Connect to MCP Servers
Connect to external MCP servers via STDIO, HTTP, or SSE protocols with automatic retry logic
Overview
What is MCP?
Section titled “What is MCP?”Model Context Protocol (MCP) is an open standard that enables AI models to seamlessly discover and execute external tools at runtime. Instead of being limited to text generation, AI models can interact with filesystems, search the web, query databases, and execute custom business logic through external MCP servers.
DeepIntShield provides a comprehensive MCP integration that goes beyond simple tool execution:
- MCP Client: Connect to any MCP-compatible server (filesystem tools, web search, databases, etc.)
- MCP Server: Expose your connected tools to external MCP clients (like Claude Desktop)
- Agent Mode: Autonomous tool execution with configurable auto-approval
- Code Mode: Let AI write and execute Python to orchestrate multiple tools
Security-First Design
Section titled “Security-First Design”Key Security Principles:
| Principle | Description |
|---|---|
| Explicit Execution | Tool calls from LLMs are suggestions only - execution requires separate API call |
| Granular Control | Filter tools per-request, per-client, or per-virtual-key |
| Opt-in Auto-execution | Agent mode with auto-execution must be explicitly configured |
| Stateless Design | Each API call is independent - your app controls conversation state |
Key Capabilities
Section titled “Key Capabilities”OAuth Authentication
Secure OAuth 2.0 authentication with automatic token refresh
Tool Execution
Execute tools with full control over approval and conversation flow
Agent Mode
Enable autonomous tool execution with configurable auto-approval
Code Mode
Let AI write Python to orchestrate multiple tools in one request
Connection Resilience
Transient failures recover on their own and disconnected servers reconnect automatically
MCP Gateway URL
Expose DeepIntShield as an MCP server for Claude Desktop and other clients
Tool Filtering
Control which tools are available per request or per virtual key
Two roles you can use
Section titled “Two roles you can use”DeepIntShield works as an MCP client (you connect it to external tool servers) and, in the Gateway deployment, as an MCP server (you expose your aggregated tools to external clients like Claude Desktop).
- To connect to external tool servers, see Connecting to MCP Servers.
- To expose your tools to Claude Desktop / Cursor, see MCP Gateway URL.
The default tool-calling workflow
Section titled “The default tool-calling workflow”By default DeepIntShield does not execute tool calls automatically - you stay in control. The workflow you implement is:
POST /v1/chat/completions- the model returns tool-call suggestions (not executed).- Review the tool calls - apply your security rules or ask the user to approve.
POST /v1/mcp/tool/execute- execute the approved tool calls.POST /v1/chat/completions- continue the conversation with the tool results.
This gives you explicit approval gates, no accidental writes/deletes to external services, and a full audit trail. See Tool Execution for the end-to-end code. To let approved tools run automatically instead, enable Agent Mode.
When to use Code Mode
Section titled “When to use Code Mode”If you connect 3+ MCP servers, turn on Code Mode. It keeps the model’s context compact and typically cuts token cost by ~50% and latency by 40-50% on multi-step workflows, because the model writes one short script instead of round-tripping through every tool definition. Enable it per client - see Code Mode.
Next Steps
Section titled “Next Steps”Connect to MCP Servers
Section titled “Connect to MCP Servers”Set up your first MCP client connection →
Choose Authentication (if needed)
Section titled “Choose Authentication (if needed)”Learn about header-based and OAuth 2.0 authentication →
Enable Code Mode (for 3+ servers)
Section titled “Enable Code Mode (for 3+ servers)”Learn how Code Mode reduces costs by 50% →
Execute Tools
Section titled “Execute Tools”Learn the tool execution workflow →