Gateco MCP Server: Policy-Enforced Retrieval for Claude Desktop and Cursor

The Model Context Protocol (MCP) is the emerging standard for connecting AI hosts like Claude Desktop to external data sources and tools. Gateco's MCP server brings the full policy enforcement and identity-aware retrieval pipeline directly into Claude, Cursor, and any other MCP-compatible host. Queries through the MCP tools run through the same policy engine as the REST API — the same ABAC rules, the same audit trail, the same deny-by-default behavior.

The six tools

gateco_retrieve executes a policy-filtered retrieval against any connected connector. Takes a query string, optional connector_id, and either principal_id or email. Returns allowed results as markdown with metadata and scores. Denied results are never included in the output. gateco_ask runs the same retrieval, then synthesizes an answer from the allowed chunks. Returns the answer text and citations. Requires Grounded Answers entitlement (Growth+) and a configured LLM API key.

gateco_list_connectors returns a markdown table of connected vector databases with types, status, and semantic readiness levels. gateco_list_policies lists active access policies with types (RBAC/ABAC), conditions, and connector scope. gateco_list_principals lists principals synced from your identity providers. gateco_resolve_principal looks up a principal by email or provider_subject — useful when you need to confirm a user's identity before running a retrieval.

Installation

Install the SDK with MCP support: pip install "gateco[mcp]". Set your API key: export GATECO_API_KEY=your_key. For Claude Desktop, add a mcpServers entry to ~/Library/Application Support/Claude/claude_desktop_config.json with command "gateco-mcp" and env containing GATECO_API_KEY. For Cursor, add the same configuration under Settings → MCP. The gateco-mcp command is a direct entry point installed alongside the SDK — no additional steps required once the key is set.

Why output is markdown only — and why denied content never surfaces

All six tools return human-readable markdown strings, never raw JSON. This is a deliberate design choice: MCP tool output ends up in the context window of a language model, and JSON serialization of authorization data creates unnecessary surface area. Denied retrieval results are dropped entirely — the tool response indicates how many results were denied and why, but it never includes the content of denied chunks. The same applies to gateco_ask: the LLM prompt is built from allowed chunks only. This is why the MCP integration is a safe default for internal tools where you want to give Claude access to your knowledge base without risking it surfacing data the requesting user is not authorized to see.

Identity resolution via email

Both gateco_retrieve and gateco_ask accept an email parameter as an alternative to principal_id. The MCP server resolves the email to a principal via the same resolver as POST /api/principals/resolve — exact match against active principals, ordered by last_seen. This makes it practical to build Claude Desktop workflows that respect user identity without requiring the caller to know principal UUIDs upfront. If a principal cannot be resolved, the tool returns a clear error rather than falling back to anonymous access.

Plan and entitlements

gateco_retrieve, gateco_list_connectors, gateco_list_policies, gateco_list_principals, and gateco_resolve_principal are available on all plans including free. gateco_ask requires Growth+ (Grounded Answers entitlement) and a configured LLM API key in Organization Settings. The pip install gateco[mcp] extra is available to all SDK users regardless of plan.