A web app that provides auth, rate limiting, and audit logging for MCP servers without teams having to build a gateway themselves

Every team deploying MCP servers has to hand-roll the same auth, rate limiting, and audit logging layer because MCP has no built-in controls. This creates duplicated infrastructure work and leaves AI agent pipelines without consistent access governance. A managed gateway sits in front of any MCP server and delivers OAuth/Entra auth, per-client rate limits, and an immutable audit trail out of the box.

Demand Breakdown

GitHub

877

OPENAI_FORUM

Social Proof 3 sources

Enterprise-ready MCP Gateway and Registry

@agentic-community · 2025-12-01

877 OA

Model Context Protocol MCP 2026 Roadmap: Scalability, Enterprise Auth, and Governance

@CallSphere · 2026-02-01

55 HN

Show HN: MCP Gateway - Unifying Access to MCP Servers Without N x M Integrations

2026-06-14

Gap Assessment

CompetitiveMultiple tools exist but differentiation opportunities remain

5 tools exist (MCPX by Lunar.dev, mcp-gateway-registry, Tyk MCP Gateway, Solo.io AgentGateway, Cordon) but gaps remain: Enterprise-only positioning and pricing; no self-serve or SMB path; closed-source and opaque on pricing; No managed hosted version; teams still have to self-host, maintain, and operate it themselves.

Features7 agent-ready prompts

OAuth and enterprise SSO auth at the MCP layer

▶

Per-client and per-tool rate limiting

▶

Immutable audit log with structured MCP call records

▶

MCP server registry and routing

▶

Policy rules engine for tool-level access control

▶

Workspace and team management with API key provisioning

▶

Real-time observability dashboard

▶

Competitive LandscapeFREE

Product	Does	Missing
MCPX by Lunar.dev	SOC 2 certified MCP gateway with immutable audit trail and access control; deployed at Fortune 200 enterprises and recognized by Gartner	Enterprise-only positioning and pricing; no self-serve or SMB path; closed-source and opaque on pricing
mcp-gateway-registry	Open source MCP gateway with OAuth, audit logging, and Keycloak/Entra integration; 690 GitHub stars	No managed hosted version; teams still have to self-host, maintain, and operate it themselves
Tyk MCP Gateway	Established API gateway company that added MCP support; auth and rate limiting via existing Tyk control plane	MCP is a bolt-on to a general API gateway, not purpose-built; MCP-specific audit semantics and agent identity models are shallow
Solo.io AgentGateway	MCP rate limiting and access control for enterprise service mesh deployments	Tied to Solo.io service mesh ecosystem; not a standalone product; requires existing Istio/Envoy infrastructure
Cordon	Open source security gateway for MCP tool calls with human-in-the-loop approvals and access control	Early open source with no managed offering; approval-flow focused, weak on rate limiting and structured audit logging

Notable VoicesFREE

@CallSphere55 likes · 2026-02-01

"Enterprise adoption of MCP is blocked by missing auth and governance layers. Every org deploys their own gateway because MCP has no built-in rate limiting or audit logging, making compliance and access control a bespoke engineering problem."