/ Annuaire / Playground / IBM Context Forge
← Tous les serveurs ↗ GitHub
● Officiel IBM 🔑 Nécessite votre clé

IBM Context Forge

par IBM · IBM/mcp-context-forge

IBM's AI gateway for MCP fleets — federate servers, add auth, rate limit, observe, and translate REST/gRPC into MCP at scale.

ContextForge is an open-source gateway, registry, and proxy sitting in front of many MCP / A2A / REST / gRPC backends. Exposes one unified MCP endpoint with centralized auth, rate limiting, OpenTelemetry tracing, and an admin UI. For enterprises that need to govern dozens of MCP servers, not just run one.

▶ Voir la démo 📦 Installer 💡 Cas d'usage

Pourquoi l'utiliser

Fonctionnalités clés

Démo en direct

Aperçu en pratique

mcp-context-forge.replay ▶ prêt
0/0

Installer

Choisissez votre client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "mcp-context-forge": {
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  }
}

Ouvrez Claude Desktop → Settings → Developer → Edit Config. Redémarrez après avoir enregistré.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "mcp-context-forge": {
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  }
}

Cursor utilise le même schéma mcpServers que Claude Desktop. La config projet l'emporte sur la globale.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "mcp-context-forge": {
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  }
}

Cliquez sur l'icône MCP Servers dans la barre latérale Cline, puis "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "mcp-context-forge": {
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  }
}

Même format que Claude Desktop. Redémarrez Windsurf pour appliquer.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "mcp-context-forge",
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  ]
}

Continue utilise un tableau d'objets serveur plutôt qu'une map.

~/.config/zed/settings.json
{
  "context_servers": {
    "mcp-context-forge": {
      "command": {
        "path": "uvx",
        "args": [
          "mcp-context-forge"
        ]
      }
    }
  }
}

Ajoutez dans context_servers. Zed recharge à chaud à la sauvegarde.

claude mcp add mcp-context-forge -- uvx mcp-context-forge

Une seule ligne. Vérifiez avec claude mcp list. Supprimez avec claude mcp remove.

Cas d'usage

Usages concrets : IBM Context Forge

Centralize 10+ MCP servers behind one gateway

👤 Platform engineers at mid/large orgs ⏱ ~120 min advanced

Quand l'utiliser : Different teams run different MCPs. You need one URL for clients, one audit log, one auth story.

Prérequis
  • Docker/Kubernetes environment — Official images at ghcr.io; Helm chart available
  • An auth provider (or use built-in JWT) — Existing SSO / OIDC / static JWT signer
Déroulement
  1. Deploy the gateway
    Deploy mcp-contextforge-gateway via Helm with Redis for federation state. Point it at our OIDC provider.✓ Copié
    → Admin UI loads, auth works
  2. Register backends
    Register 3 backend MCPs (github, postgres, our-custom) in the admin UI. Apply rate limits: github=100/min, postgres=30/min.✓ Copié
    → Backends appear as healthy in registry
  3. Repoint clients
    Update teammate Claude Desktop configs to use a single mcp-remote https://mcp-gw.company.com/mcp with their JWT.✓ Copié
    → All backend tools available through one connection

Résultat : One place to manage MCP access across the org — centralized like any other API gateway.

Pièges
  • Rate limits applied globally but teams have different needs — Use per-user or per-JWT-claim rate limits via the policy engine — don't apply one limit to all
  • Gateway becomes single point of failure — Run at least 2 replicas with Redis-backed session state; health-check the /health endpoint
Combiner avec : cloud-run

Virtualize a REST API as MCP without writing a server

👤 Platform engineers without Python/TS bandwidth ⏱ ~60 min intermediate

Quand l'utiliser : You have an internal REST API with an OpenAPI spec. You want MCP access without writing fastapi-mcp or FastMCP code.

Prérequis
  • OpenAPI / Swagger spec for the API — Usually /openapi.json or /swagger.json
Déroulement
  1. Upload the OpenAPI spec
    In ContextForge admin, register a new REST backend. Upload the OpenAPI spec. Confirm tool auto-generation picked up all endpoints.✓ Copié
    → Tool list matches route list
  2. Configure auth passthrough
    Set up header forwarding so the Authorization header flows from the MCP client to the upstream REST API.✓ Copié
    → Authenticated routes work end-to-end
  3. Filter exposed surface
    Exclude internal/admin routes via path patterns. Add a description override on the 3 most-used tools.✓ Copié
    → Clean, agent-friendly tool list

Résultat : REST-as-MCP with zero new service code — an OpenAPI spec is enough.

Pièges
  • Auto-generated tool names are awful — Set explicit operationIds in your OpenAPI spec or override names in ContextForge per route

Add tracing and analytics to all MCP calls across your org

👤 SRE / platform observability leads ⏱ ~90 min advanced

Quand l'utiliser : You want to answer 'what did the agents do today?' across every team using MCP.

Prérequis
  • An OTel backend (Phoenix, Jaeger, Grafana Tempo) — Running endpoint that accepts OTLP
Déroulement
  1. Enable OTel export
    Configure the gateway's otel.endpoint to point at our Phoenix instance. Include tool name, latency, user, outcome in spans.✓ Copié
    → Spans appear in Phoenix within seconds of calls
  2. Build dashboards
    Create dashboards: top 10 tools by call volume, p95 latency per backend, error rates per user.✓ Copié
    → Dashboards populated
  3. Alert on anomalies
    Alert on: error rate >5% for any backend, or a single user burning >10k calls/hour.✓ Copié
    → Test alerts fire in staging

Résultat : Org-wide MCP visibility — you know who uses what and when it breaks.

Pièges
  • OTel span cardinality explodes with per-request IDs as span names — Keep span names to tool names; put request IDs in attributes, not names
Combiner avec : sentry

Combinaisons

Associez-le à d'autres MCPs pour un effet X10

mcp-context-forge + cloud-run

Deploy ContextForge on Cloud Run, federate GCP-hosted MCPs behind it

Deploy ContextForge to Cloud Run with IAM auth. Register our 3 internal MCPs (also on Cloud Run) as backends.✓ Copié
mcp-context-forge + sentry

Ship gateway traces + errors to Sentry for ops visibility

Configure the gateway's OTel export to also push errors into Sentry for on-call visibility.✓ Copié

Outils

Ce que ce MCP expose

OutilEntréesQuand appelerCoût
Gateway federation N registered backends Infra-level; not a per-request tool free
REST → MCP virtualization OpenAPI spec + target URL Onboarding a REST service to MCP passthrough of target API costs
gRPC → MCP translation gRPC service descriptor Same as above, for gRPC backends passthrough
Prompt registry Jinja2 templates + variables Share prompts across teams with versioning free
Resource registry URI-based resources Expose static/ dynamic org content free
Admin API / UI HTTP + web UI Ops/config tasks free

Coût et limites

Coût d'exécution

Quota d'API
Self-hosted — whatever your infra supports
Tokens par appel
Gateway adds ~50ms + minimal schema overhead
Monétaire
Open source (Apache 2.0); you pay for infra + backends
Astuce
Start with SQLite backend for <10 servers; only move to Redis federation when you need multi-node HA

Sécurité

Permissions, secrets, portée

Stockage des identifiants : JWT signing keys in secret manager; never in env vars on container images
Sortie de données : Gateway → all configured backends; OTel → tracing backend

Dépannage

Erreurs courantes et correctifs

Backend marked unhealthy but works when tested directly

Health checks use HEAD or GET /; your backend may only respond to POST. Configure health_check.path per backend.

JWT validation fails

Check iss and aud claims match gateway config. Also verify the JWKS endpoint is reachable from the gateway pod.

Rate limit too aggressive during spikes

Switch from fixed-window to token-bucket policy; set burst=5× average.

Admin UI login loops

Redirect URI in your OIDC provider must match /auth/callback on the gateway's external URL — verify it's set for the exact public hostname.

Alternatives

IBM Context Forge vs autres

AlternativeQuand l'utiliserCompromis
Kong / Apigee + custom pluginsYou already run these and want to extend rather than add a new gatewayNeeds plugin development; MCP not first-class
mcp-use server namespaceSingle-developer use case — just wire multiple MCPs client-sideNo central governance; fine for individuals not orgs
Cloudflare AI GatewayYou want a hosted SaaS gateway, not self-hostedLess MCP-specific functionality; primarily LLM traffic focus

Plus

Ressources

📖 Lire le README officiel sur GitHub

🐙 Voir les issues ouvertes

🔍 Parcourir les 400+ serveurs MCP et Skills