Local gateway/control-plane MCP server for managing MCP server registry, project-scoped auth, and per-project tool access policies, now with a React dashboard.
- Registers MCP servers (
stdioorhttp) in a local gateway state file - Issues scoped tokens for clients/agents
- Enforces project-level allow/deny tool policies
- Exposes management actions as MCP tools so Codex/Claude/Hydra can self-serve under policy
gateway_list_serversgateway_register_servergateway_remove_servergateway_set_policygateway_list_policiesgateway_issue_tokengateway_list_tokensgateway_check_access
npm install
npm run build
npm run devBy default, state is stored at:
./data/gateway-state.json
Override with:
MCP_GATEWAY_STATE_PATH=/absolute/path/state.json
The dashboard is a React + Vite app with tokenized theming (light default, dark secondary) and card-based MD3-inspired layout.
Terminal 1 (API):
npm run dashboard:apiTerminal 2 (UI):
npm --prefix dashboard install
npm run dashboard:devOpen:
http://127.0.0.1:5174
The Vite dev server proxies /api/* to http://127.0.0.1:4311.
npm run dashboard:buildTo serve built static files from the API server:
npm run dashboard:apiIf dashboard/dist exists, it is served automatically.
- Project
hydracan allowgit.*andfs.read - Explicit deny can block dangerous operations like
git.push - Tokens can be limited to one project or
*
npm run dev- start MCP server over stdionpm run dashboard:api- start dashboard HTTP API (and static files when available)npm run dashboard:dev- start dashboard Vite dev servernpm run dashboard:typecheck- dashboard TypeScript validationnpm run dashboard:test- dashboard component + flow testsnpm run dashboard:build- dashboard production buildnpm run typecheck- TypeScript validationnpm test- gateway unit/integration testsnpm run build- compile todist/
- Tokens are stored locally in plaintext in the state file for MVP use
- Use filesystem permissions and avoid sharing the state file
- Layer this behind your own host-level auth if exposed beyond localhost
MIT