MCP Gateway

MCP Gateway – API & Self-Service Portal

This repository contains the MCP Gateway, an enterprise solution to expose, manage and consume tools (internal APIs) in a secure, scalable and auditable way, with RBAC authentication and self-service portal.

Summary

Overview
Folder Structure
How to Spin (Development)
Features
RBAC Structure Example
Security
API Documentation
System Requirements
Complete Documentation
Good Practices and Observations

Overview

The MCP Gateway consists of:

Backend: FastAPI + RBAC + JWT + JSON persistence (NoSQL ready)
Frontend: React (Vite) running integrated with the backend (build in /frontend/dist served as static)

Folder Structure

mcp-server/
├── app/                # Backend FastAPI
│   ├── main.py         # Entrypoint
│   ├── config.py       # Configurações
│   ├── auth.py         # Autenticação/JWT
│   ├── utils/          # Utilitários (RBAC, dependências)
│   └── groups/
│       ├── routes.py   # Rotas (APIs)
│       └── tools.py    # Utilitários de permissão
├── data/               # Dados persistentes
│   └── rbac.json       # Usuários, grupos, permissões
├── frontend/           # Portal React (Vite)
│   ├── src/            # Código-fonte React
│   └── dist/           # Build de produção (servido pelo FastAPI)
├── requirements.txt    # Dependências Python
├── README.md           # Este documento
└── ...

How to Spin (Development)

1. Backend (FastAPI)

python -m venv venv
.\venv\Scripts\activate
pip install -r requirements.txt
uvicorn app.main:app --reload

2. Frontend (React)

cd frontend
npm install
npm run dev

Go to: http://localhost:5173 (dev) or http://localhost:8000 (prod)

3. Frontend Build for Production

cd frontend
npm run build

The files will be generated in frontend/dist . FastAPI can serve these files automatically.

Features

JWT Login (user, group admin, global admin)
Group, User, and Tool Management (CRUD)
Dynamic creation of tools by group admin
Safe consumption of tools via portal
Healthcheck, registration, automatic documentation (Swagger)
Ready for NoSQL database integration and SSO

RBAC Structure Example

See data/rbac.json for example users, groups, and permissions.

Security

JWT, RBAC, share registry
Ready for CORS, HTTPS, rate limiting, etc.

API Documentation

Go to /docs for Swagger or /redoc for Redoc.

System Requirements

See the docs/REQUISITOS.md file for detailed functional, non-functional, and business requirements.

Complete Documentation

Detailed project documentation is centralized in the docs/ folder:

docs/REQUISITOS.md : System requirements
docs/API.md : Endpoints and API usage examples
docs/ARQUITETURA.md : Technical architecture
docs/SEGURANCA.md : Security and best practices
docs/GOVERNANCA.md : Governance and roles
docs/OPERACIONAL.md : Operation, monitoring and troubleshooting
docs/CHANGELOG.md : Version history

Good Practices and Observations

Keep dependencies up to date.
Use virtual environments for Python.
Always build the frontend before deploying to production.
Check the documentation for the other modules in docs/ .
Tip: Use issues and pull requests to propose changes and maintain a history of decisions.

This document should be reviewed and updated periodically to reflect changes in the design.

MCP Gateway

Integrations