A high-performance security gateway for the Model Context Protocol
Getting Started β’ Documentation β’ Contributing β’ Roadmap
As AI agents gain access to more powerful tools, security becomes critical. MCP Proxy sits between your AI agents and MCP servers, providing:
|
Fine-grained access control using OPA policies. Define exactly what tools each agent can access and under what conditions. |
Complete audit trail of every tool call. Know exactly what your agents are doing, when, and why. |
|
Sub-microsecond routing latency. Your agents won't even notice it's there. |
Prometheus metrics and health endpoints. Full visibility into your AI infrastructure. |
| Feature | Description |
|---|---|
| OPA Policy Engine | Write policies in Rego for fine-grained access control |
| SQLite Audit Store | Persistent, queryable audit logs with configurable retention |
| SSE Transport | Server-Sent Events for real-time bidirectional communication |
| Session Management | Secure session handling with TTL and connection limits |
| Prometheus Metrics | Request latency, policy decisions, error rates |
| Health Checks | Kubernetes-ready liveness and readiness probes |
| TLS Support | Encrypted communications for production deployments |
go install github.com/agentfacts/mcp-proxy/cmd/proxy@latestgit clone https://github.com/agentfacts/mcp-proxy.git
cd mcp-proxy
make build
./bin/mcp-proxy --config config/proxy.yamldocker run -p 3000:3000 ghcr.io/agentfacts/mcp-proxy:latestDocker Compose (Development Stack)
# Start PostgreSQL, Redis, and supporting services
make docker-up
# Or with the full stack including the proxy
docker-compose --profile full up -dCreate a config.yaml file:
version: "1.0"
server:
listen:
address: "0.0.0.0"
port: 3000
transport: "sse"
upstream:
url: "http://your-mcp-server:8080"
transport: "sse"
policy:
enabled: true
mode: "enforce" # "audit" to log only, "enforce" to block
policy_dir: "policies"
audit:
enabled: true
db_path: "audit.db"Environment Variables
All configuration can be overridden via environment variables:
| Variable | Description | Default |
|---|---|---|
MCP_SERVER_PORT |
Proxy listen port | 3000 |
MCP_UPSTREAM_URL |
Upstream MCP server URL | - |
MCP_POLICY_MODE |
Policy mode (audit/enforce) | enforce |
MCP_POLICY_ENABLED |
Enable policy engine | true |
MCP_AUDIT_ENABLED |
Enable audit logging | true |
MCP_LOGGING_LEVEL |
Log level (debug/info/warn/error) | info |
MCP_METRICS_ENABLED |
Enable Prometheus metrics | false |
MCP_HEALTH_ENABLED |
Enable health endpoints | false |
Full Configuration Reference
See config/proxy.yaml for a complete configuration example with all available options.
Policies are written in Rego, OPA's declarative policy language.
package mcp.policy
default allow = false
# Allow read operations for agents with read capability
allow {
input.method == "tools/call"
startswith(input.tool, "read_")
has_capability("read:*")
}
# Block write operations to sensitive directories
deny {
input.method == "tools/call"
input.tool == "write_file"
startswith(input.arguments.path, "/etc/")
}
# Helper: check if agent has capability
has_capability(cap) {
input.agent.capabilities[_] == cap
}package mcp.policy
# Limit to 100 requests per session
deny {
input.session.request_count > 100
}See policies/ for more examples.
MCP Proxy is designed for minimal overhead:
| Operation | Latency | Allocations |
|---|---|---|
| Route Message | ~1 Β΅s | 26 allocs |
| Parse Request | ~337 ns | 5 allocs |
| Generate Request ID | ~87 ns | 1 alloc |
Run Benchmarks
go test -bench=. -benchmem ./internal/router/...Enable with metrics.enabled: true:
curl http://localhost:9090/metricsAvailable metrics:
mcp_proxy_requests_total- Total requests by method and statusmcp_proxy_request_duration_seconds- Request latency histogrammcp_proxy_policy_decisions_total- Policy decisions by resultmcp_proxy_active_sessions- Current active sessions
Enable with health.enabled: true:
# Liveness probe
curl http://localhost:8080/health
# Readiness probe
curl http://localhost:8080/readymcp-proxy/
βββ cmd/proxy/ # Application entry point
βββ config/ # Configuration files
βββ docs/ # Documentation
βββ internal/
β βββ audit/ # SQLite audit store
β βββ config/ # Configuration loading
β βββ observability/ # Metrics & health checks
β βββ policy/ # OPA policy engine
β βββ router/ # Message routing
β βββ session/ # Session management
β βββ transport/sse/ # SSE transport
β βββ upstream/ # Upstream client
βββ policies/ # Example Rego policies
βββ scripts/ # Utility scripts
| Document | Description |
|---|---|
| Setup Guide | Detailed installation and configuration |
| Contributing | How to contribute |
| Changelog | Version history |
| Security | Security policy |
- SSE transport support
- OPA policy engine
- SQLite audit logging
- Prometheus metrics
- STDIO transport
- HTTP transport
- WebSocket transport
- AgentFacts verification
- Policy hot-reload
- Admin API
- Web dashboard
We welcome contributions! Please see our Contributing Guidelines.
# Clone the repo
git clone https://github.com/agentfacts/mcp-proxy.git
cd mcp-proxy
# Install dependencies
go mod download
# Run tests
make test
# Run linter
make lintMIT License - see LICENSE for details.
Made with β€οΈ by AgentFacts

