A proxy for Model Context Protocol (MCP) servers that adds authentication, authorization, and enterprise features to any MCP backend. Transform your local MCP servers into secure, scalable services ready for remote access.
MCP servers are often developed for local use with stdio transport, making them unsuitable for production environments where remote access, authentication, and scalability are required. MCP Proxy bridges this gap by providing a layer in front of any MCP server, enabling enterprise deployment while preserving the original MCP functionality.
-
🔐 OAuth RFC 8414 and RFC 9728 compliant
-
Support for
.well-known/oauth-protected-resourceand.well-known/oauth-authorization-serverendpoints -
Both endpoints are configurable
-
🛡️ Several JWT validation methods
-
Delegated to external systems like Istio
-
Locally validated based on JWKS URI and CEL expressions for claims
-
🔄 Transport bridging
-
Accept StreamableHTTP and Stdio requests and forward to HTTP or stdio MCP backends
-
Enable remote access to local MCP servers
-
📋 Access logs can exclude or redact fields
-
🚀 Production-ready: Included full examples, Dockerfile, Helm Chart and GitHub Actions for CI
-
⚡ Super easy to extend: Production vitamins added to a good juice: mcp-go
Deploy to Kubernetes using the Helm chart located in the chart/ directory.
- Go 1.24+
Modify the entire codebase and execute make run
Note: Default YAML config executing the previous command start the server as an HTTP server forwarding to a Stdio server. Other needs? just modify the Makefile to use other YAML provided in examples.
Several configuration examples are available here
All contributions are welcome! Whether you're reporting bugs, suggesting features, or submitting code — thank you! Here’s how to get involved:
▸ Open an issue to report bugs or request features
▸ Submit a pull request to contribute improvements
MCP Proxy is licensed under the Apache 2.0 License.