%22%3E%3Cg%20id%3D%22Group_166%22%3E%3Cg%20class%3D%22cls-2%22%3E%3Cg%20id%3D%22Group_165%22%3E%3Cpath%20id%3D%22Path_146%22%20class%3D%22cls-4%22%20d%3D%22M27.54%2C40.46c.06-3.28-2.56-5.98-5.84-6.04-3.28-.06-5.98%2C2.56-6.04%2C5.84%2C0%2C.07%2C0%2C.13%2C0%2C.2%2C0%2C3.53%2C2.79%2C5.34%2C5.94%2C5.91l.1%2C.02c3.79%2C.64%2C7.56%2C1.52%2C10.4%2C4.32%2C5.91%2C5.8%2C5.99%2C15.29%2C.19%2C21.2-5.8%2C5.91-15.29%2C5.99-21.2%2C.19-2.87-2.82-4.49-6.68-4.49-10.71h3.44c0%2C6.38%2C5.17%2C11.54%2C11.55%2C11.54%2C6.38%2C0%2C11.54-5.17%2C11.54-11.55%2C0-3.98-2.05-7.67-5.43-9.78-2.14-1.1-4.49-1.73-6.89-1.85-4.79-.5-8.46-4.47-8.6-9.28%2C.07-5.18%2C4.32-9.32%2C9.5-9.25%2C5.08%2C.07%2C9.18%2C4.17%2C9.25%2C9.25h-3.43Z%22%3E%3C%2Fpath%3E%3Cpath%20id%3D%22Path_147%22%20class%3D%22cls-4%22%20d%3D%22M106.58%2C67h-3.43v-13.27c0-6.38-5.17-11.55-11.55-11.55s-11.55%2C5.17-11.55%2C11.55v13.27h-3.44V27.21h3.43v16.98c5.27-6.38%2C14.71-7.28%2C21.09-2.01%2C3.45%2C2.85%2C5.44%2C7.08%2C5.44%2C11.55v13.27Z%22%3E%3C%2Fpath%3E%3Cpath%20id%3D%22Path_148%22%20class%3D%22cls-4%22%20d%3D%22M142.54%2C67.05h-3.44v-13.27c0-8.28%2C6.71-14.98%2C14.99-14.99v3.44c-6.37%2C.01-11.53%2C5.17-11.54%2C11.54v13.28Z%22%3E%3C%2Fpath%3E%3Cpath%20id%3D%22Path_149%22%20class%3D%22cls-4%22%20d%3D%22M56.14%2C38.74c-8.28%2C0-14.98%2C6.71-14.99%2C14.99v25.92h3.44v-16.38c5.27%2C6.39%2C14.71%2C7.3%2C21.1%2C2.03%2C6.39-5.27%2C7.3-14.71%2C2.03-21.1-2.85-3.46-7.1-5.46-11.59-5.45m0%2C26.53c-6.38%2C0-11.54-5.17-11.54-11.54s5.17-11.54%2C11.54-11.54%2C11.54%2C5.17%2C11.54%2C11.54h0c0%2C6.37-5.17%2C11.53-11.54%2C11.54%22%3E%3C%2Fpath%3E%3Cpath%20id%3D%22Path_150%22%20class%3D%22cls-4%22%20d%3D%22M132.95%2C41.66l-10.4%2C19.81-10.4-19.81-3.04%2C1.6%2C11.5%2C21.92-8.94%2C17.04%2C3.04%2C1.6%2C21.28-40.56-3.04-1.6Z%22%3E%3C%2Fpath%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fg%3E%3Cg%20id%3D%22Group_277%22%20transform%3D%22translate(66.453%20-0.563)%22%3E%3Cg%20class%3D%22cls-5%22%3E%3Cg%20id%3D%22Group_277-2%22%20transform%3D%22translate(0%200)%22%3E%3Cpath%20id%3D%22Path_380%22%20class%3D%22cls-3%22%20d%3D%22M152.98%2C15.56c0%2C6.47-4.86%2C11.9-11.28%2C12.63h0c-.47%2C.06-.95%2C.09-1.43%2C.09-.24%2C0-.48%2C0-.72-.02-1.81-.1-3.57-.58-5.17-1.43%2C.4-.51%2C.71-1.09%2C.91-1.71%2C.12-.36%2C.2-.73%2C.25-1.1l.03-.06c.73%2C.41%2C1.52%2C.73%2C2.33%2C.94%2C.48%2C.12%2C.98%2C.2%2C1.47%2C.25%2C.29%2C.03%2C.59%2C.04%2C.88%2C.04%2C.48%2C0%2C.97-.04%2C1.45-.11%2C0%2C0%2C.01%2C0%2C.01%2C0h0c5.25-.81%2C8.86-5.73%2C8.04-10.99-.64-4.15-3.9-7.41-8.06-8.05h0c-.48-.07-.96-.1-1.44-.11-.67%2C0-1.33%2C.07-1.98%2C.21-5.2%2C1.1-8.53%2C6.2-7.43%2C11.41%2C.19%2C.88%2C.5%2C1.73%2C.92%2C2.53l.05%2C.11c1.71%2C2.7%2C.9%2C6.27-1.8%2C7.98-.52%2C.33-1.08%2C.57-1.68%2C.72h-.01c-.47%2C.13-.95%2C.19-1.43%2C.19-.38%2C0-.76-.04-1.13-.11-3.14-.62-5.18-3.66-4.56-6.8%2C.22-1.12%2C.77-2.15%2C1.57-2.95%2C.58-.59%2C1.28-1.05%2C2.05-1.35%2C0%2C.05%2C.02%2C.11%2C.02%2C.16h0c.18%2C.97%2C.47%2C1.92%2C.87%2C2.82-1.35%2C.65-1.91%2C2.26-1.27%2C3.61%2C.65%2C1.35%2C2.26%2C1.91%2C3.61%2C1.27%2C1.35-.65%2C1.91-2.26%2C1.27-3.61-.04-.08-.08-.17-.13-.25l-.05-.07-.15-.28c-.12-.22-.24-.45-.34-.69v-.02c-.43-.95-.74-1.94-.93-2.96h0c-.14-.76-.2-1.52-.2-2.29%2C.01-6.19%2C4.46-11.47%2C10.56-12.53h.01c.71-.13%2C1.43-.19%2C2.15-.19%2C.48%2C0%2C.96%2C.03%2C1.44%2C.09h0c6.43%2C.73%2C11.28%2C6.16%2C11.29%2C12.63%22%3E%3C%2Fpath%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E){kind=small}
MCP Server
Connect any MCP client to Sphyr Agent Guard with a single config entry. No agent code changes required.
Per-Client Configuration
Copy the config block for your MCP client. The Sphyr MCP Server connects via stdio — no server to run.
Edit ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"sphyr": {
"command": "npx",
"args": ["-y", "-p", "@sphyr/sdk", "sphyr-proxy"],
"env": {
"SPHYR_API_KEY": "your-api-key",
"SPHYR_HMAC_SECRET": "your-hmac-secret"
}
}
}
}Python SDK variant
If you prefer the Python SDK, replace the command and args with:
{
"mcpServers": {
"sphyr": {
"command": "python",
"args": ["-m", "sphyr_sdk.proxy"],
"env": {
"SPHYR_API_KEY": "your-api-key",
"SPHYR_HMAC_SECRET": "your-hmac-secret"
}
}
}
}Generic Template
Use this template for any MCP client that supports stdio servers. Drop it into the client's MCP server configuration block.
"sphyr": {
"command": "npx",
"args": ["-y", "-p", "@sphyr/sdk", "sphyr-proxy"],
"env": {
"SPHYR_API_KEY": "your-api-key",
"SPHYR_HMAC_SECRET": "your-hmac-secret"
}
}Security Model
The Sphyr MCP Server acts as a transparent proxy. Your agent calls tools normally — Sphyr re-signs each request with a fresh HMAC signature and routes it through the security pipeline.
HMAC signing
Every tool call is re-signed with your SPHYR_HMAC_SECRET. The original agent request is never forwarded.
Session isolation
The proxy manages its own session token (sess_token). Agents never supply or observe session credentials.
Trace IDs
Each request gets a unique trace_id for audit log correlation.
Agent Loop
If your agent framework runs its own async event loop, run the Sphyr MCP Server as an independent process — not inside your agent's loop.
Python agents using frameworks like LangGraph or AutoGEN typically run their own async event loop. Start the Sphyr MCP Server as a separate ASGI process (e.g., via subprocess or a process manager) rather than nesting it inside your agent framework's loop.