Quick Start
This page is for the desktop app. If you installed via CLI, see Quick Start (CLI).
Open MCPFirewall
Section titled “Open MCPFirewall”Launch the app from your Applications folder (macOS), Start menu (Windows), or app launcher (Linux). The gateway starts automatically in the background and the dashboard opens.
You will also see a tray icon appear in your menu bar (macOS) or system tray (Windows/Linux). The icon gives you quick access to approvals and safety controls without opening the full dashboard.
Pick your mode
Section titled “Pick your mode”On first launch, MCPFirewall asks you to choose how you want to use it:
Simple Mode is the streamlined experience. You see your servers, the registry, your secrets vault, and settings. Everything you need to install MCP servers, store credentials, and see what your AI is doing. No complex governance setup.
Advanced Mode adds rulesets, per-tool overrides, project scoping, the approval queue, and the security log. Choose this if you want to decide exactly which tools your AI can use in which situations.
Pick whichever feels right. You can switch anytime in Settings without losing anything.
Connect your AI client
Section titled “Connect your AI client”Click Integrations in the sidebar. MCPFirewall automatically finds AI clients installed on your machine:
- Claude Desktop
- Claude Code
- Cursor
- VS Code (Copilot)
- Windsurf
- Cline
Click Set up on any client that shows as “Detected.” MCPFirewall configures the client so its MCP traffic flows through the firewall. A backup of the original configuration is saved automatically.
Restart your AI client after setup. The configuration changes only take effect after the client restarts. Close it fully and reopen it.
Install your first MCP server
Section titled “Install your first MCP server”Click Discover in the sidebar. This is the built-in server registry with thousands of MCP servers.
Search for something useful (try “filesystem”, “github”, or “brave-search”) and click Connect.
The install flow walks you through a few steps:
- Credentials: if the server needs an API key, paste it here. It is encrypted and stored in your vault instantly.
- OAuth: if the server uses OAuth, click Authorize and log in. The token is handled for you.
- Done: the server is installed to all your connected AI clients and registered with the firewall.
The server now appears on the MCP Hub page.
Restart your AI client to pick up the new server. MCP servers are loaded when the client starts, so new installations are not visible until you restart.
See it working
Section titled “See it working”After restarting your AI client, ask it to use one of the installed server’s tools. Then look at the dashboard:
- The MCP Hub shows your server with a live connection indicator
- Click Monitor in the sidebar to see the tool call in the activity feed
- If you set any tool to “Requires Approval”, the call pauses and a notification appears on your desktop. Approve or deny it right from the dashboard (or from the notification on Linux).
What to explore next
Section titled “What to explore next”- The 3-State Model to understand how tool governance works
- Approve Requests to set up human-in-the-loop review for sensitive tools
- Manage Secrets to learn about the encrypted vault
- Desktop App for tray icon features, auto-updates, and auto-start