Quincy vs Lasso MCP Gateway¶
AI agents that can call tools, read files, and hit APIs need guardrails. There's more than one way to provide them. Quincy and Lasso MCP Gateway both address this problem, but they take different approaches and target different needs. This page explains what each tool does, where they overlap, and when you'd choose one over the other.
What Lasso MCP Gateway Does¶
Lasso MCP Gateway is an open-source Python tool that acts as a transparent proxy between your MCP client (Claude Desktop, Cursor, or any MCP-compatible agent) and the MCP servers it connects to. You install it alongside your existing setup — it doesn't replace anything.
The gateway intercepts every request and response flowing between the client and its MCP servers, then runs them through a plugin pipeline. Three plugins are available:
- Basic — masks common secrets like API tokens, AWS keys, and JWT tokens so they don't reach the language model
- Presidio — detects and redacts personally identifiable information (credit card numbers, phone numbers, emails, SSNs) using Microsoft's PII detection library
- Lasso — provides prompt injection detection and harmful content filtering via Lasso Security's cloud API
Lasso also includes a security scanner that evaluates MCP server reputation before loading — checking marketplace presence, GitHub metrics, and tool descriptions for hidden instructions. Servers that score below a safety threshold are blocked automatically.
Configuration is done by editing a JSON file (mcp.json). Changes require restarting the gateway.
What Quincy Does Differently¶
Quincy's MCP firewall provides tool filtering similar to Lasso — you can control exactly which tools external agents see when they connect to Quincy over MCP. But Quincy adds something Lasso doesn't have: human-in-the-loop approval. You can set per-tool approval policies so that certain actions require your explicit confirmation before they execute. For example, you might allow read operations automatically but require approval for writes, or block destructive operations entirely. This means you stay in the decision loop at runtime, not just when you write the configuration.
Lasso's guardrails are fully automated — they mask, detect, and block based on pre-defined rules. That's the right approach when you know your threat model up front and want hands-off enforcement. Quincy's approval system is designed for situations where the right answer depends on context that a static rule can't capture — where you want to see what's about to happen and decide in the moment.
Beyond the proxy layer, Quincy is a complete agent platform. It runs its own language models (locally or via cloud providers), manages an orchestrator that delegates to specialist sub-agents, enforces per-agent tool restrictions in code, stores secrets in the macOS Keychain where the AI never sees them, and maintains persistent memory across sessions. The MCP firewall is one capability within a broader system — not the whole product. You configure it by talking to Quincy in natural language, and changes take effect immediately without a restart.
Comparison¶
| Lasso MCP Gateway | Quincy | |
|---|---|---|
| Approach | Transparent proxy for existing MCP clients | Agent platform with built-in MCP firewall |
| Tool filtering | Via gateway proxy | Configurable per-tool visibility with pattern matching |
| Human-in-the-loop approval | No — automated guardrails only | Yes — per-tool approval policies |
| Secret protection | Token masking in responses | Secrets stored in macOS Keychain, never sent to the AI |
| PII scanning | Yes (Presidio plugin) | No |
| Prompt injection detection | Yes (Lasso cloud plugin) | No |
| Agent orchestration | No — infrastructure layer only | Yes — orchestrator, sub-agents, delegation |
| Local model support | N/A (not an agent platform) | Yes — local, cloud, or hybrid |
| Configuration | JSON files, restart required | Natural-language conversation, hot-reloaded at runtime |
| Platform | Python, cross-platform | macOS native app |
| Cloud dependency | Optional (Lasso plugin requires cloud API) | Optional (cloud model providers) |
When to Use Which¶
Lasso MCP Gateway is the right choice if you already have a working MCP setup — Claude Desktop, Cursor, or another client — and you want to add automated security scanning without changing your workflow. Install the gateway, pick your plugins, and your existing tools keep working with an added protection layer. It's especially strong at PII detection and prompt injection scanning, which Quincy doesn't offer. Best when your guardrails are known up front and you want them enforced automatically.
Quincy is the right choice if you want a complete agent platform where security controls are part of the system, not bolted on. You configure the MCP firewall by talking to Quincy — no JSON editing required — and changes take effect immediately. It's a better fit for agentic workflows where you want to stay involved in the decision loop at runtime, approving or denying individual tool calls based on context rather than relying solely on pre-defined rules.
Using them together could work in theory — you could run an MCP server through Lasso for automated PII scanning, then bridge it into Quincy for approval policies and agent orchestration. This combination hasn't been tested, but the architectures are compatible since both speak standard MCP.