Connect your Bifrost MCP gateway to Capsule Security for real-time policy enforcement and audit of every outbound MCP tool call — before the upstream server executes it.
This integration uses a Go plugin that Bifrost loads at startup. Before each MCP tool call is forwarded to the upstream server, the plugin synchronously posts the request to your Capsule tenant and blocks on an allow/deny verdict. After the call settles, it fires fire-and-forget telemetry.
Bifrost is operator-deployed — you run the gateway in your own infrastructure, so there is no SaaS install. The only thing exchanged at install time is a signed JWT that scopes the plugin to your tenant and environment.
The following hooks are configured:
| Hook | Type | Description |
|---|---|---|
| PreMCPHook | Blocking | The tool call (server name, tool name, arguments) before it reaches the upstream MCP server — can deny on policy violation |
| PostMCPHook | Observation | Duration, success/failure, and error detail after the upstream call resolves |
Before you begin, ensure you have:
- A running Bifrost MCP gateway (Go 1.22 or later)
- The same Go toolchain and
bifrost/coresource version used to build your Bifrost binary - A Capsule Security account with admin access
- Network access from your Bifrost gateway to your Capsule agentsecurity endpoint (e.g.
https://agents.capsule.security)
Log in to the Capsule Security portal.
Navigate to Integrations and locate Bifrost.
Click Install — Capsule generates a JWT scoped to your tenant and Bifrost environment. Treat it as a secret.
Copy the generated endpoint and token. You will reference them in the plugin configuration in the next steps.
Go plugins are ABI-coupled to the Bifrost binary that loads them. The plugin must be compiled with the same Go toolchain version and against the same bifrost/core source as your Bifrost deployment.
git clone https://github.com/capsulesecurity/capsule.git
cd capsule/plugins/bifrost-plugin
make tidy # resolve dependencies against your pinned bifrost/core version
make build # outputs build/capsule.soIf your Bifrost deployment tracks a different bifrost/core tag than the one pinned in go.mod, update the require line before running make tidy.
Reference the built plugin in your Bifrost config.yaml:
plugins:
- name: capsule
path: ./build/capsule.so
config:
endpoint: "https://agents.capsule.security/v1/bifrost/hooks"
token: "${CAPSULE_BIFROST_TOKEN}"The token field supports environment variable interpolation — keep the raw JWT out of version control.
| Field | Type | Default | Description |
|---|---|---|---|
endpoint | string | (required) | Capsule Bifrost hooks endpoint, e.g. https://agents.capsule.security/v1/bifrost/hooks |
token | string | (required) | JWT generated in Step 1, scoped to your tenant and environment |
timeout_ms | number | 5000 | Per-request timeout in milliseconds for both pre and post hooks |
fail_open | boolean | true | Allow the tool call when Capsule is unreachable. Set to false to fail closed |
enable_logging | boolean | false | Log allow/deny decisions to stdout |
Never commit the JWT to version control. Recommended approaches:
- Pass the token as an environment variable (
CAPSULE_BIFROST_TOKEN) and use interpolation inconfig.yaml - Source it from your secret manager (1Password, AWS Secrets Manager, HashiCorp Vault) at gateway startup
- Deliver it through the same channel that distributes the rest of your Bifrost deployment configuration
Restart the gateway to load the plugin:
bifrost --config config.yamlBifrost logs registered plugins on startup. Confirm the capsule plugin appears in the output.
Trigger a tool call through the gateway.
Log in to the Capsule Security portal.
Navigate to Inventory > Agents and confirm a Bifrost agent appears.
Click the agent and review the audit logs to verify pre-call and post-call events are captured.
If events are not appearing:
Verify the endpoint is reachable from the gateway host:
curl -sS -o /dev/null -w "%{http_code}\n" https://agents.capsule.security/v1/bifrost/hooks/events/preVerify the JWT is valid — a 401 response from the endpoint means the token is missing, expired, or scoped to a different environment.
Check for timeouts — if your network has high latency to the Capsule endpoint, increase
timeout_msor confirmfail_openis set appropriately.Confirm the plugin is loaded — Bifrost logs registered plugins on startup; the Capsule plugin registers as
capsule.Contact Capsule Security support if issues persist.
The Capsule plugin runs in-process inside the Bifrost gateway and observes every outbound tool call. Before deploying:
- Protect the JWT — anyone with the token can post events on behalf of your tenant. Rotate it through the portal if it is exposed.
- Choose
fail_opendeliberately —true(the default) prioritizes availability and lets tool calls through when Capsule is unreachable;falseprioritizes policy enforcement and blocks tool calls when Capsule cannot be reached. - ABI-pin the plugin — rebuild
capsule.sowhenever you upgrade Bifrost to avoid loader panics from Go plugin ABI mismatches. - Use TLS-only endpoints. The plugin sends a Bearer token on every request — never configure an
http://endpoint outside local development.
For help with this integration:
- Email: support@capsule.security
- Include: Your organization ID, integration status, plugin version (
git rev-parse HEADin thebifrost-plugindirectory), and any error messages