MCP Gateway
@vengtoo/mcp-gateway is a drop-in proxy that sits between an MCP client (Claude Code, Cursor, VS Code, GitHub Copilot) and any Model Context Protocol server. It intercepts every tool call and checks authorization before forwarding it to the downstream server.
Because it runs as a proxy, you don't modify the MCP server — point your client at the gateway instead of the server directly. This is the right choice when you're connecting an agent to servers you don't own or can't change. If you author the MCP server yourself, the embeddable MCP Adapter may be a better fit.
Why
An agent connected to an MCP server can call any tool it's exposed — read your database, delete files, execute arbitrary SQL. The gateway puts a policy enforcement point in front of those tools, so every call is authorized before it executes and every invocation is logged.
How it works
MCP client ─────► Vengtoo MCP Gateway ─────► downstream MCP server
(Claude Code, │ authorize each
Cursor, …) │ tool call first
└── Vengtoo Cloud or Vengtoo Agent (localhost:8181)
The gateway runs as a stdio MCP server. Your client talks to it exactly as it would talk to the real server; the gateway spawns the downstream server, forwards the tools it exposes, and gates each call.
Two modes
Configure either cloudUrl or agentUrl in your gateway.config.json — the gateway connects to whichever is set.
| Mode | Decision point | When to use |
|---|---|---|
| Cloud | Vengtoo Cloud (api.vengtoo.com) evaluating your managed policies | Centrally managed policies, shared across deployments, full Decision Log |
| Local | Vengtoo Agent on localhost:8181 | Offline, self-contained, no cloud account needed |
Quick start (cloud mode)
1. Create a gateway.config.json
{
"vengtoo": {
"cloudUrl": "https://api.vengtoo.com/access/v1/evaluation",
"apiKey": "azx_..."
},
"subject": "agent:ai-assistant",
"servers": {
"database": {
"command": "node",
"args": ["./my-database-mcp-server.js"]
}
}
}
The API key can also be supplied via VENGTOO_API_KEY.
2. Point your MCP client at the gateway
claude mcp add --transport stdio vengtoo-gateway -- \
npx vengtoo-mcp-gateway --config /path/to/gateway.config.json
Your agent now calls tools through the gateway, and every call is authorized against your Vengtoo policies before it executes. Tool inventory, decisions, and subjects are visible in the Vengtoo console.
Local mode (no cloud account)
Install and start the Vengtoo Agent locally, then scaffold a policy for your tools:
npx vengtoo-mcp-gateway --config ./gateway.config.json --generate-policy ./policy.rego
The gateway connects to each downstream server, discovers all tools, and generates a starter policy file classified by trust level — read-only tools allowed, write operations requiring explicit approval, destructive operations blocked by default:
package vengtoo.mcp
default allow := false
# LOW trust — allowed for all approved agents
allow if { input.resource.name == "database__query" }
allow if { input.resource.name == "database__list_tables" }
# MEDIUM trust — allowed for specific agents
allow if {
input.resource.name == "database__execute"
input.subject.id in {"agent:cursor", "agent:claude"}
}
# HIGH trust — uncomment to allow (destructive operations)
# allow if {
# input.resource.name == "database__drop_table"
# input.subject.id == "agent:claude"
# }
Review the file, adjust the rules, and start the agent:
vengtoo-agent --policy ./policy.rego
Then use the same gateway.config.json with agentUrl instead of cloudUrl:
{
"vengtoo": {
"agentUrl": "http://localhost:8181"
},
"subject": "agent:dev-assistant",
"servers": {
"database": {
"command": "node",
"args": ["./my-database-mcp-server.js"]
}
}
}
For centralized policy management, audit logs, and multi-agent visibility, point the gateway at Vengtoo Cloud instead — swap agentUrl for cloudUrl and add your API key.
Configuration
| Field | Type | Required | Description |
|---|---|---|---|
vengtoo.cloudUrl | string | * | Vengtoo Cloud evaluation URL (cloud mode). Env: VENGTOO_CLOUD_URL |
vengtoo.agentUrl | string | * | URL of a local Vengtoo Agent (local mode). Env: VENGTOO_AGENT_URL |
vengtoo.apiKey | string | API key from the Vengtoo console. Env: VENGTOO_API_KEY | |
vengtoo.clientId | string | OAuth2 client ID — alternative to apiKey when using client credentials | |
vengtoo.clientSecret | string | OAuth2 client secret. Use together with clientId | |
vengtoo.timeoutMs | number | Authorization request timeout in ms (default: 10000) | |
vengtoo.blockOnDrift | boolean | Block CRITICAL-severity drifted tools locally in local mode (default: false) | |
subject | string | yes | Identity of the agent making tool calls. Env: VENGTOO_SUBJECT |
subjectType | string | Subject type (default: "agent") | |
resourceType | string | Resource type for authorization checks (default: "mcp_tool") | |
servers | object | yes | Map of downstream MCP servers to proxy |
* Provide either cloudUrl (cloud mode) or agentUrl (local mode).
Each entry under servers:
| Field | Type | Required | Description |
|---|---|---|---|
command | string | yes | Command to spawn the MCP server |
args | string[] | Command arguments | |
env | object | Additional environment variables |
The optional audit block configures where tool call records are forwarded:
| Field | Type | Required | Description |
|---|---|---|---|
audit.forwardUrl | string | Endpoint to receive audit events. Defaults to <agentUrl>/v1/agent-logs/ingest when agentUrl is set | |
audit.tenantId | string | Tenant ID attached to every forwarded event |
CLI flags
| Flag | Description |
|---|---|
--config <path> | Path to the gateway config file (default: ./gateway.config.json) |
--list-tools | List all tools from the configured downstream servers and exit |
--generate-policy [path] | Discover tools and generate a trust-classified starter policy (default: policy.rego) |
MCP client setup
The gateway runs as a stdio MCP server — point your client at it instead of the downstream server.
Claude Code
claude mcp add --transport stdio vengtoo-gateway -- \
npx vengtoo-mcp-gateway --config /path/to/gateway.config.json
Cursor
Add to .cursor/mcp.json:
{
"mcpServers": {
"vengtoo-gateway": {
"command": "npx",
"args": [
"vengtoo-mcp-gateway",
"--config",
"/path/to/gateway.config.json"
]
}
}
}
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"vengtoo-gateway": {
"command": "npx",
"args": [
"vengtoo-mcp-gateway",
"--config",
"/path/to/gateway.config.json"
]
}
}
}
VS Code / GitHub Copilot
Add to .vscode/mcp.json:
{
"servers": {
"vengtoo-gateway": {
"type": "stdio",
"command": "npx",
"args": [
"vengtoo-mcp-gateway",
"--config",
"/path/to/gateway.config.json"
]
}
}
}
Source
github.com/vengtoo/mcp-gateway — Apache-2.0 licensed.