Skip to main content
Glama
jamalla

mcp-gateway-worker

by jamalla

MCP Gateway Worker

Cloudflare Worker gateway that exposes MCP-compatible JSON-RPC (/mcp) and REST test endpoints (/tools, /tools/:name/call) over a single unified tool registry.

Live deployment

  • Worker URL: https://mcp-gateway-worker.to-jamz.workers.dev

  • MCP endpoint: https://mcp-gateway-worker.to-jamz.workers.dev/mcp

Related MCP server: Remote MCP Server

Setup

pnpm install
pnpm wrangler secret put DOMAIN_SHARED_SECRET
pnpm dev

Build and verify

pnpm install
pnpm build
pnpm test

Targeted suites:

pnpm test:contract
pnpm test:validation
pnpm test:e2e

Deploy to Cloudflare

pnpm wrangler login
pnpm wrangler secret put DOMAIN_SHARED_SECRET
pnpm wrangler deploy

Production checklist before deploy:

  • Replace local values in wrangler.toml (DOMAIN_A_URL, DOMAIN_B_URL, ALLOWED_ORIGINS).

  • Replace CLIENT_AUTH_TOKEN and set least-privilege CLIENT_ALLOWED_SCOPES.

  • Confirm upstream domain workers are reachable from Cloudflare.

Environment and secrets

wrangler.toml local vars:

  • ENVIRONMENT

  • DOMAIN_A_URL

  • DOMAIN_B_URL

  • ALLOWED_ORIGINS

  • AUTH_MODE

  • CLIENT_AUTH_TOKEN

  • CLIENT_ALLOWED_SCOPES

  • UPSTREAM_TIMEOUT_MS

  • REQUEST_BODY_MAX_BYTES

  • TOOL_ARGUMENT_MAX_BYTES

Required secret:

  • DOMAIN_SHARED_SECRET

Authentication model

  • Client -> Gateway: Authorization: Bearer <CLIENT_AUTH_TOKEN> (static-token mode).

  • Gateway -> Domain workers: Authorization: Bearer <DOMAIN_SHARED_SECRET>.

  • Trusted scopes source: CLIENT_ALLOWED_SCOPES (gateway does not trust raw scope headers directly for authorization).

Trust boundary

  • Gateway is the policy enforcement boundary for auth, scope checks, origin checks, and canonical error mapping.

  • Domain workers are upstream execution targets and are treated as untrusted for response shape (gateway validates upstream payloads).

Guardrails

  • Origin checks apply only when an Origin header is present.

  • Request and argument size limits are centralized via env-backed limits.

  • Upstream calls use timeout/retry handling and normalize exceptions to canonical UPSTREAM_ERROR.

Endpoints

  • GET /health -> { "status": "ok", "environment": "..." }

  • GET /tools -> unified tool catalog

  • POST /tools/:name/call -> REST tool invocation

  • POST /mcp -> MCP JSON-RPC (tools/list, tools/call)

Use this MCP from any IDE

Any IDE/editor MCP client that supports HTTP/JSON-RPC can connect to this endpoint:

  • URL: https://mcp-gateway-worker.to-jamz.workers.dev/mcp

  • Method: POST

  • Header: Authorization: Bearer <CLIENT_AUTH_TOKEN>

  • Header: Content-Type: application/json

Generic MCP client config shape:

{
	"mcpServers": {
		"mcp-gateway-worker": {
			"transport": "http",
			"url": "https://mcp-gateway-worker.to-jamz.workers.dev/mcp",
			"headers": {
				"Authorization": "Bearer <CLIENT_AUTH_TOKEN>"
			}
		}
	}
}

Quick connectivity test:

curl -s -X POST https://mcp-gateway-worker.to-jamz.workers.dev/mcp \
	-H "Authorization: Bearer <CLIENT_AUTH_TOKEN>" \
	-H "content-type: application/json" \
	-d '{"jsonrpc":"2.0","id":"1","method":"tools/list","params":{}}'

If your IDE uses a different MCP schema (for example command-based wrappers), map it to the same HTTP endpoint and headers above.

IDE-specific examples

The exact file path/key name can vary by IDE version, but these templates are the common setup patterns.

VS Code (MCP extension/client)

settings.json example:

{
	"mcp.servers": {
		"mcp-gateway-worker": {
			"transport": "http",
			"url": "https://mcp-gateway-worker.to-jamz.workers.dev/mcp",
			"headers": {
				"Authorization": "Bearer <CLIENT_AUTH_TOKEN>"
			}
		}
	}
}

Cursor

.cursor/mcp.json example:

{
	"mcpServers": {
		"mcp-gateway-worker": {
			"transport": "http",
			"url": "https://mcp-gateway-worker.to-jamz.workers.dev/mcp",
			"headers": {
				"Authorization": "Bearer <CLIENT_AUTH_TOKEN>"
			}
		}
	}
}

Windsurf

MCP config example:

{
	"mcpServers": {
		"mcp-gateway-worker": {
			"transport": "http",
			"url": "https://mcp-gateway-worker.to-jamz.workers.dev/mcp",
			"headers": {
				"Authorization": "Bearer <CLIENT_AUTH_TOKEN>"
			}
		}
	}
}

JetBrains AI Assistant / IDE MCP client

MCP server entry example:

{
	"name": "mcp-gateway-worker",
	"transport": "http",
	"url": "https://mcp-gateway-worker.to-jamz.workers.dev/mcp",
	"headers": {
		"Authorization": "Bearer <CLIENT_AUTH_TOKEN>"
	}
}

If your IDE only supports command-based MCP launchers, create a tiny local proxy/wrapper that forwards to this HTTP endpoint with the same Authorization header.

Examples

curl -s http://127.0.0.1:8787/health
curl -s http://127.0.0.1:8787/tools \
	-H "Authorization: Bearer replace-me"
curl -s -X POST http://127.0.0.1:8787/tools/sum/call \
	-H "Authorization: Bearer replace-me" \
	-H "content-type: application/json" \
	-d '{"arguments":{"a":5,"b":7}}'
curl -s -X POST http://127.0.0.1:8787/mcp \
	-H "Authorization: Bearer replace-me" \
	-H "content-type: application/json" \
	-d '{"jsonrpc":"2.0","id":"1","method":"tools/list","params":{}}'

Compatibility guard policy

  • Canonical MCP error payloads are treated as compatibility contracts.

  • tests/contract/mcp-errors.snapshot.test.ts enforces stable error.code, error.data.error_code, and snapshot shape.

  • Breaking payload changes require explicit contract/versioning updates and corresponding test updates.

Scripts

  • pnpm dev

  • pnpm build

  • pnpm test

  • pnpm test:contract

  • pnpm test:validation

  • pnpm test:e2e

  • pnpm test:snapshots

F
license - not found
-
quality - not tested
D
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/jamalla/mcp-gateway-worker'

If you have feedback or need assistance with the MCP directory API, please join our Discord server