Free for teams up to 5 users

Self-hosted MCP gateway with PII rehydration and two-layer policy hooks.

Pseudonymize emails, names, IDs before the LLM sees them — rehydrate for the actual tool call. YAML hooks enforce policy at company and per-user scope, hot-reloaded. One endpoint for Claude, Codex, ChatGPT, Gemini.

Stores nothing in transit PII pseudonymized Self-hosted This site is cookie-free
Try the Demo Install
Jira Confluence GitHub M365 Notion + more Slack Grafana Figma Workspace GitLab Sentry
New · Beta Dynamic action discovery — the model searches your service catalog and activates only what it needs, on demand.

Why mcpgate?

Chains across your tool stack in one prompt

The AI knows which Jira ticket links to which MR links to which Slack thread. One prompt, no tab switching, no copy-paste.

# "What's blocking the Q2 release?"

jira: PBE-2674 → blocked by PBE-2701
gitlab: MR !891 awaiting review
slack: thread in #release, 14:32

# Answer assembled. No copy-paste.

Markdown to ADF, project templates, link-back — automatic

Pre-hooks apply Jira project templates, convert Markdown to Atlassian Document Format, link the ticket back to the Slack thread. The AI writes prose; the gateway handles the schema.

mcpgate 14:32
Created PBE-2842 from your Slack thread. Markdown converted to Jira ADF, project template applied, linked back to #release.
Open in Jira

Compliance: audit, sanitization, exfiltration alerts

PII pseudonymized before the LLM sees it, rehydrated for the actual tool call. The audit log captures every action plus byte volume — so a sudden 50 MB outbound spike at 3 am is visible, not invisible.

  • Pass-through architecture — stores nothing in transit
  • Per-user request volume with Slack alerts on threshold breach
  • Destructive actions require confirmed=true
  • Encrypted pseudonym mapping with 24h TTL

Works with every MCP‑compatible AI

Built for Claude Code first. One admin configures it at claude.ai — the entire team gets access in every session. No individual setup.

Connect as an App. Available in every conversation with read/write separation and user consent per action.

Codex, Gemini CLI, or your own agents. MCP is an open standard — if it speaks MCP, it works.

Up and running in minutes

01

Deploy

$ docker run -d \
    -v ./config:/config \
    -p 8080:8080 \
    mcpgate/mcpgate:latest
02

Configure

services:
  - slack
  - jira
  - google_workspace
  - gitlab
03

Connect your AI

mcpServers:
  mcpgate:
    url: "https://your-gateway/mcp"
    token: "mcp_..."

Read first

All posts →
10 min read · Compliance

What flows through, what gets blocked, what gets logged

Audit, PII sanitization, throughput as a DLP lens, policy hooks — four layers stacked on the same audit trail. How they fit together, and the data-exfiltration signal you do not want to be missing.

Read →
9 min read · Engineering

Dynamic action discovery isn’t novel. Doing it safely is.

Anthropic shipped Tool Search in November 2025. mcpproxy-go has BM25. Stacklok benchmarks 94% retrieval. What the gateway market converged on, and what mcpgate chose differently.

Read →
8 min read · Comparison

mcpgate vs Obot: which self-hosted MCP gateway?

Side-by-side: where Obot is the better choice (maturity, MIT license, Kubernetes day one), where mcpgate is (PII pseudonymization, two-layer policy hooks).

Read →

Try mcpgate now

Explore the full gateway with demo data. No signup, no install, no credit card.

Try the Demo Install Self-Hosted