Open source · Apache 2.0
A stateless Go proxy that exposes REST APIs, shell commands, and custom scripts as MCP tools. No code, no plugins — just config.
Features
01 / 21
Auto-generates MCP tools from any OpenAPI 3.0 spec. Input schemas are derived automatically, jq transforms applied, and everything validated at startup with dry-run checks.
Expose kubectl, aws, gh, or any CLI as MCP tools. Template-based argument interpolation with shell-escape security — no injection risk.
Custom tool logic in a sandboxed Sobek runtime. Full access to ctx.fetch(), ctx.env, and ctx.log() — no Node.js required.
Proxy multiple HTTP, command, and script backends from a single instance. Prefix-based namespacing ensures tool names never collide across upstreams.
JWT, OAuth2 Client Credentials, API key, token introspection, Lua, and JavaScript — both inbound (client → proxy) and outbound (proxy → upstream). Per-operation bypass supported.
RFC 9535 JSONPath overlays to customize tool names, descriptions, jq transforms, and behavior without ever touching the original spec.
Serve different tool subsets at different MCP endpoints. JSONPath filters let you create read-only, premium, or role-based views from the same upstreams.
fsnotify-based live reload with atomic symlink detection — Kubernetes ConfigMap-aware by design. Config changes take effect without dropping any in-flight requests.
OpenAPI specs are re-fetched on a configurable interval with ETag/conditional GET support. Updates are swapped in atomically with zero downtime.
OTLP traces with MCP-specific span attributes, Prometheus metrics, and W3C Trace Context propagation. Plug into any existing observability stack.
MCPProxy and MCPUpstream CRDs for declarative configuration. Annotation-based upstream auto-discovery. Helm chart included.
Embed the proxy as a Go library. Register custom tool providers via the registry pattern. Tree-shaking ensures unused strategies are excluded from your binary.
Connection pooling, mTLS, HTTP/2, TLS session caching, and SOCKS5 proxy support for production-grade upstream connectivity.
Token-bucket rate limits per tool, keyed by client IP, authenticated user, or MCP session ID. Burst allowances and per-operation overrides via overlays.
Per-upstream circuit breaker with configurable failure threshold, rolling window, and half-open probe. Prevents cascading failures when an upstream goes down.
In-process chromem-go vector index lets MCP clients find the right tool by natural-language description. Supports OpenAI embeddings or a fully local model.
TTL-based in-memory cache for tool responses. Per-user isolation when inbound auth is enabled. Automatically invalidated on spec refresh or hot-reload.
Tiktoken-compatible token counting on every tool response before it reaches the MCP client. Histogram metrics per tool and optional hard size limits.
Authorization Code flow with per-user token storage in Postgres or Redis. Each user accesses upstream APIs with their own identity — not a shared service account.
Embed mcp-anything as a native xcaddy handler. Caddy manages TLS and routing; no separate proxy process. Pre-built Docker image included.
Attach interactive HTML interfaces to OpenAPI-generated tools. Results render as sandboxed iframes inside Claude, VS Code, and other MCP hosts — no separate web app needed.