Step-by-step instructions to connect Claude (Desktop & web), ChatGPT, Cursor, and other clients to the Safeguard MCP server.

Connector Setup

The Safeguard MCP server is hosted at:

SSE endpoint: https://mcp.safeguard.sh/mcp/sse
HTTP streaming endpoint: https://mcp.safeguard.sh/mcp/http
Auth: Bearer token — your Safeguard API key (starts with sg_api_).

Generate or rotate your API key at app.safeguard.sh/settings/api-keys.

Claude Desktop

Claude Desktop supports MCP natively via claude_desktop_config.json.

Config location

OS	Path
macOS	`~/Library/Application Support/Claude/claude_desktop_config.json`
Windows	`%APPDATA%\Claude\claude_desktop_config.json`
Linux	`~/.config/Claude/claude_desktop_config.json`

Config

{
  "mcpServers": {
    "safeguard": {
      "url": "https://mcp.safeguard.sh/mcp/sse",
      "transport": "sse",
      "env": {
        "SAFEGUARD_API_KEY": "sg_api_your_key_here"
      }
    }
  }
}

Restart Claude Desktop. The safeguard tools should appear in the tool picker.

Claude on the Web (claude.ai)

claude.ai supports remote MCP servers through the Connectors interface.

Sign in to claude.ai.
Open Settings → Connectors.
Click Add custom connector.
Fill in:
- Name: Safeguard
- Server URL: https://mcp.safeguard.sh/mcp/sse
- Authentication: Bearer token
- Token: your sg_api_... API key
Click Connect. Claude will verify the server and list the 35+ available tools.
In any conversation, click the tools icon to enable the Safeguard connector for that chat, or set it as always-on.

Claude Code

Claude Code (the CLI) uses the same MCP protocol. Add Safeguard as a project MCP server:

claude mcp add safeguard \
  --url https://mcp.safeguard.sh/mcp/sse \
  --transport sse \
  --env SAFEGUARD_API_KEY=sg_api_your_key_here

Or add it to ~/.claude/mcp.json manually:

{
  "servers": {
    "safeguard": {
      "url": "https://mcp.safeguard.sh/mcp/sse",
      "transport": "sse",
      "env": {
        "SAFEGUARD_API_KEY": "sg_api_your_key_here"
      }
    }
  }
}

Restart Claude Code; tools appear under the mcp__safeguard__* namespace.

ChatGPT (Connectors / Custom GPT)

ChatGPT supports MCP through its Connectors feature (available on ChatGPT Business, Enterprise, and Team plans as of 2025).

Add the connector

Open chatgpt.com.
Go to Settings → Connectors → Add connector → Custom MCP server.
Fill in:
- Name: Safeguard
- Description: Software supply chain security tools
- MCP Server URL: https://mcp.safeguard.sh/mcp/sse
- Authentication: API Key (Bearer)
- API key: sg_api_your_key_here
Click Connect. ChatGPT validates the connection and lists the available tools.
Enable the connector in a chat via the tools menu, or pin it to a Project so it's always available there.

Custom GPT (legacy)

If your workspace has Custom GPTs enabled:

Create a new Custom GPT.
Under Configure → Actions, add a new action.
Choose Import MCP server.
Paste the endpoint https://mcp.safeguard.sh/mcp/sse.
Under Authentication, select API Key → Bearer and paste your sg_api_... key.
Save. The GPT can now call all Safeguard tools.

Programmatic (Assistants API)

For the OpenAI Assistants API, create a connector:

curl https://api.openai.com/v1/assistants \
  -H "Authorization: Bearer $OPENAI_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Safeguard SecOps",
    "model": "gpt-4.1",
    "tools": [
      {
        "type": "mcp",
        "mcp": {
          "server_url": "https://mcp.safeguard.sh/mcp/sse",
          "server_label": "safeguard",
          "authorization": "Bearer sg_api_your_key_here"
        }
      }
    ]
  }'

Cursor

Cursor supports MCP via ~/.cursor/mcp.json:

{
  "mcpServers": {
    "safeguard": {
      "url": "https://mcp.safeguard.sh/mcp/sse",
      "transport": "sse",
      "env": {
        "SAFEGUARD_API_KEY": "sg_api_your_key_here"
      }
    }
  }
}

Restart Cursor. Tools are available in Cursor chat.

Continue.dev

In ~/.continue/config.json:

{
  "mcpServers": [
    {
      "name": "safeguard",
      "url": "https://mcp.safeguard.sh/mcp/sse",
      "transport": "sse",
      "env": {
        "SAFEGUARD_API_KEY": "sg_api_your_key_here"
      }
    }
  ]
}

Gemini (MCP-over-HTTP)

Gemini's tool-use harness accepts MCP-over-HTTP endpoints. Configure in the Gemini CLI's ~/.gemini/mcp.json:

{
  "mcpServers": {
    "safeguard": {
      "url": "https://mcp.safeguard.sh/mcp/http",
      "transport": "http",
      "env": {
        "SAFEGUARD_API_KEY": "sg_api_your_key_here"
      }
    }
  }
}

Grok

Grok's enterprise console supports custom MCP connectors. Go to Workspace → Connectors → Add MCP and paste:

URL: https://mcp.safeguard.sh/mcp/sse
Auth: Bearer, sg_api_...

Self-Hosted MCP

Enterprise customers can run the MCP server inside their own VPC. The Helm chart publishes the same tool surface as the hosted server, but behind your network perimeter:

helm install safeguard-mcp safeguard/mcp-server \
  --namespace safeguard-system \
  --set tenant.id=$SAFEGUARD_TENANT \
  --set tenant.apiKey=$SAFEGUARD_API_KEY

Then point clients at https://mcp.internal.yourcompany.com/mcp/sse.

Verifying the Connection

In any client, ask: "What Safeguard tools do you have?"

A working connection lists tools like safeguard_find_vulnerabilities, safeguard_remediate_npm, and safeguard_get_sbom. If the list is empty, see Troubleshooting on the MCP index page.

MCP Server overview — the full tool surface and feature matrix.
API Reference — direct REST API if you prefer not to use MCP.
Desktop Application — pairs well with any MCP-aware client.

Connector Setup (Claude, ChatGPT, Others)