mcpgate v0.1
Open source  /  Apache-2.0  /  Single Go binary

A lock for your MCP server.

mcpgate is a drop-in proxy that puts API-key auth, per-tool allowlists, rate limits, and an audit log in front of any self-hosted MCP server — without changing a line of the upstream.

Scans in 2026 found 12,520+ internet-exposed MCP servers — answering tool calls that read files, query databases, and run commands, with no authentication at all. The protocol doesn’t require any.

Protect a server Star on GitHub
client → mcpgate → mcp server live decision log
$ curl mcp.internal/mcp -d '{"method":"tools/call","name":"run_command"}'
← 401 unauthorized — no API key
$ curl -H "Authorization: Bearer •••" …name":"read_file"
auth rate-limit policy read_file
← 200 proxied to upstream
$ curl -H "Authorization: Bearer •••" …name":"run_command"
auth policy run_command ✗ not in allowlist
← -32001 tool not permitted — never reaches the server

What it enforces

Four controls. Zero upstream changes.

01

API-key auth

Keys are SHA-256 hashed at rest. Every request needs one — unauthenticated calls get 401 before they ever touch your server.

02

Per-tool allowlist

Deny by default. Each key may call only the tools you name. Blocked tools are also hidden from tools/list, so clients never see them.

03

Rate limiting

Per-key token buckets. A noisy or runaway client gets 429, not a melted upstream.

04

Audit log

One structured JSON line per request — who, which tool, the decision, status, and latency. Pipe it anywhere.

How it works

One instance in front of one server.

Point your MCP client at mcpgate instead of the server. Every request runs the chain, then the allowed ones are proxied through — Streamable HTTP and SSE both stream untouched.

client  →  mcpgate [ recover · auth · rate-limit · policy · audit ]  →  mcp server

Quickstart

Locked down in 30 seconds.

01 · key
# mint a key — prints it once, plus a config snippet
mcpgate keygen --label claude-desktop
02 · config
upstream:
  url: "http://localhost:9000/mcp"
keys:
  - label: "claude-desktop"
    hash: "<paste from keygen>"
    allow: ["read_file", "list_dir"]
03 · run
docker run -p 8080:8080 \
  -v $PWD/config.yaml:/etc/mcpgate/config.yaml \
  ghcr.io/bouncei/mcpgate

# point your client at http://localhost:8080/mcp

FAQ

Questions, answered.

How do I add authentication to an MCP server?

Run mcpgate as a reverse proxy in front of your MCP server and point your client at the gateway. It checks an API key on every request and returns 401 to anyone without a valid key — no changes to the upstream server are needed.

How do I secure a self-hosted MCP server?

mcpgate adds four controls in front of a self-hosted MCP server: API-key authentication, a per-tool allowlist (deny by default), per-key rate limiting, and a structured audit log. It works with Streamable HTTP and SSE transports.

Does mcpgate require changing my MCP server?

No. mcpgate is a drop-in proxy that sits in front of your existing server. You don’t modify the upstream MCP server’s code — you just route clients through the gateway.

What MCP transports does mcpgate support?

mcpgate supports the Streamable HTTP and SSE transports. Tool calls and SSE streams pass through untouched; tools/list responses are filtered to each key’s allowlist.

Is mcpgate free and open source?

Yes. mcpgate is free and open source under the Apache-2.0 license, distributed as a single Go binary and a container image.