mcp-gateway MCP — Anwendungsfälle, Installieren & Live-Demo

Warum nutzen

Hauptfunktionen

Proxies multiple upstream MCP servers with a unified interface
Plugins: basic secret-mask, Presidio PII, Lasso AI safety, Xetrack tracing, Security Scanner
Blocks or redacts instead of just logging — actually prevents leaks
Prompt injection detection on tool inputs
Drop-in via pip install mcp-gateway + mcp.json config

Live-Demo

In der Praxis

gateway.replay ▶ bereit

0/0

Installieren

Wählen Sie Ihren Client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "gateway": {
      "command": "uvx",
      "args": [
        "mcp-gateway"
      ],
      "_inferred": true
    }
  }
}

Öffne Claude Desktop → Settings → Developer → Edit Config. Nach dem Speichern neu starten.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "gateway": {
      "command": "uvx",
      "args": [
        "mcp-gateway"
      ],
      "_inferred": true
    }
  }
}

Cursor nutzt das gleiche mcpServers-Schema wie Claude Desktop. Projektkonfiguration schlägt die globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "gateway": {
      "command": "uvx",
      "args": [
        "mcp-gateway"
      ],
      "_inferred": true
    }
  }
}

Klicken Sie auf das MCP-Servers-Symbol in der Cline-Seitenleiste, dann "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "gateway": {
      "command": "uvx",
      "args": [
        "mcp-gateway"
      ],
      "_inferred": true
    }
  }
}

Gleiche Struktur wie Claude Desktop. Windsurf neu starten zum Übernehmen.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "gateway",
      "command": "uvx",
      "args": [
        "mcp-gateway"
      ]
    }
  ]
}

Continue nutzt ein Array von Serverobjekten statt einer Map.

~/.config/zed/settings.json

{
  "context_servers": {
    "gateway": {
      "command": {
        "path": "uvx",
        "args": [
          "mcp-gateway"
        ]
      }
    }
  }
}

In context_servers hinzufügen. Zed lädt beim Speichern neu.

claude mcp add gateway -- uvx mcp-gateway

Einzeiler. Prüfen mit claude mcp list. Entfernen mit claude mcp remove.

Anwendungsfälle

Praxisnahe Nutzung: mcp-gateway

Expose internal MCPs to Claude without leaking PII

👤 Enterprise security, platform teams ⏱ ~45 min advanced

Wann einsetzen: Your internal tools (postgres, CRM) would leak customer names / emails / SSNs into LLM context if used directly.

Voraussetzungen

pip install mcp-gateway[presidio] — presidio extra pulls spaCy models

Ablauf

Wire upstream MCPs through gateway

Configure mcp-gateway with upstream postgres MCP; enable the Presidio plugin with redaction for EMAIL, PHONE, US_SSN.✓ Kopiert

→ Config file with plugin chain
Test redaction

Run a query returning customer emails; confirm the gateway replaces them with <EMAIL> placeholders before reaching the LLM.✓ Kopiert

→ Claude sees only placeholders

Ergebnis: LLM-usable tool access without raw PII crossing the boundary.

Fallstricke

Over-redaction breaks downstream joins — Use consistent pseudonyms (Presidio supports hash-based) so the LLM can still reason across redacted fields

Kombinieren mit: postgres

Block prompt injection attacks from tool outputs

👤 Security-aware agent builders ⏱ ~30 min advanced

Wann einsetzen: Your agent uses fetch/web-browsing MCPs — tool outputs can contain 'ignore previous instructions' payloads.

Voraussetzungen

Lasso API key — lasso.security signup

Ablauf

Enable Lasso plugin

Turn on the Lasso plugin in gateway config with LASSO_API_KEY set. Put fetch MCP behind it.✓ Kopiert

→ Plugin active; outputs scanned
Test

Have Claude fetch a URL containing known prompt-injection test string; verify it's neutralized before reaching the model.✓ Kopiert

→ Injection blocked or flagged

Ergebnis: Defense against tool-output injection.

Fallstricke

False positives block legit content — Start with 'warn' mode, review logs before switching to 'block'

Kombinieren mit: fetch · firecrawl

Log every MCP tool call for compliance audit

👤 Compliance / security audit teams ⏱ ~20 min intermediate

Wann einsetzen: You need SOC2-style evidence of what the LLM asked tools to do.

Ablauf

Enable Xetrack plugin

Turn on Xetrack with SQLite destination. Route all MCPs through the gateway.✓ Kopiert

→ mcp_calls.db being written
Query audit log

Show me all tool calls in the last 24h where the tool name contains 'delete' or 'drop'.✓ Kopiert

→ Destructive-op audit trail

Ergebnis: Queryable audit database for compliance.

Fallstricke

Log DB grows unbounded — Rotate and archive monthly

Kombinationen

Mit anderen MCPs für 10-fache Wirkung

gateway + postgres + fetch

DB + web access with PII + injection guards

Put postgres and fetch behind mcp-gateway with presidio + lasso plugins; use normally from Claude.✓ Kopiert

Werkzeuge

Was dieses MCP bereitstellt

Werkzeug	Eingaben	Wann aufrufen	Kosten
<upstream tools>	Depends on upstream MCP	Gateway is transparent — you call upstream tools as usual	upstream cost + plugin overhead

Kosten & Limits

Was der Betrieb kostet

API-Kontingent: Lasso plugin requires Lasso API key (paid tier)
Tokens pro Aufruf: Plugin overhead ~50-200ms per call; redaction reduces tokens
Kosten in €: Gateway itself free. Lasso plugin: see lasso.security pricing.
Tipp: Run basic + presidio plugins for free; only add Lasso if you need advanced injection detection.

Sicherheit

Rechte, Secrets, Reichweite

Credential-Speicherung: Plugin API keys in env vars (LASSO_API_KEY, etc.)

Datenabfluss: Varies by plugin: basic + presidio are local; Lasso sends samples to Lasso cloud for analysis

Plugins can false-positive; always test in 'warn' mode before 'block'.
Lasso sends tool inputs/outputs to their servers — assess against your data policy.

Fehlerbehebung

Häufige Fehler und Lösungen

Presidio plugin fails to load

Install extra: pip install 'mcp-gateway[presidio]' and download spaCy model: python -m spacy download en_core_web_lg.

Upstream MCP not responding through gateway

Test the upstream directly first; then verify gateway mcp.json command/args match exactly.

Performance drop

Plugin chain order matters — put cheapest (basic mask) first, Lasso last.

Alternativen

mcp-gateway vs. andere

Alternative	Wann stattdessen	Kompromiss
Claude's built-in output filters	You only use Claude and trust its own redaction	No customization, no audit trail
Concierge SDK	You want a framework for writing MCPs, not a security proxy	Different problem space

Mehr

Ressourcen

📖 Offizielle README auf GitHub lesen

🐙 Offene Issues ansehen

🔍 Alle 400+ MCP-Server und Skills durchsuchen