MCP Gateway / Governed Integration
Tools governed only when ingress is owned.
Keon MCP Gateway intercepts tool execution, binds tenant and actor identity, routes Decide before Execute, and emits receipt-rich lineage.
Purpose
Define the governed integration surface for MCP-compatible tool execution.
Primary question
How does a tool call enter Keon without creating a bypass?
Allowed
- MCP compatibility
- tenant and actor binding
- Decide then Execute
- receipt emission
Forbidden
- direct tool side channels
- standalone execution boundary
- identity-free calls
- best-effort governance
What It Does
Proof-oriented capabilities.
- Accepts existing MCP clients while adding a governed envelope around tool results.
- Binds tenant_id and actor_id through JWT or API-key identity before execution proceeds.
- Routes every tool call through Decide before Execute so authorization precedes effects.
- Emits durable ingress spine receipts with directive, intent, decision, execution, and outcome lineage.
What It Is Not
Boundary protected.
- MCP Gateway is not a separate authority system.
- MCP Gateway does not let tools execute around Runtime.
- MCP Gateway does not make MCP compatibility equivalent to governance.
Boundary Definition
Compatibility enters here. Authority still lives in Runtime.
The gateway is the governed ingress surface for MCP. It intercepts tool calls, injects identity and policy context, invokes Runtime, and returns receipt-backed structured content.
System Connections
Receives, outputs, never.
Receives from
MCP clients
tool calls from compatible agents and applications
Identity providers
tenant, actor, and scope claims
Runtime
policy decisions and execution authorization
Outputs to
Runtime
governed tool intents for Decide and Execute
Cortex
ingress receipts and causal lineage when persisted
MCP clients
structured content containing governance envelope and proof artifacts
Never does
executes directlydrops identitycreates side channels
Next Action