{"id":27521164,"url":"https://github.com/lasso-security/mcp-gateway","last_synced_at":"2025-07-03T00:06:28.921Z","repository":{"id":288148203,"uuid":"965970978","full_name":"lasso-security/mcp-gateway","owner":"lasso-security","description":"A plugin-based gateway that orchestrates other MCPs and allows developers to build upon it enterprise-grade agents.","archived":false,"fork":false,"pushed_at":"2025-04-15T19:10:59.000Z","size":237,"stargazers_count":92,"open_issues_count":1,"forks_count":5,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-18T20:13:06.607Z","etag":null,"topics":["agent","agent-security","gateway","gen-ai","genai","genai-security","generative-ai","mcp","mcp-client","mcp-security","mcp-server","proxy","python"],"latest_commit_sha":null,"homepage":"https://www.lasso.security/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lasso-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-14T07:46:26.000Z","updated_at":"2025-04-18T13:13:06.000Z","dependencies_parsed_at":"2025-04-15T20:35:30.359Z","dependency_job_id":null,"html_url":"https://github.com/lasso-security/mcp-gateway","commit_stats":null,"previous_names":["lasso-security/mcp-gateway"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/lasso-security/mcp-gateway","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lasso-security%2Fmcp-gateway","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lasso-security%2Fmcp-gateway/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lasso-security%2Fmcp-gateway/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lasso-security%2Fmcp-gateway/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lasso-security","download_url":"https://codeload.github.com/lasso-security/mcp-gateway/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lasso-security%2Fmcp-gateway/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263234952,"owners_count":23434919,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","agent-security","gateway","gen-ai","genai","genai-security","generative-ai","mcp","mcp-client","mcp-security","mcp-server","proxy","python"],"created_at":"2025-04-18T07:59:16.853Z","updated_at":"2025-07-03T00:06:28.820Z","avatar_url":"https://github.com/lasso-security.png","language":"Python","funding_links":[],"categories":["πŸ“š Projects (1974 total)","πŸ§‘β€πŸš€ Tools and code","APIs and HTTP Requests","πŸ”Œ MCP Security","Python","Open-source MCP Gateways","MCP Utilities \u0026 Tools"],"sub_categories":["MCP Servers","Gateways and Proxies","Gateways"],"readme":"# MCP Gateway\n\n![Hugging Face Token Masking Example](docs/MCP_Flow.png)\n\nMCP Gateway is an advanced intermediary solution for Model Context Protocol (MCP) servers that centralizes and enhances your AI infrastructure.\n\nMCP Gateway acts as an intermediary between LLMs and other MCP servers. It:\n\n1. Reads server configurations from a `mcp.json` file located in your root directory.\n2. Manages the lifecycle of configured MCP servers.\n3. Intercepts requests and responses to sanitize sensitive information.\n4. Provides a unified interface for discovering and interacting with all proxied MCPs.\n\n## Installation\n\n### Python (recommended)\nInstall the mcp-gateway package:\n```bash\npip install mcp-gateway\n```\n\n\u003e `--mcp-json-path` - must lead to your [mcp.json](https://docs.cursor.com/context/model-context-protocol#configuration-locations) or [claude_desktop_config.json](https://modelcontextprotocol.io/quickstart/server#testing-your-server-with-claude-for-desktop) \n\u003e `--plugin` or `-p` - Specify the plugins to enable (can be used multiple times)\n\n### Usage \nThis example enables the basic guardrail for token masking and xetrack tracing plugin for filesystem MCP:\n\n```bash\nmcp-gateway --mcp-json-path ~/.cursor/mcp.json -p basic -p xetrack\n```\n\nYou can add more MCPs that will be under the Gateway by putting the MCP server configuration under the \"servers\" key.\n\n\u003cdetails\u003e\n\u003csummary\u003eCursor example:\u003c/summary\u003e\n\n```json\n{\n \"mcpServers\": {\n \"mcp-gateway\": {\n \"command\": \"mcp-gateway\",\n \"args\": [\n \"--mcp-json-path\",\n \"~/.cursor/mcp.json\",\n \"--plugin\",\n \"basic\",\n \"--plugin\",\n \"xetrack\"\n ],\n \"servers\": {\n \"filesystem\": {\n \"command\": \"npx\",\n \"args\": [\n \"-y\",\n \"@modelcontextprotocol/server-filesystem\",\n \".\"\n ]\n }\n }\n }\n }\n}\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eClaude example:\u003c/summary\u003e\n\nGet `\u003cPYTHON_PATH\u003e`\n```bash\nwhich python\n```\n```json\n{\n \"mcpServers\": {\n \"mcp-gateway\": {\n \"command\": \"\u003cpython path\u003e\",\n \"args\": [\n \"-m\",\n \"mcp_gateway.server\",\n \"--mcp-json-path\",\n \"\u003cpath to claude_desktop_config\u003e\",\n \"--plugin\",\n \"basic\"\n ],\n \"servers\": {\n \"filesystem\": {\n \"command\": \"npx\",\n \"args\": [\n \"-y\",\n \"@modelcontextprotocol/server-filesystem\",\n \".\"\n ]\n }\n }\n }\n }\n}\n```\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003eDocker\u003c/summary\u003e\n\n\nBuild the image after clone this repo\n```bash\ndocker build -t mcp/gateway .\n```\n\n```json\n{\n \"mcpServers\": {\n \"mcp-gateway\": {\n \"command\": \"docker\",\n \"args\": [\n \"run\",\n \"--rm\",\n \"--mount\", \"type=bind,source=/Users/oro/Projects/playground/mcp-gateway,target=/app\",\n \"-i\",\n \"-v\", \"/Users/oro/.cursor/mcp.json:/config/mcp.json:ro\",\n \"-e\", \"LASSO_API_KEY=\u003cLASSO_API_KEY\u003e\",\n \"-v\", \"mcp-gateway-logs:/logs\",\n \"mcp/gateway:latest\",\n \"--mcp-json-path\", \"/config/mcp.json\",\n \"--plugin\", \"basic\",\n \"--plugin\", \"lasso\"\n ],\n \"servers\": {\n \"filesystem\": {\n \"command\": \"npx\",\n \"args\": [\n \"-y\",\n \"@modelcontextprotocol/server-filesystem\",\n \".\"\n ]\n }\n }\n }\n }\n}\n```\n\nIn this example we use lasso and basic guardrail to show how we can pass enviroment varabile and arguments to the docker and how we can mount storage for the filesystem MCP.\nThe Docker image can be built with optional dependencies required by certain plugins (e.g., `presidio`). \nUse the `INSTALL_EXTRAS` build argument during the `docker build` command. Provide a comma-separated string of the desired extras: `\"presidio,xetrack\"`\n\n\u003c/details\u003e\n\n## Quickstart\n\n### Masking Sensitive Information\n\nMCP Gateway will automatically mask the sensitive token in the response, preventing exposure of credentials while still providing the needed functionality.\n\n1. Create a file with sensitive information:\n ```bash\n echo 'HF_TOKEN = \"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\"' \u003e tokens.txt\n ```\n\n2. When an agent requests to read this file through MCP Gateway: \n - Recommend to test with sonnet 3.7\n ```\n Use your mcp-gateway tools to read the ${pwd}/tokens.txt and return the HF_TOKEN\n ```\n \n**Output:** \n\n![Hugging Face Token Masking Example](docs/hf_example.png)\n\n## Usage\n\nStart the MCP Gateway server with python_env config on this repository root:\n\n```bash\nmcp-gateway -p basic -p presidio\n```\n\nYou can also debug the server using:\n```bash\nLOGLEVEL=DEBUG mcp-gateway --mcp-json-path ~/.cursor/mcp.json -p basic -p presidio\n```\n\n## Tools\n\nHere are the tools the MCP is using to create a proxy to the other MCP servers\n\n- **`get_metadata`** - Provides information about all available proxied MCPs to help LLMs choose appropriate tools and resources\n- **`run_tool`** - Executes capabilities from any proxied MCP after sanitizing the request and response\n\n# Plugins\n\n## Contribute\nFor more details on how the plugin system works, how to create your own plugins, or how to contribute, please see the [Plugin System Documentation](./mcp_gateway/plugins/README.md).\n\n## Guardrails\nMCP Gateway supports various plugins to enhance security and functionality. Here's a summary of the built-in guardrail plugins:\n\n\n| Name | PII Masking | Token/Secret Masking | Custom Policy | Prompt Injection | Harmful Content |\n| :---------- | :----------------------------------------------------------------------- | :----------------------------------------------------------------------------------- | :-----------: | :------------------: | :-------------: |\n| `basic` | ❌ | βœ… | ❌ | ❌ | ❌ |\n| `presidio` | βœ… | ❌ | ❌ | ❌ | ❌ |\n| `lasso` | βœ… | βœ… | βœ… | βœ… | βœ… |\n\n**Note:** To use the `presidio` plugin, you need to install it separately: `pip install mcp-gateway[presidio]`.\n\n\n### Basic \n```bash\nmcp-gateway -p basic\n```\nMasking basic secerts\n- azure client secret\n- github tokens\n- github oauth\n- gcp api key\n- aws access token\n- jwt token\n- gitlab session cookie\n- huggingface access token\n- microsoft teams webhook\n- slack app token\n\n### Presidio \n```bash\nmcp-gateway -p presidio\n```\n[Presidio](https://microsoft.github.io/presidio/) is identification and anonymization package\n- Credit Card\n- IP\n- Email\n- Phone\n- SSN\n- [Etc](https://microsoft.github.io/presidio/supported_entities/)\n\n### Lasso \n```bash\nmcp-gateway -p lasso\n```\n#### Prerequisites\n- **Obtain a Lasso API key** by signing up at [Lasso Security](https://www.lasso.security/).\n\nTo use Lasso Security's advanced AI safety guardrails, update your `mcp.json` configuration as follows:\n\n1. Add the `LASSO_API_KEY=\u003cYOUR-API-KEY\u003e` to your environment variable or in the \"env\" section.\n2. Insert other MCP servers configuration under key `servers`\n\nExample:\n\n```json\n{\n \"mcpServers\": {\n \"mcp-gateway\": {\n \"command\": \"mcp-gateway\",\n \"args\": [\n \"--mcp-json-path\",\n \"~/.cursor/mcp.json\",\n \"-p\",\n \"lasso\"\n ],\n \"env\": {\n \"LASSO_API_KEY\": \"\u003classo_token\u003e\"\n },\n \"servers\": {\n \"filesystem\": {\n \"command\": \"npx\",\n \"args\": [\n \"-y\",\n \"@modelcontextprotocol/server-filesystem\",\n \".\"\n ]\n }\n }\n }\n }\n}\n```\n\n\n#### Features\n\nπŸ” Full visibility into MCP interactions with an Always-on monitoring.\n\nπŸ›‘οΈ Mitigate GenAI-specific threats like prompt injection and sensitive data leakage in real-time with built-in protection that prioritizes security from deployment.\n\n✨ Use flexible, natural language to craft security policies tailored to your business's unique needs.\n\n⚑ Fast and easy installation for any deployment style. Monitor data flow to and from MCP in minutes with an intuitive, user-friendly dashboard.\n\n\nThe Lasso guardrail checks content through Lasso's API for security violations before processing requests and responses.\n\nRead more on our website πŸ‘‰ [Lasso Security](https://www.lasso.security/).\n\n## Tracing\n\n### Xetrack\n[xetrack](https://github.com/xdssio/xetrack) is a lightweight package to track ml experiments, benchmarks, and monitor stractured data.\n\nWe can use it to debug and monitor **tool calls** with logs ([loguru](https://github.com/Delgan/loguru)) or [duckdb](https://duckdb.org) and [sqlite](https://sqlite.org). .\n\n```bash\nmcp-gateway -p xetrack\n\n```\n#### Prerequisites\n`pip install xetrack`\n\n#### Params\n* `XETRACK_DB_PATH` - The sqlite db location. \n * All logs register in the *events* table.\n * If fancy objects return from the MCPs response, read about xetrack [assets](https://github.com/xdssio/xetrack?tab=readme-ov-file#track-assets-oriented-for-ml-models) to retrive it. \n* `XETRACK_LOGS_PATH` - The logs location\n* `FLATTEN_ARGUMENTS` - Flatten the arguments, default `true`\n* `FLATTEN_RESPONSE` - Flatten the response, default `true`\n* It is recommend to to gitignore the logs location\n* It is recommended to use [DVC](http://dvc.org) to manage the db file\n\n#### Quickstart \n```json\n{\n \"mcpServers\": {\n \"mcp-gateway\": {\n \"command\": \"mcp-gateway\",\n \"args\": [\n \"--mcp-json-path\",\n \"~/.cursor/mcp.json\",\n \"-p\",\n \"xetrack\"\n ],\n \"env\": {\n \"XETRACK_DB_PATH\": \"tracing.db\",\n \"XETRACK_LOGS_PATH\": \"logs/\" \n },\n \"servers\": {\n \"filesystem\": {\n \"command\": \"npx\",\n \"args\": [\n \"-y\",\n \"@modelcontextprotocol/server-filesystem\",\n \".\"\n ]\n }\n }\n }\n }\n}\n```\n\nLet's say you use the filesystem *list_directory* tool on path *\".\"*, you can find the call parameters under `logs/\u003cdate\u003e.log`.\n\nYou can expolre using [xetrack cli](https://github.com/xdssio/xetrack?tab=readme-ov-file#cli) to query the db:\n\n```bash\n$ xt tail tracing.db --json --n=1\n[\n {\n \"timestamp\": \"2025-04-17 17:12:48.233126\",\n \"track_id\": \"mottled-stingray-0411\",\n \"meta\": \"f3be31e09667745f\",\n \"paths\": null,\n \"call_id\": \"deab617e-0a45-4950-9de9-3fb549810cf2\",\n \"capability_name\": \"list_directory\",\n \"content_type\": \"text\",\n \"content_annotations\": \"f3be31e09667745f\",\n \"response_type\": \"CallToolResult\",\n \"server_name\": \"filesystem\",\n \"capability_type\": \"tool\",\n \"isError\": 0,\n \"content_text\": \"[DIR] .cursor\\n[DIR] .git\\n[FILE] .gitignore\\n[DIR] .pytest_cache\\n[DIR] .venv\\n[FILE] LICENSE\\n[FILE] MANIFEST.in\\n[FILE] README.md\\n[DIR] docs\\n[DIR] logs\\n[DIR] mcp_gateway\\n[FILE] pyproject.toml\\n[FILE] requirements.txt\\n[DIR] tests\\n[DIR] tmp\",\n \"path\": \".\",\n \"prompt\": null\n }\n]\n```\nWith python\n```python\nfrom xetrack import Reader\n\ndf = Reader(\"tracing.db\").to_df()\n```\n\n\nWith duckdb cli and ui \n```bash\n$ duckdb --ui\nD INSTALL sqlite; LOAD sqlite; ATTACH 'tracing.db' (TYPE sqlite);\nD SELECT server_name,capability_name,path,content_text FROM db.events LIMIT 1;\n\nβ”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”\nβ”‚ server_name β”‚ capability_name β”‚ path β”‚ content_text β”‚\nβ”‚ varchar β”‚ varchar β”‚ varchar β”‚ varchar β”‚\nβ”œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€\nβ”‚ filesystem β”‚ list_directory β”‚ . β”‚ [DIR] .cursor\\n[DIR] .git\\n[FILE… β”‚\nβ””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜\n```\n\nOf course you can use another MCP server to query the sqlite database 😊\n\n## How It Works\nYour agent interacts directly with our MCP Gateway, which functions as a central router and management system. Each underlying MCP is individually wrapped and managed.\n\nKey Features\n\n**Agnostic Guardrails**\n* Applies configurable security filters to both requests and responses.\n* Prevents sensitive data exposure before information reaches your agent.\n* Works consistently across all connected MCPs regardless of their native capabilities.\n\n**Unified Visibility**\n* Provides comprehensive dashboard for all your MCPs in a single interface.\n* Includes intelligent risk assessment with MCP risk scoring.\n* Delivers real-time status monitoring and performance metrics.\n\n**Advanced Tracking**\n* Maintains detailed logs of all requests and responses for each guardrail.\n* Offers cost evaluation tools for MCPs requiring paid tokens.\n* Provides usage analytics and pattern identification for optimization.\n* Sanitizes sensitive information before forwarding requests to other MCPs.\n\n## License\n\nMIT\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flasso-security%2Fmcp-gateway","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flasso-security%2Fmcp-gateway","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flasso-security%2Fmcp-gateway/lists"}