{"slug": "mcp-gateway", "title": "MCP-Gateway", "summary": "MCP Gateway, a new tool and capability gateway, allows AI clients to access unlimited backend tools without loading every tool definition into the context window, reducing token overhead by up to 89%. The system replaces hundreds of tool definitions with a compact 14-17 tool Meta-MCP surface, discovering the correct backend tool on demand, and supports REST APIs via YAML files or OpenAPI specs instead of requiring dedicated MCP servers. The gateway eliminates the tradeoff between tool quantity and context limits, with benchmarks showing a cost reduction from $0.22 to $0.024 per request at scale.", "body_md": "**Give your AI access to every tool it needs -- without burning your context window or building MCP servers.**\n\n[Five MCP hot-reload tools compared](https://ruachtov.ai/blog/five-tools-mcp-restart.html)-- Ruach Tov Collective's BPD-based comparison of mcp-gateway against four restart-focused alternatives. Includes a feature matrix and architectural analysis.[mcp-gateway deep dive](https://ruachtov.ai/blog/mcp-gateway-deep-dive.html)-- Detailed walkthrough of the capability system, SHA-256 integrity pinning, and the v2.5-to-v2.9 development arc.\n\nMCP Gateway sits between your AI client and your tools. Instead of loading hundreds of tool definitions into every request, the AI gets a compact Meta-MCP surface -- 14 tools minimum, 16 in the README benchmark scenario, 17 when webhook status is surfaced -- and discovers the right backend tool on demand.\n\nPublic quantitative claims in this README are sourced from [docs/BENCHMARKS.md](/MikkoParkkola/mcp-gateway/blob/main/docs/BENCHMARKS.md) and the machine-readable [benchmarks/public_claims.json](/MikkoParkkola/mcp-gateway/blob/main/benchmarks/public_claims.json), with CI checks to catch drift.\n\nMCP Gateway is a **tool and capability gateway**. It routes MCP tool/resource/prompt traffic to backend MCP servers and capability-backed REST APIs, and it can proxy MCP server-to-client requests like `sampling/createMessage`\n\n, `elicitation/create`\n\n, and `roots/list`\n\nback to the connected client over the existing gateway session.\n\nMCP Gateway is **not** a general OpenAI/Anthropic chat completions or embeddings gateway. When a backend asks for `sampling/createMessage`\n\n, the connected client still performs the model call. The OpenAI-compatible prompt-cache helpers in the gateway exist only so `gateway_invoke`\n\ncan preserve `prompt_cache_key`\n\nbehavior for backends or capabilities that happen to call LLM APIs internally.\n\n**The context window is the bottleneck.** Every MCP tool you connect costs ~150 tokens of context overhead. Connect 20 servers with 100+ tools and you've burned 15,000 tokens before the conversation starts -- on tool definitions the AI probably won't use this turn.\n\nWorse: context limits force you to **choose** which tools to connect. You leave tools out because they don't fit -- and your AI makes worse decisions because it can't reach the right data.\n\nMCP Gateway removes that tradeoff entirely.\n\n| Without Gateway | With Gateway | |\n|---|---|---|\nTools in context |\nEvery definition, every request | 16 Meta-MCP tools in the README benchmark (~1600 tokens) |\nToken overhead |\n~15,000 tokens (100 tools) | ~1600 tokens -- 89% savings |\nCost at scale |\n~$0.22/request (Opus input) | ~$0.024/request -- $201 saved per 1K |\nPractical tool limit |\n20-50 tools (context pressure) | Unlimited -- discovered on demand |\nConnect a new REST API |\nBuild an MCP server (days) | Drop a YAML file or import an OpenAPI spec (minutes) |\nChanging MCP config |\nRestart AI session, lose context | Restart gateway (~8ms), session stays alive |\nWhen one tool breaks |\nCascading failures | Circuit breakers isolate it |\n\nThe base discovery quartet (`gateway_list_servers`\n\n, `gateway_list_tools`\n\n, `gateway_search_tools`\n\n, `gateway_invoke`\n\n) stays constant. The README benchmark scenario also surfaces stats, cost report, playbooks, profile controls, disabled-capability visibility, and reload for a 15-tool surface. Surfacing webhook status adds the 16th tool.\n\n| Alternative | What it does | Why MCP Gateway is different |\n|---|---|---|\nDirect MCP connections |\nEach server connected individually | Every tool definition loaded every request. 100 tools = 15K tokens burned. Gateway: a small fixed 13-16 tool surface instead of every backend tool. |\nClaude's ToolSearch |\nBuilt-in deferred tool loading | Only works with tools already configured. Gateway adds unlimited backends + REST APIs without MCP servers. |\nArchestra |\nCloud-hosted MCP registry | Requires cloud account, sends data to third party. Gateway is local-only, zero external dependencies. |\nKong / Portkey |\nGeneral API gateways | Not MCP-aware. No meta-tool discovery, no tool search, no capability YAML system. |\nBuilding fewer MCP servers |\nReduce tool count manually | You lose capabilities. Gateway lets you keep everything and pay the token cost of the compact Meta-MCP surface. |\n\nOn 2026-05-19 Anthropic shipped [Claude Managed Agents](https://claude.com/blog/claude-managed-agents-updates) with self-hosted sandboxes (public beta) and [MCP tunnels](https://platform.claude.com/docs/en/agents-and-tools/mcp-tunnels/overview) (research preview). MCP tunnels let a Claude agent reach a single MCP server inside a private network through one outbound connection from a lightweight gateway -- no inbound firewall rules, no public endpoint, encrypted end-to-end.\n\nmcp-gateway and Anthropic's MCP tunnel sit at **different layers** and **compose**. The tunnel is reachability plumbing for **one** private MCP server. mcp-gateway is the aggregation, routing, capability-namespacing and observability layer across many MCP and REST backends. When both are deployed, **mcp-gateway becomes the private MCP server that Anthropic's tunnel exposes** -- one tunnel, one outbound connection, every backend behind it.\n\n| Concern | Anthropic MCP tunnel | mcp-gateway | Boundary |\n|---|---|---|---|\nBackend topology |\nSingle MCP server per tunnel, exposed through one outbound connection (\n|\n\n`src/gateway/`\n\n, `capabilities/*.yaml`\n\n)**Tool routing**`gateway_search_tools`\n\n/ `gateway_invoke`\n\ndiscovery (`src/gateway/`\n\n); SHA-256 pinning per capability (`src/capability/hash.rs`\n\n)**Observability**`trace_id`\n\nand cost-accounting across every backend invocation (`src/cost_accounting/`\n\n, `src/gateway/`\n\n)**Complementary, not a replacement.** A team that wants Claude Managed Agents to reach a private-network deployment of mcp-gateway uses the tunnel for reachability and mcp-gateway for fan-out, capability hygiene, OWASP Agentic AI controls ([docs/OWASP_AGENTIC_AI_COMPLIANCE.md](/MikkoParkkola/mcp-gateway/blob/main/docs/OWASP_AGENTIC_AI_COMPLIANCE.md)), and unified cost / trace telemetry. The two solve adjacent problems.\n\nConnecting N MCP servers to an agent means accepting N attack surfaces. Tool poisoning, rug pulls, and exfiltration via hidden instructions in tool descriptions are demonstrated attacks, not hypotheticals. Invariant Labs' writeup ([MCP Security Notification: Tool Poisoning Attacks](https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks)) and Simon Willison's summary ([MCP has prompt injection security problems](https://simonwillison.net/2025/Apr/9/mcp-prompt-injection/)) lay out the threat model.\n\nmcp-gateway puts every backend tool description behind one audit surface and defends it structurally:\n\n**Tool-poisoning validator (AX-010).** Every backend tool description is scanned before it reaches the agent's context window. HIGH patterns fail-closed:``\n\nblocks,`~/.ssh`\n\n/`~/.aws`\n\n/`id_rsa`\n\n/`.env`\n\n/`/etc/passwd`\n\n,`sidenote`\n\nexfiltration language,`curl .* https?://`\n\n,`base64`\n\nin exfil context. MEDIUM patterns warn: 40+ consecutive spaces, zero-width / bidi-override Unicode, oversized descriptions. Implementation:(19 tests).`src/validator/rules/tool_poisoning.rs`\n\n**SHA-256 capability hash-pinning.**`mcp-gateway cap pin `\n\nwrites a`sha256:`\n\nline over the file's canonical hash (`grep -v '^sha256:' capability.yaml | sha256sum`\n\nis reproducible from any shell). The loader refuses any mismatched file on load and on every watcher event.**Rug-pull detection.** When a pinned capability's on-disk content changes after approval, the watcher unloads it and logs`RUG-PULL DETECTED`\n\n. The capability stays quarantined until an operator re-pins. Implementation:and`src/capability/hash.rs`\n\n`detect_rug_pulls`\n\nin.`src/capability/backend.rs`\n\n**Centralized audit surface.** Capability YAMLs are plain text, diffable, grep-able, PR-reviewable. The agent only ever sees the compact Meta-MCP surface (13-16 tools). No N-server tool-list pollution means no N-server attack surface.\n\nFull walkthrough, PoC snippets, and roadmap: [docs/blog/security-aware-mcp-gateway.md](/MikkoParkkola/mcp-gateway/blob/main/docs/blog/security-aware-mcp-gateway.md).\n\n**OWASP Agentic AI Top 10.** Controls are mapped across all 10 risks, with explicitly tracked partial/out-of-scope gaps for multi-gateway signing, tool-result sandboxing, collusion detection, and remote-server provenance. See[docs/OWASP_AGENTIC_AI_COMPLIANCE.md](/MikkoParkkola/mcp-gateway/blob/main/docs/OWASP_AGENTIC_AI_COMPLIANCE.md).\n\n**OpenAPI importer.**`mcp-gateway cap import `\n\nturns an OpenAPI 3 spec into one validated capability YAML per operation. The full Swagger Petstore spec becomes 19 validated capability YAMLs end-to-end:22 tests across\n\n``` python\nmcp-gateway cap import https://petstore3.swagger.io/api/v3/openapi.json --output capabilities/ --prefix petstore\n```\n\nand`src/capability/openapi.rs`\n\n.`tests/openapi_import_tests.rs`\n\n**Tell your AI assistant** (recommended):\n\nRead\n\n[https://github.com/MikkoParkkola/mcp-gateway]and install mcp-gateway to consolidate all my MCP servers behind one gateway\n\nYour agent will install the binary, run the setup wizard, import your existing MCP servers, and wire itself up. Works in Claude Code, Cursor, Windsurf, Codex, and any AI with terminal access.\n\n**Or four commands:**\n\n```\nbrew install MikkoParkkola/tap/mcp-gateway # 1. install\nmcp-gateway setup wizard --configure-client # 2. import existing servers + wire up clients\nmcp-gateway serve # 3. run\nmcp-gateway doctor # 4. verify everything is healthy\n```\n\nThat's it. Your AI clients now talk to the gateway and the gateway routes to every backend you already had configured — at a flat `~15 tools`\n\ninstead of `~150`\n\n. Start with `gateway_search_tools`\n\nfrom your AI client to find any backend tool, then invoke it with `gateway_invoke`\n\n.\n\nNothing to import yet?`mcp-gateway init --with-examples`\n\nwrites a working`gateway.yaml`\n\nwith public capabilities so you can confirm the gateway is alive before adding your own servers.\n\n| Method | Command |\n|---|---|\nHomebrew (macOS/Linux, recommended) |\n`brew install MikkoParkkola/tap/mcp-gateway` |\nCargo |\n`cargo install mcp-gateway` |\ncargo-binstall |\n`cargo binstall mcp-gateway` |\nDirect binary download (Windows x64) |\nDownload `mcp-gateway-windows-x86_64.exe` from the\n|\nDocker |\n`docker run -v $(pwd)/gateway.yaml:/config.yaml ghcr.io/mikkoparkkola/mcp-gateway:latest --config /config.yaml` |\n\n## Direct binary download\n\n```\n# macOS Apple Silicon\ncurl -L https://github.com/MikkoParkkola/mcp-gateway/releases/latest/download/mcp-gateway-darwin-arm64 -o mcp-gateway && chmod +x mcp-gateway\n\n# macOS Intel\ncurl -L https://github.com/MikkoParkkola/mcp-gateway/releases/latest/download/mcp-gateway-darwin-x86_64 -o mcp-gateway && chmod +x mcp-gateway\n\n# Linux x86_64\ncurl -L https://github.com/MikkoParkkola/mcp-gateway/releases/latest/download/mcp-gateway-linux-x86_64 -o mcp-gateway && chmod +x mcp-gateway\n# Windows x64 (PowerShell)\nInvoke-WebRequest -Uri https://github.com/MikkoParkkola/mcp-gateway/releases/latest/download/mcp-gateway-windows-x86_64.exe -OutFile mcp-gateway.exe\nmcp-gateway setup wizard --configure-client\n```\n\nScans Claude Desktop, Claude Code, Cursor, Zed, Continue.dev, Codex, and running MCP processes; lets you pick which servers to import into `gateway.yaml`\n\n; and writes the gateway entry back into each detected client config so they route through the gateway instead. Add `--yes`\n\nto skip the prompts and import everything.\n\n48 popular MCP servers are pre-registered with the right command, args, and env-var template. `mcp-gateway add`\n\nis `claude mcp add`\n\n/ `codex mcp add`\n\ncompatible:\n\n```\nmcp-gateway add tavily # known server, fills env vars\nmcp-gateway add my-server -- npx -y @some/mcp-server --flag # arbitrary stdio command\nmcp-gateway add --url https://mcp.sentry.dev/mcp sentry # HTTP server\nmcp-gateway add -e API_KEY=xxx my-server -- npx my-mcp-server\n```\n\n`mcp-gateway list`\n\nshows what's configured. `mcp-gateway remove `\n\nremoves one.\n\nFor the full schema reference, see [docs/QUICKSTART.md#configuration](/MikkoParkkola/mcp-gateway/blob/main/docs/QUICKSTART.md#configuration). Minimal example:\n\n```\nserver:\n port: 39400\n\nmeta_mcp:\n enabled: true\n\nbackends:\n tavily:\n command: \"npx -y @anthropic/mcp-server-tavily\"\n description: \"Web search\"\n env:\n TAVILY_API_KEY: \"${TAVILY_API_KEY}\"\n\n sentry:\n http_url: \"https://mcp.sentry.dev/mcp\"\n description: \"Sentry issues\"\nmcp-gateway serve # start the gateway\nmcp-gateway doctor # diagnose config, port, env vars, backend health\nmcp-gateway doctor --fix # auto-fix issues where possible\n```\n\nThe web dashboard is at [http://localhost:39400/ui](http://localhost:39400/ui) once `serve`\n\nis running.\n\n`setup export`\n\nwrites the gateway entry into client config files for you. It auto-detects the right path per client:\n\n```\nmcp-gateway setup export --target all # all detected clients\nmcp-gateway setup export --target claude-code # one client\nmcp-gateway setup export --target all --dry-run # preview without writing\nmcp-gateway setup export --target all --watch # regenerate on gateway.yaml changes\n```\n\n| Client | Config path |\n|---|---|\n`claude-code` |\n`~/.claude.json` |\n`claude-desktop` |\nplatform-specific |\n`cursor` |\n`.cursor/mcp.json` (workspace) |\n`vs-code-copilot` |\n`.vscode/mcp.json` (workspace) |\n`windsurf` |\n`~/.codeium/windsurf/mcp_config.json` |\n`cline` |\n`.cline/mcp_servers.json` (workspace) |\n`zed` |\n`~/.config/zed/settings.json` |\n\nModes: `--mode proxy`\n\n(HTTP), `--mode stdio`\n\n(subprocess), `--mode auto`\n\n(probe health endpoint, fall back).\n\n## Manual JSON snippet (if you prefer to edit by hand)\n\n```\n{\n \"mcpServers\": {\n \"gateway\": {\n \"type\": \"http\",\n \"url\": \"http://localhost:39400/mcp\"\n }\n }\n}\n```\n\nThe gateway exposes 14 Meta-MCP tools minimum, 16 in the README benchmark scenario, and 17 when webhook status is surfaced. The base discovery quartet stays fixed; the rest are operator helpers for stats, cost, playbooks, profile control, disabled-capability visibility, reload, and webhook status.\n\n**Token math** (Claude Opus @ $15/M input tokens, reproducible via `python benchmarks/token_savings.py --scenario readme`\n\n):\n\n**Without**: 100 tools x 150 tokens x 1,000 requests = 15M tokens =**$225****With (README benchmark)**: 16 Meta-MCP tools x 100 tokens x 1,000 requests = 1.6M tokens =**$24.00**\n\nTurn any REST API into a tool by dropping a YAML file (~30 seconds) or importing an OpenAPI spec:\n\n``` python\nmcp-gateway cap import stripe-openapi.yaml --output capabilities/ --prefix stripe\n```\n\nThe gateway ships with **110+ built-in capabilities** -- weather, Wikipedia, GitHub, stock quotes, package tracking, and more. Capability YAMLs hot-reload automatically after file changes, no restart needed.\n\nmcp-gateway now ships HeyGen video-generation capabilities in `capabilities/media/`\n\n:\n\n`video_agent_create`\n\n`video_create`\n\n`video_get`\n\n`video_download`\n\n`voice_list`\n\n`avatar_list`\n\nSetup:\n\n```\nexport HEYGEN_API_KEY=your-api-key\n```\n\nMake sure your config loads the built-in capability directory:\n\n```\ncapabilities:\n enabled: true\n directories:\n - ./capabilities\n```\n\nThe request schemas ship hand-written for the initial connector, but HeyGen's CLI can act as the schema source of truth for future regeneration:\n\n```\nheygen video-agent create --request-schema\nheygen video create --request-schema\n```\n\nMap that JSON into each capability's `schema.input`\n\nblock when refreshing the connector.\n\nExample end-to-end workflow:\n\n```\n# 1. Create the video with the Video Agent\nCREATE=$(curl -s http://127.0.0.1:39401/mcp \\\n -H 'Content-Type: application/json' \\\n -d '{\n \"jsonrpc\":\"2.0\",\n \"id\":1,\n \"method\":\"tools/call\",\n \"params\":{\n \"name\":\"gateway_invoke\",\n \"arguments\":{\n \"backend\":\"capabilities\",\n \"tool\":\"video_agent_create\",\n \"args\":{\"prompt\":\"A presenter explaining our product launch in 30 seconds\"}\n }\n }\n }')\n\nVIDEO_ID=$(printf '%s' \"$CREATE\" | jq -r '.result.content[0].text | fromjson | (.data.video_id // .video_id)')\n\n# 2. Poll until completed and fetch the downloadable URL\nVIDEO_URL=$(while true; do\n BODY=$(curl -s http://127.0.0.1:39401/mcp \\\n -H 'Content-Type: application/json' \\\n -d \"{\n \\\"jsonrpc\\\":\\\"2.0\\\",\n \\\"id\\\":1,\n \\\"method\\\":\\\"tools/call\\\",\n \\\"params\\\":{\n \\\"name\\\":\\\"gateway_invoke\\\",\n \\\"arguments\\\":{\n \\\"backend\\\":\\\"capabilities\\\",\n \\\"tool\\\":\\\"video_get\\\",\n \\\"args\\\":{\\\"video_id\\\":\\\"$VIDEO_ID\\\"}\n }\n }\n }\")\n STATUS=$(printf '%s' \"$BODY\" | jq -r '.result.content[0].text | fromjson | (.data.status // .status)')\n if [ \"$STATUS\" = \"completed\" ]; then\n printf '%s' \"$BODY\" | jq -r '.result.content[0].text | fromjson | (.data.video_url // .video_url)'\n break\n fi\n sleep 5\ndone)\n\n# 3. Download and save a local MP4\ncurl -s http://127.0.0.1:39401/mcp \\\n -H 'Content-Type: application/json' \\\n -d \"{\n \\\"jsonrpc\\\":\\\"2.0\\\",\n \\\"id\\\":1,\n \\\"method\\\":\\\"tools/call\\\",\n \\\"params\\\":{\n \\\"name\\\":\\\"gateway_invoke\\\",\n \\\"arguments\\\":{\n \\\"backend\\\":\\\"capabilities\\\",\n \\\"tool\\\":\\\"video_download\\\",\n \\\"args\\\":{\\\"video_url\\\":\\\"$VIDEO_URL\\\"}\n }\n }\n }\" \\\n| jq -r '.result.content[0].text | fromjson | .data' \\\n| base64 --decode > heygen-explainer.mp4\n```\n\nYour AI connects once to `localhost:39400`\n\n. Behind it, capability YAMLs plus reloadable gateway config sections (including backend add/remove/update and routing/profile changes) can reload live via file watching, `gateway_reload_config`\n\n, or `POST /ui/api/reload`\n\n. Listener address changes report `restart_required`\n\n; `env_files`\n\nlist changes stay startup-only and take effect after restart. Your AI session stays connected.\n\nCircuit breakers, retry with backoff, rate limiting, health checks, graceful shutdown, and concurrency limits. One flaky server won't take down your toolchain.\n\n```\n┌───────────────────────────────────────────────────────────────┐\n│ MCP Gateway (:39400) │\n│ ┌─────────────────────────────────────────────────────────┐ │\n│ │ Meta-MCP: 13-16 Tools + Surfaced Tools │ │\n│ │ • gateway_list_servers • gateway_search_tools │ │\n│ │ • gateway_list_tools • gateway_invoke │ │\n│ └─────────────────────────────────────────────────────────┘ │\n│ │\n│ ┌─────────────────────────────────────────────────────────┐ │\n│ │ Failsafes: Circuit Breaker │ Retry │ Rate Limit │ │\n│ └─────────────────────────────────────────────────────────┘ │\n│ │ │\n│ ┌──────────────────┼──────────────────┐ │\n│ ▼ ▼ ▼ │\n│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │\n│ │ Tavily │ │ Context7 │ │ Pieces │ │\n│ │ (stdio) │ │ (http) │ │ (sse) │ │\n│ └─────────────┘ └─────────────┘ └─────────────┘ │\n└───────────────────────────────────────────────────────────────┘\n```\n\nEmbedded web UI at `/ui`\n\n-- live status, searchable tools, server health, config viewer. Operator dashboard at `/dashboard`\n\n. Cost tracking at `/ui#costs`\n\n. All served from the same binary and port, no frontend build step.\n\n| Feature | Description | Docs |\n|---|---|---|\nAuthentication |\nBearer tokens, API keys, explicit admin keys, per-client rate limits and opt-in per-client circuit breakers |\n|\n\n**Per-Client Tool Scopes**[examples/per-client-tool-scopes.yaml](/MikkoParkkola/mcp-gateway/blob/main/examples/per-client-tool-scopes.yaml)** Security Firewall**[CHANGELOG](/MikkoParkkola/mcp-gateway/blob/main/CHANGELOG.md#260---2026-03-13)** Cost Governance**[CHANGELOG](/MikkoParkkola/mcp-gateway/blob/main/CHANGELOG.md#260---2026-03-13)** Session Sandboxing**[CHANGELOG](/MikkoParkkola/mcp-gateway/blob/main/CHANGELOG.md#250---2026-03-12)** mTLS**[CHANGELOG](/MikkoParkkola/mcp-gateway/blob/main/CHANGELOG.md#240---2026-02-25)| Feature | Description |\n|---|---|\nCapability System |\nREST API to MCP tool via YAML. Hot-reloaded.\n|\n\n**Transform Chains**[Example](/MikkoParkkola/mcp-gateway/blob/main/examples/transform-example.yaml).** Webhooks**[Docs](/MikkoParkkola/mcp-gateway/blob/main/docs/WEBHOOKS.md).** Auto-Discovery****Surfaced Tools**`tools/list`\n\nfor one-hop invocation.**Semantic Search****Tool Profiles****Config Export**`mcp-gateway config export`\n\n**MCP Version**: 2025-11-25 (latest spec)** Transports**: stdio, Streamable HTTP, SSE, WebSocket** Hot Reload**: Capability YAMLs plus reloadable gateway config sections are watched and reloaded live** Reload Outcomes**:`gateway_reload_config`\n\nand`/ui/api/reload`\n\nreturn`restart_required`\n\nfor listener changes (for example`server.host`\n\n/`server.port`\n\n);`env_files`\n\nlist edits remain startup-only**Config Discovery**: Auto-finds`gateway.yaml`\n\nin cwd,`~/.config/mcp-gateway/`\n\n,`/etc/mcp-gateway/`\n\n**\"Did You Mean?\"**: Levenshtein-based typo correction on tool names** Tool Annotations**: MCP 2025-11-25`title`\n\n,`readOnlyHint`\n\n,`destructiveHint`\n\n,`idempotentHint`\n\n,`openWorldHint`\n\n; gateway meta-tools are fully annotated, while backend tools use the hybrid pass-through/fill policy in[ADR-003](/MikkoParkkola/mcp-gateway/blob/main/docs/adr/ADR-003-mcp-tool-annotation-policy.md)**Dynamic Descriptions**: Live tool/server counts in meta-tool descriptions** Tunnel Mode**: Expose via Tailscale or pipenet without opening ports** Shell Completions**:`mcp-gateway completions bash|zsh|fish`\n\n**Spec Preview**(opt-in): Filtered`tools/list`\n\n(SEP-1821),`tools/resolve`\n\n(SEP-1862), dynamic promotion\n\nAny MCP-compliant server works. All three transport types supported:\n\n| Transport | Examples |\n|---|---|\nstdio |\n`@anthropic/mcp-server-tavily` , `@modelcontextprotocol/server-filesystem` , `@modelcontextprotocol/server-github` |\nHTTP |\nAny Streamable HTTP server |\nSSE |\nPieces, LangChain,\n|\n\nRemote MCP servers plug in by URL — no extra code. See\n[examples/gateway-full.yaml](/MikkoParkkola/mcp-gateway/blob/main/examples/gateway-full.yaml) for a commented GitMCP\nbackend entry and [docs/REMOTE_BACKENDS.md](/MikkoParkkola/mcp-gateway/blob/main/docs/REMOTE_BACKENDS.md) for a\nstep-by-step walkthrough.\n\n| Endpoint | Method | Description |\n|---|---|---|\n`/health` |\nGET | Health check with backend status |\n`/mcp` |\nPOST | Meta-MCP mode (dynamic discovery) |\n`/mcp/{backend}` |\nPOST | Direct backend access |\n`/ui` |\nGET | Web dashboard |\n`/dashboard` |\nGET | Operator dashboard |\n`/metrics` |\nGET | Prometheus metrics (with `--features metrics` ) |\n\n| Metric | Value | Notes |\n|---|---|---|\nStartup time |\n~8ms | Measured with `hyperfine` (\n|\nBinary size |\n~12-13 MB | Release build with LTO, stripped |\nHot-path microbenchmarks |\nIncluded | Criterion suite covers registry, parsing, cache-key, firewall, and semantic search hot paths |\nEnd-to-end latency |\nBackend-dependent | Measure with your real MCP servers and REST APIs rather than relying on a synthetic single number |\n\nMCP Gateway can ingest [Agent Skills](https://agentskills.io) / Claude Code\n`SKILL.md`\n\nfiles and expose them as discoverable skills alongside capability\nYAML. This lets the gateway consume any SKILL.md — whether authored locally,\nshipped from `agentskills.io`\n\n, or pulled from a GitHub release — and surface\nit through the same meta-tool surface used for capabilities.\n\n```\n# Import a local skill directory (auto-discovers SKILL.md + resources/)\nmcp-gateway skills import ~/.claude/skills/gws-gmail-send\n\n# Import a single SKILL.md file\nmcp-gateway skills import ./path/to/SKILL.md\n\n# Import from an agentskills.io URL\nmcp-gateway skills import https://agentskills.io/skills/my-skill/SKILL.md\n\n# List imported skills\nmcp-gateway skills list\n\n# Search by name, description, trigger, or keyword\nmcp-gateway skills search \"gmail\"\n\n# Show the full body (including any embedded code blocks)\nmcp-gateway skills show gws-gmail-send\n\n# Remove a skill\nmcp-gateway skills remove gws-gmail-send\n```\n\n**What gets parsed**\n\n- YAML frontmatter (\n`name`\n\n,`description`\n\n,`version`\n\n,`effort`\n\n,`allowed-tools`\n\n,`triggers`\n\n,`keywords`\n\n) - Markdown body, with fenced\n`bash`\n\n/`python`\n\n/`json`\n\ncode blocks extracted as structured`SkillCodeBlock`\n\nentries - Progressive-disclosure resources:\n`SKILL.advanced.md`\n\n,`reference.md`\n\n,`README.md`\n\n, and any`resources/*.md`\n\nfiles in the skill directory\n\n**Security model (read-only)**\n\nImported skills are stored as data, not executed. Embedded `bash`\n\nor\n`python`\n\nblocks are parsed and surfaced to users/agents via `skills show`\n\n,\nbut MCP Gateway will never run them automatically. A future release may\nadd opt-in execution gated on per-skill user consent. If you need to run\na skill's commands today, copy them from `skills show`\n\nand run them in\nyour own shell.\n\nRegistry location: `~/.mcp-gateway/skills.json`\n\n(override with\n`MCP_GATEWAY_SKILLS_REGISTRY`\n\nor `--registry`\n\n).\n\nReference: [Anthropic SKILL.md spec](https://docs.claude.com/en/docs/claude-code/skills) ·\n[agentskills.io](https://agentskills.io)\n\n| Document | Contents |\n|---|---|\n|\n\n[Configuration Reference](/MikkoParkkola/mcp-gateway/blob/main/docs/QUICKSTART.md#configuration)[OAuth Configuration](/MikkoParkkola/mcp-gateway/blob/main/docs/OAUTH_CONFIG.md)[Deployment Guide](/MikkoParkkola/mcp-gateway/blob/main/docs/DEPLOYMENT.md)[OpenAPI Import](/MikkoParkkola/mcp-gateway/blob/main/docs/OPENAPI_IMPORT.md)[Webhooks](/MikkoParkkola/mcp-gateway/blob/main/docs/WEBHOOKS.md)[Community Registry](/MikkoParkkola/mcp-gateway/blob/main/docs/COMMUNITY_REGISTRY.md)[Benchmarks](/MikkoParkkola/mcp-gateway/blob/main/docs/BENCHMARKS.md)[Changelog](/MikkoParkkola/mcp-gateway/blob/main/CHANGELOG.md)[OWASP Agentic AI Compliance](/MikkoParkkola/mcp-gateway/blob/main/docs/OWASP_AGENTIC_AI_COMPLIANCE.md)[vs Anthropic MCP Tunnels](#vs-anthropic-mcp-tunnels)**Backend won't connect?** Test the command directly (`npx -y @anthropic/mcp-server-tavily`\n\n), then check gateway logs with `--log-level debug`\n\n.\n\n**Circuit breaker open?** Check `curl localhost:39400/health | jq '.backends'`\n\n. Adjust thresholds in `failsafe.circuit_breaker`\n\n.\n\n**Tools not appearing?** Verify the backend is running (`gateway_list_servers`\n\n). Tool lists are cached for 5 minutes.\n\n- Fork and branch (\n`git checkout -b feature/your-feature`\n\n) - Test (\n`cargo test`\n\n) and lint (`cargo fmt && cargo clippy -- -D warnings`\n\n) - PR against\n`main`\n\nwith a clear description and[CHANGELOG](/MikkoParkkola/mcp-gateway/blob/main/CHANGELOG.md)entry\n\nSee [CONTRIBUTING.md](/MikkoParkkola/mcp-gateway/blob/main/CONTRIBUTING.md) for full details. Look for [ good first issue](https://github.com/MikkoParkkola/mcp-gateway/labels/good%20first%20issue) or\n\n[to get started.](https://github.com/MikkoParkkola/mcp-gateway/labels/help%20wanted)\n\n`help wanted`\n\nmcp-gateway is part of a suite of MCP tools:\n\n| Tool | Description |\n|---|---|\n|\nUniversal MCP gateway — compact 13-16 tool surface replaces 100+ registrations |\n|\n\n[nab](https://github.com/MikkoParkkola/nab)[axterminator](https://github.com/MikkoParkkola/axterminator)mcp-gateway is **dual-licensed** as of v2.11.0:\n\n| Scope | License | File |\n|---|---|---|\n| Core gateway, capabilities, transport, CLI, and everything not listed below | MIT |\n|\n\n[LICENSE-EE.md](/MikkoParkkola/mcp-gateway/blob/main/LICENSE-EE.md)EE-designated paths (every file carries `// SPDX-License-Identifier: PolyForm-Noncommercial-1.0.0`\n\n):\n\n`src/security/firewall/`\n\n— egress filtering`src/security/agent_identity.rs`\n\n— identity-based access control (OWASP ASI03)`src/security/data_flow.rs`\n\n— data flow tracking (EU AI Act Art. 12)`src/security/message_signing.rs`\n\n— HMAC inter-agent signing (OWASP ASI07)`src/security/policy.rs`\n\n— advanced policy enforcement`src/security/response_inspect.rs`\n\n,`response_scanner.rs`\n\n— outbound credential / exfil detection`src/security/scope_collision.rs`\n\n— scope conflict detection`src/security/tool_integrity.rs`\n\n— tool poisoning detection (OWASP ASI04)`src/cost_accounting/`\n\n— cost governance`src/key_server/`\n\n— OIDC-backed scoped key issuance\n\n**What this means in practice**:\n\n- Free for noncommercial use, modification, redistribution.\n- Commercial use of EE modules requires a separate commercial license.\n- Companies can buy a standard commercial-use license via\n[GitHub Sponsors](https://github.com/sponsors/MikkoParkkola)at EUR 500/month per named project. - See\n[COMMERCIAL.md](/MikkoParkkola/mcp-gateway/blob/main/COMMERCIAL.md)for business use, forks, wrappers, shared services, and managed-service deployments. - All releases prior to v2.11.0 remain entirely MIT and stay MIT forever.\n\nCreated by [Mikko Parkkola](https://github.com/MikkoParkkola). Implements [Model Context Protocol](https://modelcontextprotocol.io/) version 2025-11-25.", "url": "https://wpnews.pro/news/mcp-gateway", "canonical_source": "https://github.com/MikkoParkkola/mcp-gateway/", "published_at": "2026-06-04 05:06:28+00:00", "updated_at": "2026-06-04 05:18:11.746218+00:00", "lang": "en", "topics": ["ai-tools", "ai-infrastructure", "ai-agents", "large-language-models", "ai-products"], "entities": ["MCP-Gateway", "Ruach Tov Collective", "MikkoParkkola"], "alternates": {"html": "https://wpnews.pro/news/mcp-gateway", "markdown": "https://wpnews.pro/news/mcp-gateway.md", "text": "https://wpnews.pro/news/mcp-gateway.txt", "jsonld": "https://wpnews.pro/news/mcp-gateway.jsonld"}}