RGate MCP
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": false
} |
| prompts | {} |
| resources | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| start_scanA | Start a website release-readiness scan for a public URL across five layers: security, SEO, accessibility, legal compliance, and sustainability. Behavior: enqueues an asynchronous job and returns immediately with a scanId — it does NOT wait for results, and it fetches/renders the target site (not a read-only call). Returns { scanId, status, cached }; identical URLs within ~10 minutes return the cached scan. Next step: poll get_scan with the scanId until status is "done" or "failed". Use this first, once per site; do not busy-loop calling start_scan for the same URL. |
| get_scanA | Poll a scan and, once complete, return its structured results. Read-only. Returns { scan, findings, checkResults, techDetections, access, agentSummary }. scan.status moves through pending → running → retrying → done → failed; keep polling (every few seconds) until done or failed. On failed, a failure object explains the cause and next_action. access.level is none | teaser | full: teaser findings are diagnostic only (evidence, check keys, and fix text are redacted). To get full data, pass a report token via the token argument. If access.campaign is present the report is FREE right now — call unlock_report with an email to obtain that token instead of sending the user to checkout. |
| unlock_reportA | Unlock a completed scan's full findings and fix plan for free during an active campaign. Behavior: records the submitted email as a lead and issues a 24h report token (not read-only). Returns { token, expires_at, report_url }. Only works while a free campaign is active (otherwise returns 403 — use create_checkout_handoff instead). Call this only when get_scan shows access.campaign; then re-poll get_scan or call generate_fix_plan with the returned token. |
| list_checksA | Return the RGate scan-layer and check catalog. Read-only, static, no side effects — safe to call any time. Use it to plan a scan, explain coverage to a user, or map a finding to its layer. Pass a layer to focus on just that layer's checks. |
| get_pricingA | Return machine-readable RGate pricing: plan ids, names, prices (EUR/USD), billing period, scan limits, and best-fit use cases. Read-only, static, no arguments. Use to answer pricing questions or choose a planId for create_checkout_handoff. |
| create_checkout_handoffA | Create a human handoff URL for purchasing a full report or subscription after a scan is complete. Behavior: creates a checkout/upgrade link and returns { handoffUrl }. The agent CANNOT complete payment itself — give the URL to the user to finish in a browser. Use only when the report is paywalled (get_scan shows access.level teaser with payment_required true) AND no free campaign is active. During a campaign, prefer unlock_report. |
| generate_fix_planA | Build a prioritized, implementation-ready fix plan from a completed scan's findings: release blockers first, then high-impact follow-ups, then backlog. Read-only (derives from stored findings). Returns JSON (or Markdown). Requires full access: on a locked report it returns HTTP 402, or — during a campaign — a teaser with unlock instructions; pass a token from unlock_report or a paid unlock. Call after get_scan shows status done. |
| export_scan_markdownA | Export a completed scan as Markdown in one of three templates: cursor (an agent fix prompt), github (an issue body), or executive (a stakeholder summary). Read-only. Requires full access — pass a token for a locked report. Use to hand results into an IDE/coding agent or a ticket. |
| compare_scan_historyA | Diff two completed scans of the SAME domain and return added, resolved, improved, and worsened findings. Read-only. Both scans must be done. Use to verify that fixes landed between two runs, or to catch regressions after a deploy. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/marcoldenburg/rgate-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server