Skip to main content
Enforce intercepts MCP tool calls to apply security policies before execution. Unlike Detect (which discovers configurations), Enforce actively controls what shadow MCPs can do in real-time.

How It Works

When Enforce is installed, it intercepts MCP tool calls before execution:
  1. User invokes a tool — The AI assistant requests a tool call from a shadow MCP
  2. Intercept — The call is captured before reaching the MCP server
  3. Policy evaluation — The call is checked against your organization’s policies
  4. Decision — The call is either:
    • Allowed — Proceeds to the MCP server normally
    • Blocked — Prevented and logged for security review
  5. Audit logging — All intercepted calls are logged for visibility

What Gets Intercepted

Enforce intercepts tool calls from shadow MCP servers (those configured directly in the client, not through Runlayer). Tool calls to Runlayer-managed MCPs are handled by the Runlayer proxy and are not affected.

Allowed remote MCP URLs (allowlist)

By default, Enforce blocks remote (HTTP/S) MCP servers that do not point at your Runlayer instance. Workspace admins can add allowed remote MCP URLs under SettingsShadow MCPs, in the Enforce section (Save allowlist). Each entry is a base URL. A tool call’s MCP URL is allowed when:
  • The scheme, host, and port match the entry (default ports 443 / 80 for HTTPS / HTTP are treated the same as omitting the port).
  • If the entry has no path (or only /), any path on that origin is allowed.
  • If the entry includes a path (for example https://partner.example.com/mcp), the MCP URL’s path must match that prefix with a path boundary — /mcp and /mcp/stream match; /mcpbackup does not.
Stdio-based MCP commands are not controlled by this list; they must still use Runlayer-managed invocations (for example the Runlayer CLI with a server UUID).

Supported Clients

ClientmacOSWindows
CursorComing soon
Claude CodeComing soon
Additional client support is in active development. Check the Runlayer dashboard for the latest supported clients.

Deployment

MDM Deployment

Deploy Enforce across your organization directly from the Runlayer dashboard:
1

Navigate to Shadow MCPs

Go to SettingsShadow MCPs in the Runlayer dashboard
2

Configure Enforce

Click Configure under the Enforce section and select your MDM platform
3

Follow the Setup Guide

The in-app setup guide provides the deployment script and configuration for your MDM. Copy the generated script and enrollment key, then follow the instructions for your platform.

Manual Installation

For testing or individual device setup, install Enforce directly using the Runlayer CLI. Install the Runlayer CLI: 
curl -LsSf https://astral.sh/uv/install.sh | sh
Log in to your Runlayer instance: 
uvx runlayer login --host https://your-runlayer-instance.com
Credentials are stored in your OS keychain when available, with a fallback to ~/.runlayer/config.yaml. Install Enforce: 
uvx runlayer setup hooks --install --yes
FlagDescription
--installPerform the installation
--uninstallRemove hooks
--yesSkip confirmation prompts
--hostValidate this host exists in config before install
--clientInstall for a specific client (cursor or claude_code; default: all)
--all-eventsRegister all hook events including pipeline (default: enforcement only)
--no-enforcementMonitoring only — register hooks but skip blocking enforcement
--mdmInstall to enterprise location (requires elevated permissions)
Use --no-enforcement when you want visibility into shadow MCP tool calls without blocking any requests. All calls are still logged and sent through the data pipeline, but no policy enforcement is applied. This is useful for a rollout phase where you want to observe before enforcing. Uninstall: 
uvx runlayer setup hooks --uninstall --yes

Troubleshooting

  1. Restart the client application after installation
  2. Check that the client is supported (see table above)
  3. Ensure Enforce is installed for the correct client
  1. Ensure uv is installed: curl -LsSf https://astral.sh/uv/install.sh | sh
  2. Check network connectivity to your Runlayer instance
  3. Verify the host URL is correct
  4. Try running with verbose output for more details
  1. Check your Runlayer instance connectivity
  2. Review the number of policies being evaluated
  3. Contact Runlayer support if issues persist

Shadow MCP Overview

Understanding the shadow MCP problem

Detect

Discover shadow servers via scheduled scans

Policies

Configure access control policies

Audit Logs

View intercepted tool calls