mcp-guard
Verified Safeby botzrDev
Overview
Security gateway for Model Context Protocol (MCP) servers, providing authentication, authorization, rate limiting, and observability.
Installation
mcp-guard runEnvironment Variables
- RUST_LOG
- STRIPE_SECRET_KEY
- MCP_GUARD_AUTH_OAUTH_CLIENT_ID
- MCP_GUARD_AUTH_OAUTH_CLIENT_SECRET
- MCP_GUARD_AUTH_OAUTH_REDIRECT_URI
- MCP_GUARD_DATABASE_URL
- MCP_GUARD_LICENSE_KEY
Security Notes
The project demonstrates a strong focus on security. Key strengths include robust input validation (SSRF and command injection prevention for upstream connections), API key hashing with constant-time comparison, comprehensive OAuth 2.1 support with PKCE and state protection, and explicit configuration for mTLS trusted proxies to prevent header spoofing. Error messages are sanitized to avoid exposing internal details. Hardcoded production secrets are avoided, as evidenced by a past fix documented in `CHANGES.md`. The overall architecture and practices implemented contribute to a secure gateway solution.
Similar Servers
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
Unla
Transforms existing MCP Servers and APIs into MCP protocol-compliant endpoints through configuration, enabling LLM tool calling without code changes.
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
mcp-gateway
Aggregates multiple Model Context Protocol (MCP) servers into a single gateway, providing unified search, description, and invocation for their tools, primarily to mitigate context window limits for AI clients.