Connect Your AI Assistant to Hextrap
Set up Hextrap's MCP server so Claude, ChatGPT, and other AI tools automatically check packages against your firewall before installing them.
What is the Model Context Protocol?
MCP is an open standard that lets AI assistants connect to external tools. When you connect Hextrap via MCP, your AI assistant will automatically check every package it wants to install against your firewall's security policies.
Block Malicious Packages
Your AI assistant checks every package against Hextrap's typosquat detection and your allow/deny lists before suggesting it.
Enforce Soak Time
Newly published packages are held until they pass your configured soak period, preventing zero-day supply chain attacks.
Full Audit Trail
Every package check is logged in your firewall's activity feed, giving you complete visibility into what your AI is installing.
Quick Start
Get up and running in three steps.
Create an API Key
Sign in to Hextrap and navigate to Dashboard → API Keys. Click Create Key and give it a descriptive name like "Claude Code" or "ChatGPT".
Copy the key immediately — it won't be shown again.
Add the MCP Configuration
Add Hextrap to your project's .mcp.json or global ~/.claude.json. The exact format depends on your client — see the setup guides below.
{
"mcpServers": {
"hextrap": {
"type": "http",
"url": "https://hextrap.com/mcp/",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}Start Using It
Ask your AI assistant to install a package. It will automatically check the package against your Hextrap firewall before proceeding.
Setup Guides
Choose your AI assistant to see specific configuration instructions.
Claude Code Setup
Claude Code uses streamable HTTP transport (type: http) to connect to MCP servers.
Option 1: Project Config (Recommended)
Add to your project's .mcp.json in the repository root to share with your team:
{
"mcpServers": {
"hextrap": {
"type": "http",
"url": "https://hextrap.com/mcp/",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}Option 2: Global Config
Add to ~/.claude.json to make Hextrap available across all projects:
{
"mcpServers": {
"hextrap": {
"type": "http",
"url": "https://hextrap.com/mcp/",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}Option 3: CLI Command
Or use the Claude Code CLI to add it directly:
claude mcp add hextrap --transport http https://hextrap.com/mcp/ \
--header "Authorization: Bearer YOUR_API_KEY"/mcp or asking Claude to "list my Hextrap firewalls".
Claude Desktop Setup
Claude Desktop uses SSE transport (type: sse) to connect to MCP servers.
Configuration File Location
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Configuration
{
"mcpServers": {
"hextrap": {
"type": "sse",
"url": "https://hextrap.com/mcp/",
"headers": {
"Authorization": "Bearer YOUR_API_KEY"
}
}
}
}ChatGPT and Other MCP Clients
Any MCP-compatible client can connect to hextrap. The MCP endpoint is:
https://hextrap.com/mcp/Connection Details
| Endpoint | https://hextrap.com/mcp/ |
| Transports | Streamable HTTP, SSE |
| Authentication | Bearer token in Authorization header |
| Protocol Version | 2024-11-05 |
Consult your MCP client's documentation for the specific configuration format. Most clients support setting the URL and authentication header.
Available Tools
These tools become available to your AI assistant once connected.
check_package
Check if a package is allowed by your firewall and verify it is not a suspected typosquat. Your AI assistant calls this before suggesting any dependency.
name - Package name
registry - pypi, npm, or go
firewall_id - Your firewall ID
list_firewalls
List all firewalls you have access to, including their IDs, names, and configurations.
add_to_allowlist
Add a package to a firewall's allowlist. Once added, the package will be permitted through the firewall.
firewall_id - Firewall ID
package_name - Package name
registry - pypi, npm, or go
add_to_denylist
Add a package to a firewall's denylist. Denied packages will be blocked from installation.
firewall_id - Firewall ID
package_name - Package name
registry - pypi, npm, or go
get_activity
View recent package installation activity for a firewall, including allowed, blocked, and flagged attempts.
firewall_id - Firewall ID
limit - Max records (default 20)
remove_from_allowlist
Remove a package from a firewall's allowlist.
firewall_id - Firewall ID
package_name - Package name
remove_from_denylist
Remove a package from a firewall's denylist.
firewall_id - Firewall ID
package_name - Package name
get_proxy_config
Get proxy credentials and package manager configuration for a firewall. Creates a credential if none exists, or confirms the existing one is active.
firewall_id - Firewall ID
roll_proxy_credential
Regenerate your proxy credential password. Invalidates the previous password and returns new setup commands for all package managers.
firewall_id - Firewall ID
create_service_credential
Create a named service credential for CI/CD pipelines. Each pipeline should have its own credential for auditability.
firewall_id - Firewall ID
name - Credential name (e.g. "GitHub Actions")
Usage Examples
Here's what it looks like when your AI assistant uses hextrap.
Checking a Package Before Installing
Blocking a Typosquat
Listing Firewalls
Frequently Asked Questions
What is an MCP server?
MCP (Model Context Protocol) is an open standard created by Anthropic that lets AI assistants like Claude and ChatGPT connect to external tools and data sources. Hextrap's MCP server lets your AI assistant check packages against your firewall before installing them, manage allow/deny lists, and view installation activity.
Which AI assistants support Hextrap's MCP server?
Hextrap's MCP server works with Claude Code, Claude Desktop, ChatGPT, and any other MCP-compatible client. Claude Code uses streamable HTTP transport, while Claude Desktop uses SSE (Server-Sent Events) transport. Both are supported.
Is Hextrap's MCP server free to use?
Yes. Hextrap's free Open Source tier includes MCP server access with up to 2 firewalls. The MCP server is available on all plans including Small Team and Enterprise.
What package registries does Hextrap support?
Hextrap supports PyPI (Python), npm (JavaScript/Node.js), and Go modules. The MCP server can check packages, manage allow/deny lists, and view activity for all three registries.
How do I get an API key for the MCP server?
Sign in to Hextrap, go to Dashboard → API Keys, and click Create Key. Give it a descriptive name and copy the key immediately — it won't be shown again. Use this key in your MCP configuration's Authorization header.
Can I use different API keys for different projects?
Yes. You can create multiple API keys with different names to organize access across projects. Each key has the same permissions tied to your user account.
What happens if a package is blocked?
When your AI assistant checks a package that isn't on your allowlist, or that is flagged as a typosquat, Hextrap returns a blocked status. Your AI assistant will inform you and suggest alternatives. All blocked attempts are logged in your firewall's activity feed.
How do I find my firewall ID?
Ask your AI assistant to "list my Hextrap firewalls" or find it in the Hextrap dashboard. The firewall ID is the public identifier shown on the firewall overview page.
Protect Your AI Coding Workflow
Set up Hextrap in under 2 minutes and stop malicious packages before they reach your codebase.