Product · Mantle
The MCP security gateway
A middleware proxy that mediates every AI request — policy in, audit out — without touching your underlying systems.
Policy engine
Boundaries as code
Policies live in version control and go through review like any other change. No console-only configuration that drifts from what's documented.
- Declarative rules per tenant, tool, and data scope
- Dry-run mode to test policy against historical traffic
- Changes attributed, timestamped, and reversible
# mantle-policy.yaml tenant: support-team allow: - tool: crm.read - tool: kb.search deny: - scope: finance.* - tool: db.write audit: always
# query the audit log $ mantle audit search \ --tenant support-team \ --action blocked \ --since 7d 14 results · 0.3s · export: csv, json
Observability
Every call, searchable
The full interaction — prompt, tool call, response, decision — is captured inline and queryable in seconds, not stitched together from four systems.
- Structured events for every request and decision
- Search by tenant, tool, scope, outcome, or time range
- Export to CSV/JSON for evidence packages
Tenancy
Hard isolation per team
Boundaries between teams, customers, and environments are enforced at the gateway — not left to convention inside each tool.
- Tenant context resolved on every request
- No shared credentials across boundaries
- Per-tenant audit trails and retention
# tenant contexts support-team → crm.read, kb.search eng-platform → repo.*, ci.read finance-ops → ledger.read cross-tenant requests: denied by default
Technical specifications
Deployment modelself-hosted · managed · hybrid
Protocol supportMCP · REST · streaming
Audit retentionconfigurable · export anytime
Latency overhead< 5 ms typical
AuthenticationOIDC · SAML · API keys