{"id":47917518,"url":"https://github.com/alifanov/scopegate","last_synced_at":"2026-04-04T05:46:17.828Z","repository":{"id":338836391,"uuid":"1158523649","full_name":"alifanov/scopegate","owner":"alifanov","description":"AI Access Proxy Layer — granular permission gateway for AI agents. Connect services, define scopes, get an MCP endpoint.","archived":false,"fork":false,"pushed_at":"2026-04-03T13:01:11.000Z","size":1500,"stargazers_count":10,"open_issues_count":3,"forks_count":3,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-04-04T05:46:16.237Z","etag":null,"topics":["ai-agents","llm","llm-ops","scope","security"],"latest_commit_sha":null,"homepage":"https://scopegate.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alifanov.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-15T14:16:50.000Z","updated_at":"2026-04-03T13:01:15.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/alifanov/scopegate","commit_stats":null,"previous_names":["alifanov/scopegate"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/alifanov/scopegate","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alifanov%2Fscopegate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alifanov%2Fscopegate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alifanov%2Fscopegate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alifanov%2Fscopegate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alifanov","download_url":"https://codeload.github.com/alifanov/scopegate/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alifanov%2Fscopegate/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31389391,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-04T04:26:24.776Z","status":"ssl_error","status_checked_at":"2026-04-04T04:23:34.147Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","llm","llm-ops","scope","security"],"created_at":"2026-04-04T05:46:17.229Z","updated_at":"2026-04-04T05:46:17.816Z","avatar_url":"https://github.com/alifanov.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ScopeGate\n\nAI Access Proxy Layer. Connect external services (e.g. Google), define granular permissions, and receive an MCP endpoint URL for use in AI agents. Acts as a permission gateway — exposing only the specific capabilities you authorize, more granular than native OAuth scopes.\n\n## Tech Stack\n\n- **Framework**: Next.js 16 (App Router)\n- **Language**: TypeScript\n- **Database**: PostgreSQL + Prisma 7\n- **UI**: Tailwind CSS v4, shadcn/ui\n- **Auth**: Better Auth (database-backed sessions, Prisma adapter)\n- **MCP**: `@modelcontextprotocol/sdk` (Streamable HTTP)\n- **Package Manager**: pnpm\n\n## Getting Started\n\n### Prerequisites\n\n- Node.js 18+\n- pnpm\n- PostgreSQL\n\n### Setup\n\n1. Clone the repository and install dependencies:\n\n```bash\npnpm install\n```\n\n2. Copy the environment file and fill in your values:\n\n```bash\ncp .env.example .env\n```\n\n| Variable | Description |\n|---|---|\n| `DATABASE_URL` | PostgreSQL connection string |\n| `BETTER_AUTH_SECRET` | Secret key for session signing |\n| `BETTER_AUTH_URL` | App base URL (e.g. `http://localhost:3000`) |\n| `ADMIN_EMAIL` | Bootstrap admin email |\n| `ADMIN_PASSWORD` | Bootstrap admin password |\n\n3. Run database migrations:\n\n```bash\npnpm prisma migrate dev\n```\n\n4. Start the development server:\n\n```bash\npnpm dev\n```\n\nOpen [http://localhost:3000](http://localhost:3000).\n\n## Project Structure\n\n```\nsrc/\n├── app/\n│   ├── (auth)/              # Login \u0026 register pages\n│   ├── (dashboard)/         # Protected dashboard pages\n│   │   └── projects/        # Project management, endpoints, audit, settings\n│   ├── api/\n│   │   ├── auth/[...all]/    # Better Auth catch-all handler\n│   │   ├── projects/        # Projects CRUD, endpoints, services, audit\n│   │   └── mcp/[apiKey]/    # MCP Streamable HTTP handler\n│   ├── layout.tsx\n│   └── page.tsx             # Landing page\n├── components/\n│   ├── ui/                  # shadcn/ui components\n│   ├── layout/              # Sidebar, header\n│   └── shared/              # Reusable app components\n├── lib/\n│   ├── db.ts                # Prisma client singleton\n│   ├── auth.ts              # Better Auth server instance\n│   ├── auth-client.ts       # Better Auth client SDK\n│   ├── auth-middleware.ts   # getCurrentUser() helper\n│   ├── bootstrap.ts         # Admin user bootstrap on empty DB\n│   └── mcp/\n│       ├── permissions.ts   # Permission groups (source of truth)\n│       ├── tools.ts         # MCP tool definitions\n│       └── handler.ts       # MCP server factory\n├── generated/prisma/        # Generated Prisma client\n└── middleware.ts             # Route protection\n```\n\n## Available Scripts\n\n```bash\npnpm dev              # Start development server\npnpm build            # Production build\npnpm start            # Start production server\npnpm lint             # Run ESLint\npnpm prisma generate  # Regenerate Prisma client\npnpm prisma migrate dev  # Create and apply migrations\npnpm prisma studio    # Open Prisma Studio (DB browser)\n```\n\n## How It Works\n\n1. **Login** — sign in with admin credentials (bootstrapped from env vars on first run)\n2. **Create a Project** — organize endpoints and services by project\n3. **Connect a Service** — add a service connection to the project\n4. **Create an MCP Endpoint** — select a service connection and pick specific permissions (e.g. `gmail:read_emails`, `calendar:create_event`)\n5. **Use the MCP URL** — plug the endpoint URL into any MCP-compatible AI agent; only the allowed actions are exposed\n6. **Monitor** — track every request in the audit log\n\n## Permissions\n\nPermissions are defined in `src/lib/mcp/permissions.ts` and grouped by service:\n\n| Group | Actions |\n|---|---|\n| Gmail | `gmail:read_emails`, `gmail:send_email`, `gmail:list_labels`, `gmail:search_emails` |\n| Google Calendar | `calendar:list_events`, `calendar:create_event`, `calendar:update_event`, `calendar:delete_event` |\n| Google Drive | `drive:list_files`, `drive:read_file`, `drive:create_file`, `drive:delete_file` |\n\n## Database Schema\n\n- **User** — authentication, team membership\n- **Session** — database-backed auth sessions\n- **Account** — auth provider credentials (email/password)\n- **Project** — logical grouping for services and endpoints\n- **TeamMember** — user-project relationship with roles (owner/member)\n- **ServiceConnection** — OAuth tokens for connected services\n- **McpEndpoint** — MCP endpoint with API key, rate limit, active status\n- **EndpointPermission** — allowed actions per endpoint\n- **AuditLog** — request log with action, status, duration, errors\n\n## License\n\nSee [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falifanov%2Fscopegate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falifanov%2Fscopegate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falifanov%2Fscopegate/lists"}