mattergate
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mattergatelist my permitted MCP tools"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Mattergate
A self-hostable MCP permissions gateway for legal-tech systems.
The goal is simple: connect legal apps once, then expose only the MCP tools each team member should actually use. Mattergate is not a data lake. It is a thin policy and audit layer over vendor APIs.
Current status
This is a scaffold. It includes:
TypeScript npm workspace project
Policy engine with job-title presets and deny precedence
Connector SDK with a mock legal connector
MCP gateway core that filters visible tools and enforces permissions on invocation
Minimal HTTP server and CLI placeholders
Lightweight admin UI scaffold
Public landing page app for the open-source project
Research and planning docs
Real Lawmatics/Filevine/Clio/MyCase/etc. connectors come later.
Related MCP server: MCPGate
Why this exists
Legal-tech APIs are inconsistent. Some vendors enforce the authenticated user's in-app permissions. Others expose broad account-level API access, weak scopes, service-account access, or docs that are silent. Lawmatics is the clearest reason to build a policy gateway: its public OAuth docs state that it does not support scopes and authorization grants full CRUD access to the account.
Quick start
npm install
npm run verify
npm run dev:serverIn another shell:
curl http://127.0.0.1:4317/health
curl -H 'x-legal-mcp-user-id: demo-paralegal' http://127.0.0.1:4317/toolsAdmin UI scaffold:
npm run dev:adminPublic landing page:
npm run dev:landingRepository layout
apps/
server/ Minimal HTTP gateway API scaffold
cli/ Local stdio/CLI scaffold
admin/ Lightweight admin UI scaffold
landing/ Public open-source project landing page
packages/
core/ Shared domain types, errors, audit helpers, external-content labels
policy/ RBAC/ABAC evaluator and job-title presets
connectors/ Connector SDK and mock legal connector
mcp/ Tool filtering and policy-enforced invocation core
docs/
architecture.md
connector-development.md
deployment.md
policy-model.md
project-plan.md
project-tracker.md
research/ Ignored local research markdown filesSecurity posture
Bring-your-own vendor OAuth app/client credentials. Do not ship shared client secrets.
Encrypt OAuth refresh tokens, API keys, and vendor client secrets before any real connector work.
Hide tools a user cannot invoke, but also enforce permission checks on every invocation.
Default writes to dry-run where possible.
Label external vendor content as untrusted data.
Audit metadata, not raw legal content.
License
MIT.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/dschnurbusch/mattergate'
If you have feedback or need assistance with the MCP directory API, please join our Discord server