ThornGuard

Name: ThornGuard
Author: app.qwady.thorns

Put a security gateway in front of remote MCP traffic so auth, PII redaction, policies, and audit logs apply before tools hit production systems.

Overview

ThornGuard is a MCP server for the Ship phase that acts as a remote security gateway for MCP with auth, redaction, policy enforcement, and audit logging.

What is this MCP server?

Remote MCP security gateway: authentication in front of tool calls
Automatic redaction and policy enforcement on MCP traffic
Audit logging for compliance and incident review
Documented quickstart at qwady.wiki/thornguard
Version 0.1.0 with official MCP server schema metadata

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Connecting agents to powerful MCP tools without a gateway means one prompt can exfiltrate secrets or call disallowed endpoints with no durable audit trail.

Who is it for?

Builders exposing multiple remote MCP tools to teammates or customers who need redaction, policy gates, and centralized auth.

Skip if: Solo devs running a single local MCP server on a laptop with no shared access or compliance obligations.

What do I get? / Deliverables

MCP requests pass through enforced policies and logged reviews before they reach your production integrations.

Authenticated MCP traffic through the ThornGuard gateway
Policy-enforced tool calls with audit log records for review

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Shipping agent tooling to users without a control plane for MCP calls is where data leaks and policy violations surface—ThornGuard belongs on the security shelf before wide rollout. Security subphase covers gateways, authZ, and secret handling for integrations your agent can invoke in production.

How it compares

MCP security gateway and policy proxy, not a vulnerability scanner or single integration skill.

Common Questions / FAQ

Who is app.qwady.thorns/thornguard for?

Solo founders and small teams shipping AI agents with several MCP integrations who need authentication, redaction, policies, and audit logs on remote tool traffic.

When should I use app.qwady.thorns/thornguard?

Use it before widening MCP access beyond your machine—beta users, shared Claude Code setups, or production agents calling sensitive APIs.

How do I add app.qwady.thorns/thornguard to my agent?

Follow the ThornGuard quickstart at https://qwady.wiki/thornguard/quickstart to register the gateway with your MCP client and route remote servers through ThornGuard per Qwady’s deployment guide.

ThornGuard

Put a security gateway in front of remote MCP traffic so auth, PII redaction, policies, and audit logs apply before tools hit production systems.

Overview

ThornGuard is a MCP server for the Ship phase that acts as a remote security gateway for MCP with auth, redaction, policy enforcement, and audit logging.

What is this MCP server?

Remote MCP security gateway: authentication in front of tool calls
Automatic redaction and policy enforcement on MCP traffic
Audit logging for compliance and incident review
Documented quickstart at qwady.wiki/thornguard
Version 0.1.0 with official MCP server schema metadata

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Connecting agents to powerful MCP tools without a gateway means one prompt can exfiltrate secrets or call disallowed endpoints with no durable audit trail.

Who is it for?

Builders exposing multiple remote MCP tools to teammates or customers who need redaction, policy gates, and centralized auth.

Skip if: Solo devs running a single local MCP server on a laptop with no shared access or compliance obligations.

What do I get? / Deliverables

MCP requests pass through enforced policies and logged reviews before they reach your production integrations.

Authenticated MCP traffic through the ThornGuard gateway
Policy-enforced tool calls with audit log records for review

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

MCP security gateway and policy proxy, not a vulnerability scanner or single integration skill.

Common Questions / FAQ

Who is app.qwady.thorns/thornguard for?

Solo founders and small teams shipping AI agents with several MCP integrations who need authentication, redaction, policies, and audit logs on remote tool traffic.

When should I use app.qwady.thorns/thornguard?

Use it before widening MCP access beyond your machine—beta users, shared Claude Code setups, or production agents calling sensitive APIs.

How do I add app.qwady.thorns/thornguard to my agent?

Follow the ThornGuard quickstart at https://qwady.wiki/thornguard/quickstart to register the gateway with your MCP client and route remote servers through ThornGuard per Qwady’s deployment guide.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is app.qwady.thorns/thornguard for?

When should I use app.qwady.thorns/thornguard?

How do I add app.qwady.thorns/thornguard to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is app.qwady.thorns/thornguard for?

When should I use app.qwady.thorns/thornguard?

How do I add app.qwady.thorns/thornguard to my agent?