Claude Desktop
Connect Claude Desktop to LatchGate so every tool call goes through the execution security kernel.
Prerequisites
Section titled “Prerequisites”- LatchGate running (
latchgate upor production deployment) latchgate-mcpbinary on PATH (from GitHub Releases orbrew install latchgate-ai/tap/latchgate)
Automatic setup
Section titled “Automatic setup”latchgate-mcp install --ide claudeThis writes the MCP server entry to Claude Desktop’s config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Linux:
~/.config/Claude/claude_desktop_config.json - Windows:
%APPDATA%/Claude/claude_desktop_config.json
Restart Claude Desktop to pick up the new configuration.
Manual setup
Section titled “Manual setup”Add to your claude_desktop_config.json:
{ "mcpServers": { "latchgate": { "command": "/usr/local/bin/latchgate-mcp", "args": ["serve", "--gate-url", "http://localhost:3000"], "env": { "LATCHGATE_AGENT_ID": "claude-desktop", "RUST_LOG": "warn" } } }}Adjust the binary path if installed elsewhere. Use which latchgate-mcp to find it.
End-to-end verification
Section titled “End-to-end verification”- Start LatchGate:
latchgate up - Install config:
latchgate-mcp install --ide claude - Restart Claude Desktop — LatchGate tools should appear in the tools list.
- Ask Claude to perform an action (e.g. “fetch https://httpbin.org/get”).
- Verify the audit trail:
latchgate audit --limit 5 - Confirm the full pipeline: lease => policy => WASM sandbox => receipt.
Production (UDS transport)
Section titled “Production (UDS transport)”For production, replace --gate-url with UDS + public base URL:
{ "mcpServers": { "latchgate": { "command": "/usr/local/bin/latchgate-mcp", "args": ["serve", "--public-base-url", "http://localhost:3000"], "env": { "LATCHGATE_AGENT_ID": "claude-desktop", "RUST_LOG": "warn" } } }}This connects via /run/latchgate/gate.sock (default) — no TCP exposure.
For production hardening with UDS transport, see Deployment.