Claude Desktop and Cursor, connected to your secured knowledge base.
The Gateco MCP server exposes six tools that give Claude, Cursor, and any MCP-compatible host policy-enforced access to your vector databases. Denied content never surfaces in tool output.
Five retrieval and inspection tools work on all plans. The gateco_ask synthesis tool requires Growth+ and a configured LLM API key.
The six tools
gateco_retrieve: policy-filtered vector retrieval. Takes a query, connector_id (or uses the default), and either principal_id or email. Returns allowed results as markdown — denied results are not included.
gateco_ask: retrieval + answer synthesis. Same parameters as retrieve, plus optional top_k. Returns the synthesized answer and citations. Requires Growth+ and a configured LLM API key.
gateco_list_connectors: markdown table of connected vector databases with type, status, and readiness level. gateco_list_policies: markdown list of active access policies with conditions. gateco_list_principals: markdown list of synced principals. gateco_resolve_principal: looks up a principal by email or provider_subject.
Installation and configuration
Install: pip install "gateco[mcp]". The gateco-mcp command is installed as a direct entry point — no additional steps. Set your Gateco API key as GATECO_API_KEY in your environment or in the MCP host configuration.
For Claude Desktop: add a mcpServers entry to ~/Library/Application Support/Claude/claude_desktop_config.json with command "gateco-mcp" and env containing {"GATECO_API_KEY": "your_key"}. For Cursor: add the same entry under Settings → MCP. The base URL defaults to https://api.gateco.ai — override with GATECO_BASE_URL for self-hosted deployments.
# claude_desktop_config.json
{
"mcpServers": {
"gateco": {
"command": "gateco-mcp",
"env": {
"GATECO_API_KEY": "gco_your_api_key_here",
"GATECO_BASE_URL": "https://api.gateco.ai"
}
}
}
}Security model
All six tools return markdown strings, never raw JSON. This prevents the LLM from acting on structured authorization data that could be used for prompt injection. Denied retrieval results are dropped entirely — the tool output indicates how many results were denied and why, but never includes their content.
The MCP server reuses the same credential resolution as the CLI: GATECO_API_KEY environment variable → GATECO_BASE_URL environment variable → ~/.gateco/credentials.json. Every tool call produces an audit event in the same trail as REST API calls — you can see MCP-originated retrievals in the dashboard audit log.
Frequently asked questions
Does the MCP server work with any MCP host, or only Claude and Cursor?
Any MCP-compatible host that supports stdio transport. This includes Claude Desktop, Cursor, and any host using the official MCP SDK. The server uses FastMCP with stdio transport.
Can multiple principals use the same MCP server instance?
Yes. Each tool call that includes a principal_id or email is evaluated against that principal's policies. The MCP server instance itself does not hold a single principal identity — it defers to the per-request principal parameter.
Is the MCP server available for self-hosted deployments?
Yes. Set GATECO_BASE_URL to your self-hosted API endpoint in the MCP host configuration. The SDK resolves all API calls against this base URL.