◈ SecuriX

MCP Tool Optimization

Enhanced accuracy and performance for Model Context Protocol (MCP) toolkits.

MCP Tool Optimization

SecuriX is built to be the best-in-class gateway for the Model Context Protocol (MCP). We don't just broker the connection; we optimize how AI agents interact with tools.

Why SecuriX for MCP?

  • Enhanced Accuracy: By pre-processing tool schemas and providing better context injection, we reduce "hallucinations" during tool selection.
  • Performance: Our globally distributed edge gateway ensures that tool calls have minimal latency, crucial for real-time AI interactions.
  • Context Management: We automatically handle state management and session persistence for MCP-compliant agents.

Implementation: The "One-Click" MCP Flow

SecuriX simplifies MCP server deployment by using Base64-encoded configuration URLs. This allows you to add a secure, authenticated MCP server to an agent (like Claude Desktop or a custom agent) in a single step.

Generating the MCP URL

Using the SDK, you can generate a URL that contains the necessary routing metadata without exposing your API key in plain text.

import { Securix } from "@securix/sdk";

const mcpUrl = Securix.mcp.getUrl({
  apiKey: process.env.SECURIX_API_KEY,
  entityId: "user_123", // The specific user's ID
  agentId: "gemini_vscode_1",
});

// Returns: https://mcp.securix.app/v1/mcp/eyJhUElLZXkiOiJzY19saXZlXzEyMyIsImVudGl0eUlkIjoidXNlcl80NTYifQ==

Why Base64?

The encoded payload allows the SecuriX Gateway to:

  1. Identify the Requestor: Know which developer account is making the call.
  2. Isolate the Entity: Map the tool call to a specific user's vaulted tokens.
  3. Apply Dynamic Routing: Route the request to the correct internal provider (Gmail, Drive, etc.) based on the configuration ID.

Zero-Config Auth-on-Demand

Security for MCP

Traditional MCP servers require you to manage your own credentials. SecuriX handles this automatically:

  1. Vaulted Tokens: The agent never sees the raw API keys.
  2. One-Click Revocation: Users can kill the MCP connection instantly from the Trust Portal.
  3. Auditability: Every tool call made via MCP is logged with full payload visibility.

Self-Healing MCP Tools

A unique feature of SecuriX MCP integration is the ability for tools to "ask" for permission or connection in-stream.

When an agent calls an MCP tool and the user is not authenticated, the SecuriX MCP server returns a message with a connection link and code. The agent can then present this to the user, and once connected, retry the operation.

// Example of how the SecuriX MCP server handles a 401
if (error.status === 401) {
  const { authUrl, deviceAuthCode } = await Securix.auth.createSession({
    flow: "device",
    entityId,
    providers: { gmail: { scopes } }
  });
  
  return {
    content: [{ 
      type: "text", 
      text: `I need to connect your Gmail account. Please visit ${authUrl} and enter code ${deviceAuthCode}` 
    }]
  };
}

This ensures that your agent never hits a "dead end" due to authentication or policy issues.

Self-healing Auth

Let your AI agents fix security and connection issues autonomously.

OAuth Vaulting

Securely manage and store third-party provider tokens without the headache.

On this page

MCP Tool OptimizationWhy SecuriX for MCP?Implementation: The "One-Click" MCP FlowGenerating the MCP URLWhy Base64?Zero-Config Auth-on-DemandSecurity for MCPSelf-Healing MCP Tools