ScopeGate – Granular permission gateway for AI agents (MCP, open-core)

Name: ScopeGate – Granular permission gateway for AI agents (MCP, open-core)
Availability: InStock
Author: jetbootsmaker

by jetbootsmaker·Mar 3, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●●BangerSolve My ProblemBig BrainZero to One

MCP permission proxy solves real AI agent over-permissioning—88% of orgs hit this problem.

Strengths

•Addresses genuine security gap: MCP servers default to full OAuth scopes with no per-agent granularity
•One-click revocation + audit trail across multiple services (Drive, Gmail, Slack, Notion) vs hunting IAM separately
•Granular controls (folder-level, read-only, rate limits) go beyond binary all-or-nothing access model

Weaknesses

•Early-stage: success depends on MCP ecosystem adoption and enterprise willingness to add middleware
•Self-hosted tier must compete against simpler 'no tool' status quo in risk-averse orgs

Post Description

88% of orgs have had AI agent security incidents, yet MCP servers run broad OAuth scopes with no way to restrict per agent.

After reading about the GitHub MCP exploit I got tired of cobbling together OAuth + custom middleware + prayer. ScopeGate is a permission proxy that sits between your AI agents and external services (Google Drive, Gmail, Calendar, etc).

You connect a service via OAuth, define granular scopes per agent (read-only, specific folders, rate limits), and get a unique MCP endpoint. Agent A can read one Drive folder but not write. Agent B can send email but not read inbox. One click revokes access across all services instantly.

Open-core, self-hostable — same features on cloud and self-hosted.