async. Your Agent never waits for cloud operations.
Supported Platforms
| Platform | Detection | Semantic Rules |
|---|---|---|
| Shopify Admin API | myshopify.com hostname | 50 rules |
| Meta Ads API | graph.facebook.com | 50 rules |
| Generic HTTP | All other URLs | Basic logging |