Skip to main content
Glama

Waygate MCP

by jeremylongshore
GitHub
Python
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Waygate MCP - Secure Containerized MCP Server Framework 🐳🔒

Version: 2.0.0 Status: Production-Ready Successor to: NEXUS MCP Architecture: Security-Hardened Docker Containers

🚀 Overview

Waygate MCP is an enterprise-grade Model Context Protocol (MCP) server framework built with security-first containerization. Unlike traditional virtual environment deployments, Waygate uses Docker containers for superior isolation, security, and reproducibility.

🔐 Why Containers > Virtual Environments

Security AspectVirtual EnvironmentContainerAdvantage
Process Isolation❌ Shared with host✅ Isolated namespacePrevents interference
Network Isolation❌ Uses host network✅ Private networkControls traffic
File System❌ Full host access✅ Isolated filesystemLimits breach impact
Resource Limits❌ No limits✅ cgroups limitsPrevents DoS
Privilege Escalation⚠️ Easier✅ Non-root userReduced attack surface

✨ Key Features

  • Security-Hardened Containers: Non-root execution, read-only filesystem, dropped capabilities
  • Production-Ready: Built with FastAPI for high performance
  • Diagnostic Excellence: Comprehensive troubleshooting tools and playbooks
  • Plugin Architecture: Extensible through modular plugins
  • Enterprise Features: SSL/TLS, rate limiting, monitoring built-in
  • One-Line Setup: Automated secure deployment with quickstart.sh

🚀 Quick Start (One Command!)

# Secure automated setup curl -sSL https://raw.githubusercontent.com/jeremylongshore/waygate-mcp/main/quickstart.sh | bash

Or clone and run locally:

git clone https://github.com/jeremylongshore/waygate-mcp.git cd waygate-mcp chmod +x quickstart.sh ./quickstart.sh

📋 Manual Installation

Prerequisites

  • Docker 20.10+
  • Docker Compose 2.0+
  • Git
  • 2GB+ disk space

Step-by-Step Setup

# 1. Clone the repository git clone https://github.com/jeremylongshore/waygate-mcp.git cd waygate-mcp # 2. Generate secure configuration export WAYGATE_SECRET_KEY=$(openssl rand -base64 32) export WAYGATE_API_KEY=$(uuidgen) # 3. Create environment file cat > .env << EOF WAYGATE_ENV=production WAYGATE_SECRET_KEY=${WAYGATE_SECRET_KEY} WAYGATE_API_KEY=${WAYGATE_API_KEY} EOF # 4. Build and start containers docker-compose build --pull --no-cache docker-compose up -d # 5. Verify health curl http://localhost:8000/health

Access Points

  • API: http://localhost:8000
  • Health Check: http://localhost:8000/health
  • Metrics: http://localhost:8000/metrics
  • Documentation: http://localhost:8000/docs (development mode)

📁 Project Structure

waygate-mcp/ ├── ai-dev-tasks/ # AI development documentation │ ├── PRDs/ # Product requirements │ ├── ADRs/ # Architecture decisions │ ├── tasks/ # Task breakdowns │ └── specifications/ # Technical specs ├── src/ # Source code ├── tests/ # Test suites ├── docs/ # Documentation ├── scripts/ # Utility scripts └── configs/ # Configuration files

🐳 Development Mode

# Run in development mode with hot reload docker-compose -f docker-compose.yml -f docker-compose.dev.yml up # Access container shell for debugging docker-compose exec waygate /bin/bash # View logs docker-compose logs -f waygate

🔧 Configuration

Configuration via environment variables in .env file:

# Environment WAYGATE_ENV=production # production/development WAYGATE_LOG_LEVEL=INFO # DEBUG/INFO/WARNING/ERROR # Security (CHANGE THESE!) WAYGATE_SECRET_KEY=<generated> # Generate with: openssl rand -base64 32 WAYGATE_API_KEY=<generated> # Generate with: uuidgen # Network WAYGATE_CORS_ORIGINS=["https://yourdomain.com"] WAYGATE_RATE_LIMIT=100 # Requests per minute # Resources WAYGATE_MAX_REQUEST_SIZE=10485760 # 10MB

🛡️ Security Features

Container Security

  • Non-root user: Runs as UID 1000 (waygate user)
  • Read-only filesystem: Writable volumes only where needed
  • Dropped capabilities: All capabilities dropped except NET_BIND_SERVICE
  • No new privileges: Prevents privilege escalation
  • Resource limits: CPU (2 cores) and Memory (1GB) limits
  • Network isolation: Custom Docker network with defined subnet
  • Secrets management: Environment-based with .env file

Application Security

  • API key authentication: Required for API access
  • Rate limiting: Configurable per-endpoint limits
  • CORS protection: Configurable allowed origins
  • Input validation: Pydantic models for all inputs
  • SSL/TLS ready: Nginx configuration included

📊 API Endpoints

EndpointMethodDescription
/GETService information
/healthGETHealth check
/readyGETReadiness check
/metricsGETPrometheus metrics
/mcp/executePOSTExecute MCP command
/mcp/statusGETMCP engine status
/pluginsGETList plugins
/diagnostics/connectionGETConnection diagnostics
/diagnostics/performanceGETPerformance diagnostics

🔍 Diagnostics

Run diagnostics to troubleshoot issues:

# Check server status curl http://localhost:8000/health # Run connection diagnostics curl http://localhost:8000/diagnostics/connection # Check performance metrics curl http://localhost:8000/diagnostics/performance

🚦 Development

Running Tests

pytest tests/ -v --cov=src

Code Quality

# Format code black src/ tests/ # Lint flake8 src/ tests/ # Type checking mypy src/

📝 Documentation

  • PRD: ai-dev-tasks/PRDs/00-prd-waygate-mcp-framework.md
  • Architecture: ai-dev-tasks/ADRs/ADR-001-core-architecture.md
  • Tech Spec: ai-dev-tasks/specifications/tech-spec-waygate-mcp.md
  • Tasks: ai-dev-tasks/tasks/00-tasks-waygate-mcp-implementation.md

🔄 Migration from NEXUS MCP

NEXUS MCP has been archived at /home/jeremy/projects/archived/NEXUS_MCP.

To migrate:

  1. Export NEXUS configuration
  2. Transform to Waygate format
  3. Deploy Waygate instance
  4. Verify functionality

🤝 Contributing

  1. Create feature branch
  2. Make changes
  3. Run tests
  4. Submit PR

📄 License

Open Source - MIT License

🆘 Support

For issues or questions, check the documentation in ai-dev-tasks/ or create an issue.

Built with AI Assistance - Developed with Claude (Anthropic) Maintained by: Jeremy Longshore Last Updated: 2025-01-14

This server cannot be installed

-
security - not tested
F
license - not found
-
quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

A security-hardened, containerized MCP server framework that provides superior isolation and enterprise-grade security through Docker containers. Enables secure MCP command execution with comprehensive diagnostics, plugin architecture, and production-ready features like SSL/TLS and rate limiting.

  1. 🚀 Overview
    1. 🔐 Why Containers > Virtual Environments
      1. ✨ Key Features
        1. 🚀 Quick Start (One Command!)
          1. 📋 Manual Installation
            1. Prerequisites
            2. Step-by-Step Setup
            3. Access Points
          2. 📁 Project Structure
            1. 🐳 Development Mode
              1. 🔧 Configuration
                1. 🛡️ Security Features
                  1. Container Security
                  2. Application Security
                2. 📊 API Endpoints
                  1. 🔍 Diagnostics
                    1. 🚦 Development
                      1. Running Tests
                      2. Code Quality
                    2. 📝 Documentation
                      1. 🔄 Migration from NEXUS MCP
                        1. 🤝 Contributing
                          1. 📄 License
                            1. 🆘 Support

                              New MCP Servers

                              MCP directory API

                              We provide all the information about MCP servers via our MCP API.

                              curl -X GET 'https://glama.ai/api/mcp/v1/servers/jeremylongshore/waygate-mcp'

                              If you have feedback or need assistance with the MCP directory API, please join our Discord server