> ## Documentation Index
> Fetch the complete documentation index at: https://docs.passportmcp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Passport

> A governed gateway for company tools. Connect through MCP or Passport CLI, with every call attributed, scanned, and audited.

Passport connects your apps to AI clients through one governed gateway. Start with the focused personal product: choose an app, connect your account, attach an AI client through native MCP or Passport CLI, and see every call in Activity. Enterprise adds workspace-wide policy and rollout without changing that personal setup flow.

The noun throughout these docs is "MCP" (the servers your AI uses for tools). "AI clients" are the apps that call them, such as Claude, Cursor, and ChatGPT.

## Personal first, workspace controls when needed

Free and Pro stay focused on getting a person connected. Enterprise admins are users too: Apps and AI Clients open on **For me**, while **Manage workspace** and the Workspace controls navigation expose the organization-wide control plane.

<CardGroup cols={2}>
  <Card title="Your Passport" icon="plug">
    Browse the full verified catalog, connect your accounts and AI clients, choose personal safety preferences, and review your own Activity. Included on every plan.
  </Card>

  <Card title="Enterprise workspace controls" icon="shield-halved">
    Manage people and teams, catalog approvals, scoped rollout, client fleets, custom guardrails, and organization-wide audit.
  </Card>
</CardGroup>

Both experiences use the same gateway. It exposes only the tools a person or agent can use, calls the upstream MCP on their behalf, and records the result. Enterprise controls narrow that same execution path; they do not create a separate one.

## What Passport gives you

<CardGroup cols={2}>
  <Card title="Attribution" icon="fingerprint">
    Every call is tied to a real person or a named agent identity, not a shared key.
  </Card>

  <Card title="Guardrails" icon="filter">
    Inputs and results are scanned. Built-in secret detection protects every plan; Enterprise custom rules can block, redact, or alert.
  </Card>

  <Card title="Least privilege" icon="key">
    Read-only access hides write tools entirely. Enterprise can add team rules, per-person overrides, and managed rollout.
  </Card>

  <Card title="Audit and export" icon="file-export">
    Personal Activity shows what your AI clients did. Enterprise adds the privileged-action audit trail and SIEM or OTLP streaming.
  </Card>
</CardGroup>

## Quickstart

<Steps>
  <Step title="Connect an app">
    Create a workspace and connect your first MCP from Apps. See the [workspace owner quickstart](/quickstart/admin).
  </Step>

  <Step title="Connect your AI clients">
    Members choose native MCP for GUI and hosted clients or [Passport CLI](/quickstart/cli) for terminal and headless agents, then connect their accounts. See the [member quickstart](/quickstart/member).
  </Step>

  <Step title="Watch the first governed call">
    Make a tool call from any connected AI client and watch it appear, attributed, in Activity.
  </Step>
</Steps>

<Note>
  Passport is available as a hosted service at [passportmcp.com](https://passportmcp.com) and as a container you can self-host. See [Self-host](/self-host) for the single-container deployment.
</Note>
