MCP Gateway

MCP Gateway – API & Self-Service Portal

This repository contains the MCP Gateway, an enterprise solution to expose, manage and consume tools (internal APIs) in a secure, scalable and auditable way, with RBAC authentication and self-service portal.

Summary

Overview
Folder Structure
How to Spin (Development)
Features
RBAC Structure Example
Security
API Documentation
System Requirements
Complete Documentation
Good Practices and Observations

Overview

The MCP Gateway consists of:

Backend: FastAPI + RBAC + JWT + JSON persistence (NoSQL ready)
Frontend: React (Vite) running integrated with the backend (build in /frontend/dist served as static)

Folder Structure

mcp-server/
├── app/                # Backend FastAPI
│   ├── main.py         # Entrypoint
│   ├── config.py       # Configurações
│   ├── auth.py         # Autenticação/JWT
│   ├── utils/          # Utilitários (RBAC, dependências)
│   └── groups/
│       ├── routes.py   # Rotas (APIs)
│       └── tools.py    # Utilitários de permissão
├── data/               # Dados persistentes
│   └── rbac.json       # Usuários, grupos, permissões
├── frontend/           # Portal React (Vite)
│   ├── src/            # Código-fonte React
│   └── dist/           # Build de produção (servido pelo FastAPI)
├── requirements.txt    # Dependências Python
├── README.md           # Este documento
└── ...

How to Spin (Development)

1. Backend (FastAPI)

python -m venv venv
.\venv\Scripts\activate
pip install -r requirements.txt
uvicorn app.main:app --reload

2. Frontend (React)

cd frontend
npm install
npm run dev

Go to: http://localhost:5173 (dev) or http://localhost:8000 (prod)

3. Frontend Build for Production

cd frontend
npm run build

The files will be generated in frontend/dist . FastAPI can serve these files automatically.

Features

JWT Login (user, group admin, global admin)
Group, User, and Tool Management (CRUD)
Dynamic creation of tools by group admin
Safe consumption of tools via portal
Healthcheck, registration, automatic documentation (Swagger)
Ready for NoSQL database integration and SSO

RBAC Structure Example

See data/rbac.json for example users, groups, and permissions.

Security

JWT, RBAC, share registry
Ready for CORS, HTTPS, rate limiting, etc.

API Documentation

Go to /docs for Swagger or /redoc for Redoc.

System Requirements

See the docs/REQUISITOS.md file for detailed functional, non-functional, and business requirements.

Complete Documentation

Detailed project documentation is centralized in the docs/ folder:

docs/REQUISITOS.md : System requirements
docs/API.md : Endpoints and API usage examples
docs/ARQUITETURA.md : Technical architecture
docs/SEGURANCA.md : Security and best practices
docs/GOVERNANCA.md : Governance and roles
docs/OPERACIONAL.md : Operation, monitoring and troubleshooting
docs/CHANGELOG.md : Version history

Good Practices and Observations

Keep dependencies up to date.
Use virtual environments for Python.
Always build the frontend before deploying to production.
See the documentation for the other modules in docs/ .
Tip: Use issues and pull requests to propose changes and maintain a history of decisions.

This document should be reviewed and updated periodically to reflect changes in the design.

This server cannot be installed

security - not tested

license - not found

quality - not tested

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

A secure bridge that enables Large Language Models (LLMs) to interact with enterprise APIs and services in a controlled, contextualized way.

Related MCP Servers

YARR Media Stack MCP Server
jmagar
-
security
F
license
-
quality
A comprehensive Model Context Protocol server that bridges LLMs with self-hosted media services, enabling natural language control of TV shows, movies, downloads, and notifications while maintaining traditional API access.
Last updated -
TypeScript
Alpaca MCP Server
miguelyad26
-
security
A
license
-
quality
A Model Context Protocol server that enables LLMs like Claude to interact with the Alpaca trading API, allowing for trading stocks, checking positions, fetching market data, and managing accounts through natural language.
Last updated -
Python
MIT License
OpenAPI MCP Server
rahgadda
-
security
A
license
-
quality
A Model Context Protocol Server that enables LLMs to interact with and execute REST API calls through natural language prompts, supporting GET/PUT/POST/PATCH operations on configured APIs.
Last updated -
5
Python
Apache 2.0
LSP MCP Server
Tritlo
-
security
A
license
-
quality
Bridges Large Language Models with Language Server Protocol interfaces, allowing LLMs to access LSP's hover information, completions, diagnostics, and code actions for improved code suggestions.
Last updated -
2
TypeScript
MIT License

View all related MCP servers