https://github.com/anoblescm/mcp-zero-trust-proxy
Open-source zero-trust proxy for MCP servers — adds OAuth 2.1, tool-level RBAC, audit logging, and rate limiting to any MCP server. One Docker command, zero code changes.
https://github.com/anoblescm/mcp-zero-trust-proxy
ai-agents claude copilot cursor go mcp model-context-protocol oauth proxy rbac security zero-trust
Last synced: 2 months ago
JSON representation
Open-source zero-trust proxy for MCP servers — adds OAuth 2.1, tool-level RBAC, audit logging, and rate limiting to any MCP server. One Docker command, zero code changes.
- Host: GitHub
- URL: https://github.com/anoblescm/mcp-zero-trust-proxy
- Owner: AnobleSCM
- License: mit
- Created: 2026-03-20T03:58:48.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2026-04-12T05:17:01.000Z (3 months ago)
- Last Synced: 2026-04-12T07:13:00.634Z (3 months ago)
- Topics: ai-agents, claude, copilot, cursor, go, mcp, model-context-protocol, oauth, proxy, rbac, security, zero-trust
- Language: Go
- Homepage: https://mcpzerotrust.dev
- Size: 704 KB
- Stars: 2
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md
- Roadmap: docs/ROADMAP.md
Awesome Lists containing this project
README
# MCP Zero-Trust Proxy
A drop-in reverse proxy that adds zero-trust security to any [MCP](https://modelcontextprotocol.io) server — no code changes required.
```bash
docker run -e MCP_TARGET=localhost:3000 -e AUTH_PROVIDER=github -p 8080:8080 \
ghcr.io/anoblescm/mcp-zero-trust-proxy
```
## What it does
MCP (Model Context Protocol) is how AI agents connect to tools — Claude, Cursor, Copilot all use it. But authentication is optional in the spec. This proxy sits between your MCP clients and servers to enforce security:
- **OAuth 2.1 PKCE** — Require login via GitHub, Google, Okta, or any OIDC provider
- **Tool-level RBAC** — Control which tools each user can call (admin/readonly/restricted roles)
- **Per-client sessions** — Each user gets their own session boundary
- **Audit logging** — Every request logged: who, what, when, allowed/denied (structured JSONL)
- **Rate limiting** — Per-client token bucket (default: 300 req/min, configurable)
## Why
- 8,000+ MCP servers publicly reachable with no authentication ([Shodan](https://www.shodan.io/search?query=mcp))
- 30+ CVEs in 60 days (Jan-Feb 2026)
- CVSS 9.6 RCE in `mcp-remote`, the most popular OAuth workaround
- Clawdbot breach hit 1,800+ servers in 48 hours
## Quick start
### Docker (recommended)
```bash
# 1. Pull
docker pull ghcr.io/anoblescm/mcp-zero-trust-proxy:latest
# 2. Create config.yaml
cat > config.yaml <