ABS Core v4.1.0
Guides

Quickstart -- 60 Seconds to First Interception

Install ABS Core and intercept your first MCP tool call in under 60 seconds.

Quickstart -- 60 Seconds to First Interception

From zero to cryptographically governed AI agent in four commands.

Prerequisites

  • Node.js 18+
  • An MCP-compatible AI client (Claude Desktop, Cursor, or any MCP host)

Step 1: Initialize the Project

npx @abscore/mcp-gateway init

This creates:

  • .abs/policy.json -- Your governance rules (deny lists, escalation policies, argument restrictions)
  • .env.example -- Environment variable template for key management
  • abs-governance.config.ts -- Type-safe configuration entry point

Step 2: Configure Your MCP Client

Add the ABS Core gateway to your MCP client configuration:

{
  "mcpServers": {
    "abs-governance": {
      "command": "npx",
      "args": ["@abscore/mcp-gateway", "watch"],
      "env": {
        "ABS_POLICY_PATH": ".abs/policy.json"
      }
    }
  }
}

Step 3: Define Your First Policy

Edit .abs/policy.json:

{
  "version": "4.1.0",
  "deny_tools": ["rm", "sudo", "eval"],
  "escalate_tools": ["db.query", "api.call"],
  "deny_models": [],
  "arg_restrictions": {
    "db.query": {
      "blocked_patterns": ["DROP TABLE", "DELETE FROM", "TRUNCATE"]
    }
  }
}

This policy:

  • Blocks rm, sudo, and eval unconditionally
  • Escalates database queries and API calls for review
  • Restricts SQL arguments to prevent destructive operations

Step 4: Start the Gateway

npx @abscore/mcp-gateway watch

Output:

[ABS CORE v4.1.0] Gateway active
[ABS CORE] Policy loaded: .abs/policy.json
[ABS CORE] Enforcement mode: FULL
[ABS CORE] Waiting for MCP tool calls...

What Happens Next

When the AI agent attempts a tool call:

  1. OID -- Agent identity is verified via Ed25519 signature
  2. HASH -- Request payload is hashed (SHA-256) for deterministic fingerprinting
  3. ENGINE -- Policy engine evaluates the request: ALLOW, DENY, or ESCALATE
  4. LEDGER -- Decision is recorded in the hash chain with cryptographic receipt
  5. EXECUTE -- If allowed, the tool call proceeds. If denied, it is blocked with a reason.

Every decision produces a SovereignAuditRecord -- a frozen, immutable proof of governance.

Verify It Works

After the first tool call is intercepted, check the audit output:

npx @abscore/mcp-gateway status

You will see:

Governance Status:
  Total intercepted: 1
  Allowed: 1
  Denied: 0
  Escalated: 0
  Chain integrity: VALID
  License status: FULL

Next Steps

Quick Start

Previous Page

MCP Security Gateway

Configure ABS Core as a security proxy for the Model Context Protocol -- enforcement modes, policy hot-reload, and production deployment.

On this page

Quickstart -- 60 Seconds to First InterceptionPrerequisitesStep 1: Initialize the ProjectStep 2: Configure Your MCP ClientStep 3: Define Your First PolicyStep 4: Start the GatewayWhat Happens NextVerify It WorksNext Steps