Skip to main content
ThornGuard is Qwady’s edge security gateway for the Model Context Protocol. It sits between your AI client and your upstream MCP server, inspects every request, redacts sensitive data in both directions, and keeps a structured audit trail of what happened. The public routing model is intentionally split:
  • https://thorns.qwady.app is the public landing page plus MCP/API host.
  • https://thorns.qwady.io is the live dashboard.
  • https://qwady.wiki/thornguard/* is the documentation source you are reading now.

Why It Exists

MCP makes AI clients dramatically more capable, but it also expands the blast radius of bad prompts, prompt injection, compromised upstream tools, and accidental data leakage. Without a gateway, an AI client can be tricked into:
  1. Sending destructive tool payloads or shell-like commands upstream.
  2. Exfiltrating secrets, PII, and credentials back into model context.
  3. Probing internal services or metadata endpoints through user-controlled target URLs.
  4. Overusing upstream tools through loops or runaway agent behavior.

What ThornGuard Does

Transport Hardening

Validates HTTPS targets, enforces Origin checks when enabled, and performs DNS-aware SSRF protection before proxying traffic upstream.

Ingress Blocking

Validates JSON-RPC structure, blocks malicious command signatures, honors tenant blocklists, and supports structured policy rules.

Egress DLP

Redacts built-in PII and secret patterns from JSON and SSE responses, and can layer enterprise custom redaction rules on top.

Audit and Correlation

Writes structured audit logs with public log_id, trace_id, optional policy metadata, and response correlation headers.

Access Control

Supports license keys, enterprise team tokens, and additive OAuth/JWT interoperability for HTTP clients when enabled.

Platform Controls

Adds policy rules, webhook integrations, tool inventory, approval flows, and redaction packs as the platform matures.

Current Product Surface

Today, ThornGuard ships in two layers:
  • The public landing page plus gateway and management API on thorns.qwady.app, which owns marketing, proxying, auth, audits, policy rules, integrations, approvals, tool inventory, and redaction rules.
  • The dashboard UI on thorns.qwady.io, which exposes login, telemetry, audit logs, settings, platform controls, and team token management.
Some dashboard sections are feature-flagged and role-gated. The Platform tab can surface policies, webhook integrations, tool inventory, approvals, and custom redaction rules when those backend features are enabled for the current environment and credential.

Edge Architecture

ThornGuard runs on Cloudflare’s edge stack:
  • Workers handle routing, proxying, auth, redaction, and SSE processing.
  • D1 stores audit logs, tenant settings, policies, integrations, tools, approvals, and redaction rules.
  • KV caches license validation, settings, DNS lookups, and approval/client capability hints.
  • Durable Objects provide the primary per-license rate limiter.
  • Queues deliver outbound webhook events asynchronously.

Where To Go Next

  • Start with Quickstart to route Claude Desktop through ThornGuard.
  • See Pricing to compare Individual and Enterprise plans.
  • Read Security Features for the request pipeline.
  • See Dashboard for the live UI surface.
  • See Auth & API for management routes, OAuth metadata, and response headers.