Does the SDK add latency to every call?

The decision happens in-process against a local policy cache, so the in-line overhead stays minimal. Vault injection and audit writes are fire-and-forget against the service: they never block your tool call.

What happens if the gateway is unreachable?

You choose. Default is fail-closed (denied with a typed McpDenyError). fail-open-cached is available for read-only tools where availability matters more than strictness.

Do I have to use MCP?

No. Sentinel is MCP-native, but thin adapters wrap LangChain, LlamaIndex, the Vercel AI SDK, and raw tool-calling. Anything you can express as a function call, Igris can govern.

How do secrets work in local development?

You never hold the real token. Your dev virtual key is scoped to dev resources and injected on the wire, so the same code runs locally and in prod without a secret ever touching your machine.

Is the SDK open source?

The SDK and CLI are Apache-2.0; the dashboard is source-available. You can self-host the control plane on the Enterprise tier as a single Docker image or Helm chart.

Can I test a policy before it ships?

Yes. Dry-run any rule against live or recorded traffic to see what it would have allowed or denied, then push it. The same policy runs against your dev key, so you catch denials before prod.

Solutions / AI BuildersFor AI Builders For AI Adopters

For AI Builders · Ship governed, day one

Ship the agent. Pass the security review the same afternoon.

Three lines of SDK and every tool call your agent makes is authenticated, policy-matched, and written to a complete audit trail. No DSL to learn, no YAML to maintain: define policy in a form, hand your security team a log, and get back to building.

Read the Quickstart →SDK Reference

3lines to govern an agent

Minimalin-line gateway overhead

day 1security review, not week 6

agent.tsgoverned

// 1. one import
import { Igris } from "@igris-security/sdk";

const igris = new Igris({ apiKey: process.env.IGRIS_KEY });

// 2. one governed connection per user
const mcp = await igris.connect("github-prod", {
  user: "dev@acme.com",
  metadata: { role: "developer" },
});

// 3. every call is now policy-checked
await mcp.call("repo.read", { repo: "acme/api" });
await mcp.call("repo.delete", { repo: "acme/api" });

repo.read(acme/api)0.4msALLOW

repo.delete(acme/api)0.3msDENY

From zero to governed

Three commands. Then you're shipping behind a policy.

No sidecar to deploy, no proxy to stand up. The SDK runs in-process with a local policy cache, so the decision happens at the call boundary in microseconds, and the audit write is fire-and-forget.

01Install the SDK

One package for your whole agent. TypeScript, Python, and Go ship from the same spec, plus a REST API for everything else.

$ bun add @igris-security/sdk
# bun add v1.x done
# ✓ ready

02Open a governed connection

Bind a connection to the current user and their role. Igris resolves identity and loads the matching policy before the first call.

const mcp = await igris.connect(
  "github-prod",
  { user, metadata: { role } }
);
// → policy v.412 loaded

03Call tools like normal

Your agent code doesn't change. Every call() is matched, credentialed, and logged; denials come back as typed errors.

await mcp.call("repo.read", args);
// → ✓ allow · 0.4ms · audited
await mcp.call("repo.delete", args);
// → ✕ McpDenyError

One SDK, three guarantees

The same platform your CISO trusts. Wrapped in an API you actually want to use.

Sentinel, Guard, and Lens are one install for you and three boxes ticked for security. You write product code; the platform handles the tool calls, the prompts, and the paper trail.

GovernIgris Sentinel

Wrap your tool calls without rewriting your agent.

Sentinel is the chokepoint between your agent and every MCP server it touches. Identity, policy match, credential injection, audit: all inline, all in under a millisecond.

developer · repo.readALLOW

developer · repo.writeALLOW

developer · repo.deleteDENY

agent · stripe.chargeALERT

guest · db.writeDENY

ProtectIgris Guard

An LLM firewall you don't have to build.

Point your model traffic at Guard and prompt injection, PII leakage, and policy-violating responses get caught pre-flight. Your agent keeps its full reasoning when the traffic is clean.

prompt · SSN patternREDACT

prompt · injection sigBLOCK

prompt · "summarize…"PASS

response · AKIA keyBLOCK

response · cleanPASS

ObserveIgris Lens

The audit log that ends the security review.

Every decision streams to Lens: user, role, tool, args hash, latency, verdict. Filter it, replay any trace, export to your SIEM. Hand your security team a link instead of a meeting.

trace a4f9c2 · replay✓

filter · verdict=deny412

export · json / csv✓

stream · splunkLIVE

retention · 365d✓

What you get out of the box

Built for the team writing the agent. Not the team auditing it.

Six things you'd otherwise build yourself (auth plumbing, secret handling, a policy UI, an audit pipeline), shipped as one SDK and one dashboard.

Three-command quickstart

Install, connect, call. The SDK is in-process with a local policy cache, so you get governance without standing up a proxy or a sidecar.

time to first governed call< 5 min

infra to deploynone

agent code changed3 lines

Per-developer virtual keys

Real credentials stay in the vault. Each developer and each agent gets a scoped virtual key; revoke one without rotating the upstream secret.

real tokens in your code0

scope per keytool · env · rate

revoke propagation200ms

Form-based policy builder

Compose rules in the dashboard: role, tool glob, condition, decision. No DSL, no YAML, no policy language to learn or review in a PR.

tool: delete_*✕ deny

model: gpt-4*✓ allow

amount > $50alert

Replay & export the audit trail

Filter the log by user, tool, verdict, or trace ID. Replay any decision step-by-step. Export JSON or CSV, or stream the whole thing to your SIEM.

queryable fields12

trace replay✓ step-by-step

exportjson · csv · webhook

Local ↔ prod parity

The same policy runs against your dev key as your prod key. Catch a denial on your laptop, not in the incident channel. Dry-run any rule before you push it.

dev / prod policyidentical

dry-run rules✓

fail modeclosed by default

Works with your framework

MCP-native, and a thin wrapper for the stacks you already use. Drop it under LangChain, LlamaIndex, the Vercel AI SDK, or raw tool-calling.

MCP servers✓ native

LangChain · LlamaIndex✓ adapter

Vercel AI SDK✓ adapter

Why teams move faster

Security review used to be the bottleneck. Now it's a link.

The policy is already enforced and the audit is already on, so "is this approved?" stops being a meeting. Most teams collapse a multi-week review per agent into a same-day sign-off.

Before Igris

A review per agent. Every time.

6 wksper agent

Hand-rolled auth and secret handling in every service
Security reads code, asks for changes, re-reads
No audit trail; evidence assembled by hand
Shadow agents ship without anyone signing off

→

With Igris

Policy's already there. Ship today.

same dayto sign-off

Deny-by-default the moment the SDK is in
Form-based policy reviewers read in minutes
Complete audit exported as evidence on demand
One dashboard shows every agent already in scope

FAQ

Questions, answered.

Ready when you are

Three lines now. Deny-by-default from minute one.

Drop the SDK in, define a policy in the dashboard, and hand your security team a link instead of a launch blocker. Start in the docs or book a walkthrough.

Read the Quickstart →Request a Demo

3 lines : install, connect, call
Minimal : in-line overhead
Virtual keys : real secrets never in your code
Form-based policy : no DSL, no YAML
Apache-2.0 SDK : self-host on Enterprise