MCPProxy is an open-source desktop application that super-charges AI agents with intelligent tool discovery, massive token savings, and built-in security quarantine against malicious MCP servers.
Β Β Β Β
System Tray - Upstream Servers Β Β Β Β Β Β Β Β System Tray - Quarantine Management
- Scale beyond API limits β Federate hundreds of MCP servers while bypassing Cursor's 40-tool limit and OpenAI's 128-function cap.
- Save tokens & accelerate responses β Agents load just one
retrieve_toolsfunction instead of hundreds of schemas. Research shows ~99 % token reduction with 43 % accuracy improvement. - Advanced security protection β Automatic quarantine blocks Tool Poisoning Attacks until you manually approve new servers.
- Works offline & cross-platform β Native binaries for macOS (Intel & Apple Silicon), Windows (x64 & ARM64), and Linux (x64 & ARM64) with system-tray UI.
macOS (Recommended - DMG Installer):
Download the latest DMG installer for your architecture:
- Apple Silicon (M1/M2): Download DMG β
mcpproxy-*-darwin-arm64.dmg - Intel Mac: Download DMG β
mcpproxy-*-darwin-amd64.dmg
Alternative install methods:
macOS (Homebrew):
brew install smart-mcp-proxy/mcpproxy/mcpproxyManual download (all platforms):
Anywhere with Go 1.22+:
go install github.com/smart-mcp-proxy/mcpproxy-go/cmd/mcpproxy@latestmcpproxy serve # starts HTTP server on :8080 and shows trayEdit mcp_config.json (see below). Or ask LLM to add servers (see doc).
π Complete Setup Guide - Detailed instructions for Cursor, VS Code, Claude Desktop, and Goose
- Open Cursor Settings
- Click "Tools & Integrations"
- Add MCP server
"MCPProxy": {
"type": "http",
"url": "http://localhost:8080/mcp/"
}| Field | Description | Default |
|---|---|---|
listen |
Address the proxy listens on | :8080 |
data_dir |
Folder for config, DB & logs | ~/.mcpproxy |
enable_tray |
Show native system-tray UI | true |
top_k |
Tools returned by retrieve_tools |
5 |
tools_limit |
Max tools returned to client | 15 |
tool_response_limit |
Auto-truncate responses above N chars (0 disables) |
20000 |
docker_isolation |
Docker security isolation settings (see below) | enabled: false |
Main Commands:
mcpproxy serve # Start proxy server with system tray
mcpproxy tools list --server=NAME # Debug tool discovery for specific serverServe Command Flags:
mcpproxy serve --help
-c, --config <file> path to mcp_config.json
-l, --listen <addr> listen address (":8080")
-d, --data-dir <dir> custom data directory
--tray enable/disable system tray (default true, use --tray=false to disable)
--log-level <level> debug|info|warn|error
--read-only forbid config changes
--disable-management disable upstream_servers tool
--allow-server-add allow adding servers (default true)
--allow-server-remove allow removing servers (default true)
Tools Command Flags:
mcpproxy tools list --help
-s, --server <name> upstream server name (required)
-l, --log-level <level> trace|debug|info|warn|error (default: info)
-t, --timeout <duration> connection timeout (default: 30s)
-o, --output <format> output format: table|json|yaml (default: table)
-c, --config <file> path to mcp_config.json
Debug Examples:
# List tools with trace logging to see all JSON-RPC frames
mcpproxy tools list --server=github-server --log-level=trace
# List tools with custom timeout for slow servers
mcpproxy tools list --server=slow-server --timeout=60s
# Output tools in JSON format for scripting
mcpproxy tools list --server=weather-api --output=jsonMCPProxy provides Docker isolation for stdio MCP servers to enhance security by running each server in its own isolated container:
- Process Isolation: Each MCP server runs in a separate Docker container
- File System Isolation: Servers cannot access host file system outside their container
- Network Isolation: Configurable network modes for additional security
- Resource Limits: Memory and CPU limits prevent resource exhaustion
- Automatic Runtime Detection: Detects Python, Node.js, Go, Rust environments automatically
- Runtime Detection: Automatically detects server type (uvxβPython, npxβNode.js, etc.)
- Container Selection: Maps to appropriate Docker images with required tools
- Environment Passing: Passes API keys and config via secure environment variables
- Git Support: Uses full Docker images with Git for package installations from repositories
Add to your mcp_config.json:
{
"docker_isolation": {
"enabled": true,
"memory_limit": "512m",
"cpu_limit": "1.0",
"timeout": "60s",
"network_mode": "bridge",
"default_images": {
"python": "python:3.11",
"uvx": "python:3.11",
"node": "node:20",
"npx": "node:20",
"go": "golang:1.21-alpine"
}
},
"mcpServers": [
{
"name": "isolated-python-server",
"command": "uvx",
"args": ["some-python-package"],
"env": {
"API_KEY": "your-api-key"
},
"enabled": true
// Docker isolation applied automatically
},
{
"name": "custom-isolation-server",
"command": "python",
"args": ["-m", "my_server"],
"isolation": {
"enabled": true,
"image": "custom-python:latest",
"working_dir": "/app"
},
"enabled": true
}
]
}| Command | Detected Runtime | Docker Image |
|---|---|---|
uvx |
Python with UV package manager | python:3.11 |
npx |
Node.js with npm | node:20 |
python, python3 |
Python | python:3.11 |
node |
Node.js | node:20 |
go |
Go language | golang:1.21-alpine |
cargo |
Rust | rust:1.75-slim |
- Environment Variables: API keys and secrets are passed securely to containers
- Git Support: Full images include Git for installing packages from repositories
- No Docker-in-Docker: Existing Docker servers are automatically excluded from isolation
- Resource Limits: Prevents runaway processes from consuming system resources
- Network Isolation: Containers run in isolated network environments
# Check which servers are using Docker isolation
mcpproxy serve --log-level=debug --tray=false | grep -i "docker isolation"
# Monitor Docker containers created by MCPProxy
docker ps --format "table {{.Names}}\t{{.Image}}\t{{.Status}}"
# View container logs for a specific server
docker logs <container-id>MCPProxy provides seamless OAuth 2.1 authentication for MCP servers that require user authorization (like Cloudflare AutoRAG, GitHub, etc.):
- RFC 8252 Compliant: Dynamic port allocation for secure callback handling
- PKCE Security: Proof Key for Code Exchange for enhanced security
- Auto Browser Launch: Opens your default browser for authentication
- Dynamic Client Registration: Automatic client registration with OAuth servers
- Token Management: Automatic token refresh and storage
- Add OAuth Server: Configure an OAuth-enabled MCP server in your config
- Auto Authentication: MCPProxy detects when OAuth is required (401 response)
- Browser Opens: Your default browser opens to the OAuth provider's login page
- Dynamic Callback: MCPProxy starts a local callback server on a random port
- Token Exchange: Authorization code is automatically exchanged for access tokens
- Ready to Use: Server becomes available for tool calls immediately
Note: The
"oauth"configuration is optional. MCPProxy will automatically detect when OAuth is required and use sensible defaults in most cases. You only need to specify OAuth settings if you want to customize scopes or have pre-registered client credentials.
{
"mcpServers": [
{
"name": "cloudflare_autorag",
"url": "https://autorag.mcp.cloudflare.com/mcp",
"protocol": "streamable-http",
"enabled": true,
"oauth": {
"scopes": ["mcp.read", "mcp.write"],
"pkce_enabled": true
}
}
]
}OAuth Configuration Options (all optional):
scopes: OAuth scopes to request (default:["mcp.read", "mcp.write"])pkce_enabled: Enable PKCE for security (default:true, recommended)client_id: Pre-registered client ID (optional, uses Dynamic Client Registration if empty)client_secret: Client secret (optional, for confidential clients)
Enable debug logging to see the complete OAuth flow:
mcpproxy serve --log-level=debug --tray=falseCheck logs for OAuth flow details:
tail -f ~/Library/Logs/mcpproxy/main.log | grep -E "(oauth|OAuth)"Solve project context issues by specifying working directories for stdio MCP servers:
{
"mcpServers": [
{
"name": "ast-grep-project-a",
"command": "npx",
"args": ["ast-grep-mcp"],
"working_dir": "/home/user/projects/project-a",
"enabled": true
},
{
"name": "git-work-repo",
"command": "npx",
"args": ["@modelcontextprotocol/server-git"],
"working_dir": "/home/user/work/company-repo",
"enabled": true
}
]
}Benefits:
- Project isolation: File-based servers operate in correct directory context
- Multiple projects: Same MCP server type for different projects
- Context separation: Work and personal project isolation
Tool-based Management:
# Add server with working directory
mcpproxy call tool --tool-name=upstream_servers \
--json_args='{"operation":"add","name":"git-myproject","command":"npx","args_json":"[\"@modelcontextprotocol/server-git\"]","working_dir":"/home/user/projects/myproject","enabled":true}'
# Update existing server working directory
mcpproxy call tool --tool-name=upstream_servers \
--json_args='{"operation":"update","name":"git-myproject","working_dir":"/new/project/path"}'- Documentation: Configuration, Features, Usage
- Website: https://mcpproxy.app
- Releases: https://github.com/smart-mcp-proxy/mcpproxy-go/releases
We welcome issues, feature ideas, and PRs! Fork the repo, create a feature branch, and open a pull request. See CONTRIBUTING.md (coming soon) for guidelines.
{ "listen": ":8080", "data_dir": "~/.mcpproxy", "enable_tray": true, // Search & tool limits "top_k": 5, "tools_limit": 15, "tool_response_limit": 20000, "mcpServers": [ { "name": "local-python", "command": "python", "args": ["-m", "my_server"], "type": "stdio", "enabled": true }, { "name": "remote-http", "url": "http://localhost:3001", "type": "http", "enabled": true } ] }