The MCP reliability & security gap — and an open-source proxy that fills it A developer released mcp-bastion, an open-source proxy that addresses reliability and security gaps in the Model Context Protocol (MCP). The proxy handles MCP server disconnections by providing status and reconnect tools for agents, and adds runtime defenses against prompt injection and tool squatting. It is available on GitHub under the Apache-2.0 license. As AI agents move from demos to production, the Model Context Protocol MCP has become the default way to give them tools. But the operational layer around MCP is still immature, and two gaps show up fast. MCP servers disconnect mid-session — a crashed subprocess, a dropped network stream — and the agent has no good signal. It sees a generic "No such tool available" error, indistinguishable from a tool that never existed. Worse, it can't reconnect itself; a human has to intervene. In a long autonomous run, capabilities silently vanish and the agent fails in confusing ways. MCP tools are described in natural language that the model reads and acts on. That creates two live threats: Runtime defenses for these live mostly in paid platforms. mcp-bastion https://github.com/Gowthaman90/mcp-bastion is a proxy that addresses both, and it's deliberately boring to adopt: it's a It's organized in three layers: bastion status , bastion reconnect that let the agent itself inspect and recover connections.It speaks both stdio and Streamable HTTP. TypeScript, Apache-2.0, layered architecture, tests, and CI. npx mcp-bastion Repo: https://github.com/Gowthaman90/mcp-bastion https://github.com/Gowthaman90/mcp-bastion It's early and I'd love feedback — especially on the security heuristics and which audit sinks people want.