CyberCage Agent
The CyberCage Agent is a lightweight background service that runs on your development machine to protect MCP-enabled applications from security threats.
What the Agent Does
The agent:
- Runs quietly in the background as a system service
- Automatically detects MCP-enabled applications on your machine
- Monitors all MCP server communications in real-time
- Blocks malicious requests and responses based on your policies
- Synchronizes with the CyberCage Hub for threat detection and logging
See Applications for the full list of supported IDEs and AI coding assistants.
How It Works
Once installed, the agent:
- Discovers Applications - Finds MCP-enabled applications on your machine
- Intercepts MCP Traffic - Routes MCP communications through CyberCage for analysis
- Analyzes Threats - Checks requests and responses against your organization's policies
- Enforces Decisions - Blocks malicious activity and allows legitimate requests
- Logs Activity - Records all MCP traffic for audit and investigation
Agent Status
Check if your agent is running properly:
bash
cybercage statusThis shows:
- Whether the agent is running
- Number of protected applications
- Connection status
- Last synchronization time
Managing the Agent
Checking Agent Health
bash
# Check if agent is running and connected
cybercage status
# Check connectivity to CyberCage Hub
cybercage ping
# Force synchronization with Hub
cybercage sync --forceSystem Management
The agent runs as a system service and is managed by your operating system:
macOS:
bash
# The agent starts automatically on system boot
# To manually restart: sudo launchctl restart com.cybercage.daemonLinux:
bash
# The agent starts automatically via systemd
# To manually restart: sudo systemctl restart cybercageWindows:
bash
# The agent runs as a Windows service
# To manually restart: Use Services app or 'sc restart cybercage'Desktop Notifications
The agent provides real-time desktop notifications to keep you informed about security events:
Notification Types
| Type | Description |
|---|---|
| Threat Alerts | Immediate alerts when security threats are detected |
| Approval Requests | Notifications when new MCP servers need approval |
| Information | General status updates and important announcements |
Platform Support
Desktop notifications work natively on all supported platforms:
- macOS: Native notification center
- Windows: Toast notifications
- Linux: Desktop notifications via system notification service
Configuration
You can configure notification behavior in your agent settings:
- Enable/disable notifications by type
- Set rate limiting to prevent notification spam (default: 60 seconds between similar notifications)
Resource Usage
The agent is designed to run efficiently in the background:
- Low memory footprint
- Minimal CPU usage
- No noticeable impact on your development workflow
Troubleshooting
If you experience issues:
- Check agent status:
cybercage status - Force sync with Hub:
cybercage sync --force - Restart the agent using your OS service manager (see System Management above)
- Contact your organization administrator or support if problems persist
Next Steps
- Applications - Learn about supported applications and protection states
- MCP Servers - Understand MCP server management
- Policy & Threats - See what threats CyberCage protects against
- Dashboard Guide - Monitor agent status from the dashboard