mcp-gateway
Verified Safeby thomkav
Overview
Provides a robust security layer for Model Context Protocol (MCP) servers, offering authentication, session management, authorization, rate limiting, and audit logging for AI agent integrations with third-party APIs.
Installation
pnpm build && node examples/vikunja/dist/index.jsEnvironment Variables
- MCP_JWT_SECRET
Security Notes
The project is explicitly designed with a strong focus on security, adhering to Anthropic's MCP Security Best Practices and mitigating common OWASP API Top 10 risks. Key security features include: JWT-based authentication with HMAC-SHA256 signatures, UUIDv4 cryptographically random session IDs, per-user rate limiting, comprehensive audit logging, and secure storage of third-party API tokens in the OS keyring (Keychain on macOS, Credential Manager on Windows, libsecret on Linux). There is no observable use of `eval` or direct dangerous `child_process` calls for untrusted input. Hardcoded secrets are explicitly avoided in favor of environment variables or OS keyring storage, with clear instructions for production use. Input validation using Zod schemas is extensive in examples to prevent injection attacks.
Similar Servers
mcp-context-forge
Converts web content (HTML, PDF, DOCX, etc.) and local files from a URL into high-quality Markdown format. It supports multiple conversion engines, content optimization, batch processing, and image handling.
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
MCPJungle
MCPJungle is a self-hosted Model Context Protocol (MCP) Gateway that allows developers to register and manage various MCP servers and their tools from a central location, enabling AI agents to discover and consume these tools from a single gateway.
mcp-gateway-registry
Provides a programmatic interface to interact with the main MCP Gateway Registry API, enabling tasks like registering/toggling services, managing groups/users, and intelligently discovering tools across registered services using semantic search and access control.