HN Showcase
Back to browse
GitHub Repository

Zero trust gateway for MCP servers. Aggregate, filter, and securely access MCP tools from anywhere without VPNs, open ports, or exposed endpoints. Built on OpenZiti, zrok, and Agora with cryptographic identity, mTLS, per-client isolation, and tool-level permission control.

36 starsGo

MCP Gateway – Zero-Trust Access to MCP Tool Servers

by michaelquigley·Apr 9, 2026·4 points·2 comments
Visit ProjectView on HN

AI Analysis

●●SolidBig BrainSolve My Problem

Zero-trust MCP sharing over OpenZiti with no listening ports or VPN setup required.

Strengths
  • Permission filtering removes tools from schema entirely, not just runtime checks
  • Aggregates multiple backends into single namespaced tool registry
  • Works through NATs and firewalls without port forwarding
Weaknesses
  • Requires zrok v2.0.x which is still in release candidate
  • Emerging MCP ecosystem means limited third-party server availability
Target Audience

Teams building with MCP servers who need secure remote access

Similar To

Tailscale · ZeroTier · ngrok

Post Description

MCP servers work great locally over stdio... until you need one on another machine, or want to share tools across a team. Most approaches to that involve exposing endpoints and managing network access. I built a tool that keeps remote MCP as simple and secure as local stdio.

mcp-bridge wraps any stdio MCP server in one command and shares it over a zrok/OpenZiti overlay. mcp-gateway aggregates multiple backends... local stdio servers and remote shares... into a single connection with a unified, namespaced tool registry. Permission filtering removes tools from the schema entirely... they're not checked at runtime, they're gone from the registry. No listening ports, no VPN, no port forwarding. Your MCP server doesn't change.

Go, Apache 2.0, single binaries, part of the OpenZiti project. Works seamlessly with the llm-gateway I introduced a couple of weeks ago.

Similar Projects

Infrastructure●●Solid

LLM-Gateway – Zero-Trust LLM Gateway

Zero-trust networking via zrok beats LiteLLM when your GPUs sit behind NAT.

Big BrainSolve My Problem
michaelquigley
712mo ago
Developer Tools●●Solid

MCP-X – Single-file multi-client MCP gateway with per-tool access ctrl

Single-file + live-reload is the practical win here: point your agents at one static URL and you can swap or share upstream MCP servers on the fly via TOML edits or the REST API. The per-tool fnmatch allow-lists, owner registration, and JWT/static token options show the author thought about multi-tenant workflows, but this is a focused infra tool — great when you actually run many MCP servers, less interesting otherwise.

Niche GemShip It
littleRound
204mo ago