MCP Gateway – Flexible Proxy for Model Context Protocol Servers

A flexible and extensible proxy gateway for MCP (Model Context Protocol) servers, providing enterprise-grade middleware capabilities including authentication, authorization, rate limiting (coming soon), and observability.

MCP Gateway acts as a centralized proxy that sits between your AI applications and MCP servers, providing:

• 🔐 Security First: OAuth2/JWT authentication with fine-grained permissions
• 📊 Enterprise Observability: Built-in Prometheus metrics and structured logging
• 🔄 High Availability: Automatic reconnection, heartbeat monitoring, and resilient proxy
• ⚙️ Flexible Configuration: Support for multiple MCP servers with individual authentication
• 📈 Production Ready: Docker support, graceful shutdown, and comprehensive error handling

• OAuth2/JWT Integration: Seamless integration with identity providers
• Fine-grained Permissions: Tool-level access control based on user scopes and groups
• Flexible Claim Mapping: Map JWT claims to internal permission scopes

Supported Auth Providers:

• ✅ Okta - Full OAuth2/JWT support with claim mapping
• 🔄 More providers coming soon (contributions welcome!)

MCP Gateway serves as a unified entry point for multiple MCP servers, allowing you to:

• Centralize access to all your MCP tools through a single endpoint
• Unify authentication across different backend servers
• Namespace tools to avoid conflicts between servers (server:tool_name)
• Apply consistent security policies regardless of the backend implementation

• Multi-Server Support: Proxy requests to multiple MCP servers simultaneously
• Tool Namespacing: Automatic prefixing to avoid naming conflicts (server:tool_name)
• Connection Management: Automatic reconnection and connection pooling
• Heartbeat Monitoring: Configurable health checks for backend servers

• Prometheus Metrics: Built-in metrics for tools called, errors, and performance
• Structured Logging: JSON and text logging with configurable levels
• Health Endpoints: /live and /ready endpoints for container orchestration
• Request Tracing: Correlation IDs for request tracking

• Periodic Tool Discovery: Regular re-interrogation of tools exposed by proxied servers
• Error Handling: Retry logic with exponential backoff
• Graceful Shutdown: Clean termination of connections and requests

MCP Gateway uses a YAML configuration file with environment variable substitution:

The configuration above uses environment variables for sensitive values. The exact variables depend on your OAuth provider and MCP servers configuration.

💡 Tip: Use mcp-inspector to discover and test your MCP servers before configuring the gateway:

MCP Gateway provides OAuth2 resource server capabilities:

Built-in Prometheus metrics include:

• mcp_gateway_tools_called - Number of tool calls by tool and proxy
• mcp_gateway_tools_call_errors - Number of failed tool calls
• mcp_gateway_tools_call_success - Number of successful tool calls
• mcp_gateway_list_tools - Number of list tools requests

Fine-grained access control based on JWT claims:

• Go 1.24.3 or later
• Docker (optional)
• Make (optional)

We welcome contributions! Please see our Contributing Guidelines for details.

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

• Issues: GitHub Issues

• Model Context Protocol - The protocol this gateway implements
• mark3labs/mcp-go - Go implementation of MCP
• Echo Framework - Web framework

Made with ❤️ by Matthis Holleville