Skip to content

MCP shim

Any agent that speaks the Model Context Protocol (Claude Desktop, Microsoft Agent 365, Cursor, and others) can be observed without touching its code. The Kaizen MCP shim sits transparently between the MCP client and the MCP server and runs every tools/call through the Observer.

pip install kaizen-security

Wrap a server

Wherever you configure an MCP server command, prefix it with kaizen-mcp --:

{
  "mcpServers": {
    "files": {
      "command": "kaizen-mcp",
      "args": ["--", "uvx", "some-mcp-server", "--flag", "value"],
      "env": {
        "KAIZEN_API_KEY": "kz_live_...",
        "KAIZEN_AGENT": "files-agent"
      }
    }
  }
}

The shim spawns the real server, forwards traffic both ways, and inspects each tool call. A call the policy blocks is answered with an MCP error and never reaches the server; everything else passes through untouched. Either way the Observer learns the agent's behavior.

Configuration

Env var Purpose
KAIZEN_API_KEY Your Kaizen key (kz_live_...)
KAIZEN_AGENT A name for this agent
KAIZEN_BASE_URL API base, defaults to https://api.getkaizen.io