.app should hand off to .io.
Authentication
Log in with your ThornGuard license key (the same key used in yourx-thornguard-license header). Team tokens with admin or viewer roles can also access the dashboard.
Current UI Surface
Today, the dashboard exposes four main areas:- Dashboard: telemetry, threat breakdown, and audit logs
- Settings: core tenant settings and audit export/purge controls
- Platform: policies, webhook integrations, tool inventory, approval controls, and custom redaction rules
- Team (Enterprise): team token creation and revocation
Some Platform sections are still feature-flagged or permission-gated. Viewer
tokens can inspect safe read-only areas like tool inventory, while owner or
admin credentials are required for mutating controls such as policies,
webhook endpoints, approvals, and custom redaction rules.
Dashboard Page
The main dashboard page shows real-time telemetry for your MCP traffic:Stat Cards
Five summary cards at the top of the dashboard:- Total Requests — total number of requests processed
- Threats Blocked — count of all blocked actions plus PII redactions
- Success Rate — percentage of requests that passed through successfully
- SSE Streams — number of SSE stream connections established
- Avg Response Time — average proxy response time in milliseconds
Request Volume Chart
An area chart showing request volume over time with configurable ranges: 1 Day, 7 Days, 30 Days, or 90 Days.Threat Breakdown
A categorized breakdown of all threat types detected:- Malicious Commands
- Transport & SSRF
- Rate Limited
- Auth Failures
- Policies & Approvals
- Redaction & Custom Rules
Top MCP Targets
Lists the most-requested upstream MCP server URLs with request counts.Recent Blocked Threat
Shows the most recent blocked request with action type, target, method, and timestamp.Log Table
A filterable, paginated table of all audit log entries with:- Filters: Action type, date range (1h / 24h / 7d / 30d), and free-text search
- Columns: Time (UTC), Target MCP, RPC Method, Action, Details
- Detail Panel: Click any row to expand a detail panel showing the full event payload returned by the API
- Pagination: 50 results per page with page navigation
Real-Time Updates
The dashboard polls for new data every 10 seconds automatically. Polling pauses when a log detail panel is open to prevent UI disruption.Settings Page
The Settings page currently exposes the account controls available in the live UI:- IP Whitelist (Enterprise) — restrict access to specific client IPs. See IP Whitelisting.
- Custom Domain Blocklist (Enterprise) — block specific upstream domains. See Custom Blocklists.
- Custom Command Patterns (Enterprise) — block specific command patterns.
- Data Retention — configure how long audit logs are kept.
- Export — download your audit trail as CSV or JSON.
- Danger Zone — permanently delete all audit logs (GDPR compliance).
Platform Page
The Platform page is the control surface for newer ThornGuard backend features:- Structured Policies — create, edit, disable, and delete customer rules over methods, domains, JSON selectors, content patterns, and tool-risk context.
- Webhook Integrations — manage outbound webhook endpoints, queue test deliveries, and inspect recent delivery status.
- Tool Inventory — view observed upstream tools, metadata hints, risk scores, and last-seen timestamps.
- Approval Profiles — define when risky or policy-matched
tools/callrequests require explicit approval. - Approval Queue — inspect pending approval requests and approve or deny them directly from the UI.
- Custom Redaction Rules — add enterprise regex rules in
auditorredactmode on top of ThornGuard’s built-in PII detection.