I Built an Open-Source Security Gateway for MCP Because the Ecosystem Desperately Needs One

If you've set up MCP (Model Context Protocol) servers for your AI clients, you know the setup: each client gets its own config listing every MCP server it connects to. Claude Desktop, Cursor, VS Code — each maintaining separate configs, separate credentials, separate connections. No centralized management, no visibility, no security. The Problem Three issues make this unsustainable: No visibility. When an AI agent calls a tool, nobody knows. There's no centralized audit trail. No way to see what's being called, how often, or by whom. No access control. Every MCP server trusts every client equally. A junior developer's AI assistant has the same tool access as a senior engineer's. No trust boundary. Trail of Bits' OpenClaw research demonstrated that MCP servers are vulnerable to tool poisoning, prompt injection, and credential theft. There's nothing between the AI client and the MCP server checking if an operation should happen. The Solution I built MCP Gateway — a self-hosted proxy that