GitHubDashboard
Docs/Quickstart

Quickstart

Get your first governed MCP call running in under 5 minutes. Follow these steps to install the CLI, authenticate, and connect your first provider.

1
Install the CLI
Install the MCP Shield CLI globally or run with npx.
2
Authenticate
Log in to your MCP Shield account via the browser.
3
Connect a Provider
Connect your first integration like GitHub or Vercel.
4
Run Your First Call
Execute a governed MCP call through the proxy.
1

Install the CLI

The fastest way to get started is with npx. This downloads and runs the latest version:

npx @mcpshield/cli init
bash

Or install globally for repeated use:

npm install -g @mcpshield/cli
bash

Verify the installation:

mcp-shield --version
bash
2

Authenticate

Log in to your MCP Shield account. This opens your browser for secure authentication:

mcp-shield login

# Output:
# Opening browser for authentication...
# Waiting for confirmation...
# ✓ Authenticated as you@company.com
# ✓ Token saved to ~/.mcpshield/credentials
bash

Secure Authentication

MCP Shield uses secure browser-based OAuth. Your credentials are never stored in plain text and tokens are encrypted at rest.

For CI/CD environments, use a service account token instead:

# Set token via environment variable
export MCP_SHIELD_TOKEN=mcp_live_xxxxxxxxxxxxx

# Or pass directly
mcp-shield --token mcp_live_xxxxxxxxxxxxx providers list
bash
3

Connect a Provider

Connect your first integration. We will use GitHub as an example:

mcp-shield providers connect github

# Output:
# Opening browser to authorize GitHub...
# ✓ GitHub connected successfully
# Connected as: your-username
# Scopes: repo, read:org, read:user
bash

View your connected providers:

mcp-shield providers list

# Output:
# ┌──────────┬────────────┬───────────────────┬─────────────┐
# │ Provider │ Status     │ Connected As      │ Last Used   │
# ├──────────┼────────────┼───────────────────┼─────────────┤
# │ github   │ connected  │ your-username     │ Just now    │
# └──────────┴────────────┴───────────────────┴─────────────┘
bash
GitHub Setup GuideAll Integrations
4

Run Your First Governed Call

Now run an MCP tool through the governed proxy:

mcp-shield mcp invoke github:list_repos --limit 5

# Output:
# ┌─────────────────────────────┬─────────────────┬──────────────┐
# │ Repository                  │ Visibility      │ Last Updated │
# ├─────────────────────────────┼─────────────────┼──────────────┤
# │ your-username/project-a    │ public          │ 2 hours ago  │
# │ your-username/project-b    │ private         │ 1 day ago    │
# │ your-company/internal-tool │ internal        │ 3 days ago   │
# └─────────────────────────────┴─────────────────┴──────────────┘
#
# ✓ Policy: allowed (matched: default-allow-read)
# ✓ DLP: passed (no sensitive data detected)
# ✓ Audit: logged (event-id: evt_xxxxx)
bash

Every Call Is Governed

Notice the policy, DLP, and audit information. Every MCP call through MCP Shield is evaluated against your security policies and logged for compliance.

Configure Your AI Tools

Now configure your AI tools to use MCP Shield as the gateway. Generate a ready-to-use config:

// ~/.cursor/mcp.json
{
  "mcpServers": {
    "mcp-shield": {
      "url": "https://gateway.mcpshield.com/mcp",
      "headers": {
        "Authorization": "Bearer ${MCP_SHIELD_TOKEN}"
      }
    }
  }
}
json

Or generate it automatically:

mcp-shield config generate cursor

# Output:
# ✓ Config written to ~/.cursor/mcp.json
# Restart Cursor to apply changes.
bash

Next Steps

CLI Commands
Explore all available CLI commands and options.
Configure Policies
Set up security policies and DLP rules for your organization.
Add Integrations
Connect more providers like Vercel, Supabase, Figma, and more.
REST API
Integrate MCP Shield into your workflows via REST API.

You're all set!

Your AI tooling is now secured with MCP Shield. All MCP calls are being governed by your security policies and logged for compliance.

Open DashboardConfigure Policies