mcp-gateway
Provides a deployable MCP Gateway (reverse-proxy via Nginx) and a MCP Registry/UI to register and govern MCP servers, discover tools (including schemas via ListTools), and route MCP client traffic to enabled backend MCP servers using per-service URL paths. Includes health checks and real-time UI updates via WebSockets.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS is supported via HTTPS with cert/key mounting, but README also states self-signed cert default and HTTP is available; this reduces assurance if misconfigured. Authentication for registry UI/API uses username/password (ADMIN_USER/ADMIN_PASSWORD); no evidence of OAuth/OIDC, fine-grained authorization, or scope-based access. Project includes a large dependency list (including ML libraries), but no CVE/lockfile/security posture details are provided in the excerpt. Secrets are passed via environment variables (e.g., ADMIN_PASSWORD, POLYGON_API_KEY, SECRET_KEY) and not shown being logged, but the excerpt does not confirm no logging of secrets.
⚡ Reliability
Best When
You want to standardize and govern MCP server access behind a single endpoint with path-based routing and you can operate the gateway/registry stack.
Avoid When
You need turnkey SaaS or vendor-managed scaling and SLAs, or you cannot risk that gateway self-signed cert defaults are used without proper TLS configuration.
Use Cases
- • Centralized discovery and management of approved MCP servers for agent tool use
- • Enterprise/governed access to curated MCP servers across teams or environments
- • Dynamic tool discovery in agents (query tools by natural language) and invocation via the gateway
- • Health monitoring of MCP services (SSE endpoint checks) and enabling/disabling services at runtime
Not For
- • Production use where you cannot operate/manage your own infrastructure (Docker, Nginx, optional EC2/EKS)
- • Environments requiring OAuth/OIDC federation rather than a built-in username/password login
- • Use cases needing fine-grained per-tool authorization beyond what the gateway/registry provides
Interface
Authentication
Auth is described for securing the registry UI and API using ADMIN_USER/ADMIN_PASSWORD. No evidence in provided content of OAuth/OIDC, scoped tokens, or per-route authorization beyond enable/disable and service management controls.
Pricing
Self-hosted open-source project; costs are infrastructure-related (EC2/EKS, load balancers, TLS certs, etc.).
Agent Metadata
Known Gotchas
- ⚠ Because it relies on per-service path routing, agents must use the correct gateway base URL and service path (e.g., /weather/, /currenttime/) to reach the intended MCP server.
- ⚠ TLS defaults mention self-signed certs and HTTP availability; agents may fail verification unless configured to trust the cert or use proper HTTPS setup.
- ⚠ Health checks rely on /sse HEAD probes; a service may be 'enabled' but still fail tool calls if underlying dependencies (e.g., Polygon API key) are misconfigured.
- ⚠ Nginx configuration is dynamically regenerated based on enabled/disabled state; changes may require time for reload/regeneration before agents see updates.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-gateway.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.