MCP Servers
MCP (Model Context Protocol) servers are services that provide tools and resources to AI assistants, enabling them to interact with external systems like GitHub, databases, file systems, and APIs.
What Are MCP Servers?
An MCP server is a program that:
- Implements the Model Context Protocol specification
- Provides tools (functions) and resources (data) to AI assistants
- Enables AI to interact with external systems safely
- Can be written in any programming language
Common examples:
- GitHub repository access
- File system operations
- Database queries
- HTTP requests
- Custom servers built by your team
Server Approval Workflow
All MCP servers must be approved before they can run. This protects your environment from unauthorized or malicious servers.
How It Works
- Detection - When a new MCP server is configured, CyberCage detects it automatically
- Blocking - Unknown servers are blocked until approved
- Review - Administrators review server details in the Dashboard
- Decision - Admins approve safe servers or block suspicious ones
- Enforcement - Decision applies across your entire organization
Approval States
| State | Description | User Impact |
|---|---|---|
| Pending | Awaiting admin review | Cannot use server |
| Approved | Safe to use | Server runs normally |
| Blocked | Deemed unsafe or unnecessary | Cannot use server |
Managing Servers in the Dashboard
The MCP Catalog in your Dashboard is where you manage all servers:
Server Details
Each server shows:
- Name and description
- Which application uses it
- Who requested it
- When it was first detected
- Current approval status
Admin Actions
- Approve - Allow the server to run
- Block - Prevent the server from running
- Review - Examine server details before deciding
Filtering Options
Find servers quickly by:
- Status (Pending, Approved, Blocked)
- Application (Claude, VS Code, etc.)
- User who requested
- Date detected
Server Transport Types
MCP servers can communicate using different transport protocols:
STDIO (Standard Input/Output)
- Most common - Used by majority of MCP servers
- Direct communication between IDE and server
- Server runs as a local process
- Examples: File system access, local tools
SSE (Server-Sent Events)
- Network-based - For remote or cloud-hosted servers
- Uses HTTP/HTTPS for communication
- Supports real-time streaming
- Examples: Cloud APIs, remote services
Why Transport Matters
- STDIO servers run locally on your machine
- SSE servers can run anywhere with network access
- Both are fully monitored and protected by CyberCage
- The transport type doesn't affect security - all traffic is analyzed
Auto-Approval Across Devices
Once approved, a server with the same configuration is automatically approved on all devices in your organization. This means:
- Approve once, works everywhere
- No repeated approvals for the same server
- Consistent security across your team
Blocking Servers
When to Block
Consider blocking a server if:
- It's from an untrusted source
- It requests excessive permissions
- Threat reports show malicious behavior
- It's no longer needed by your team
- Compliance policies prohibit it
What Happens When Blocked
When you block a server:
- All users immediately cannot use it
- Active instances are terminated
- Users see a clear error message
- An audit trail is created
Best Practices
For Administrators
Review Pending Servers Promptly
- Check the MCP Catalog daily
- Don't let legitimate work get blocked
- Set up notifications for new servers
Document Your Decisions
- Add notes when approving or blocking
- Reference relevant policies
- Help your team understand why
Regular Audits
- Review approved servers periodically
- Remove unused servers
- Update policies as needed
For Developers
Use Trusted Servers
- Prefer official MCP servers when available
- Verify community servers before use
- Document custom servers thoroughly
Communicate with Your Admin
- Explain why you need a specific server
- Provide documentation links
- Report any suspicious behavior
Troubleshooting
Checking System Status
Use the CyberCage CLI to verify your system is working correctly:
bash
cybercage statusThis command shows:
- Daemon online/offline status
- Hub connectivity status
- Protected applications count
- Monitored servers list
- Last sync time
If you need to force a sync with the Hub:
bash
cybercage sync --forceCommon Issues and Solutions
Server Stuck in Pending
If a server remains pending:
- Check system status:
cybercage status - Verify Hub connection is active
- Contact your organization administrator to review and approve
- If sync appears stale, run:
cybercage sync --force
Approved Server Still Blocked
If an approved server won't run:
- Restart your application (configuration reload required)
- Force sync to get latest approvals:
cybercage sync --force - Check daemon status:
cybercage status - Wait 30 seconds for changes to propagate
- Contact your administrator if issue persists
Need a Server Approved Quickly
For urgent approvals:
- Contact your organization administrator directly
- Provide:
- Server name and purpose
- Business justification
- Link to server documentation
- Administrator will review in Dashboard and approve if appropriate
Getting Support
For Individual Developers
- First line of support: Contact your organization administrator
- They will: Review server approvals, adjust policies, and escalate if needed
- Provide them with: Output from
cybercage statusand description of the issue
For Organization Administrators
- Dashboard Support: Access in-app support from your Dashboard
- Email Support: contact@cybercage.io
- Include in your request:
- Organization name
- Output from
cybercage status - Screenshot of the issue from Dashboard
- Steps to reproduce the problem
Emergency Support
For critical security incidents:
- Security Hotline: Available for Enterprise customers
- Email: contact@cybercage.io
- Include: Threat details, affected users, and immediate impact
Next Steps
- CyberCage Agent - How the agent protects servers
- Policy & Threats - Understanding threat detection
- Dashboard Guide - Managing servers in the UI