/ Каталог / Песочница / IBM Context Forge
← Все серверы ↗ GitHub
● Официальный IBM 🔑 Нужен свой ключ

IBM Context Forge

автор IBM · IBM/mcp-context-forge

IBM's AI gateway for MCP fleets — federate servers, add auth, rate limit, observe, and translate REST/gRPC into MCP at scale.

ContextForge is an open-source gateway, registry, and proxy sitting in front of many MCP / A2A / REST / gRPC backends. Exposes one unified MCP endpoint with centralized auth, rate limiting, OpenTelemetry tracing, and an admin UI. For enterprises that need to govern dozens of MCP servers, not just run one.

▶ Смотреть демо 📦 Установить 💡 Сценарии

Зачем использовать

Ключевые функции

Живое демо

Как выглядит на практике

mcp-context-forge.replay ▶ готово
0/0

Установка

Выберите клиент

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "mcp-context-forge": {
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  }
}

Откройте Claude Desktop → Settings → Developer → Edit Config. Перезапустите после сохранения.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "mcp-context-forge": {
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  }
}

Cursor использует ту же схему mcpServers, что и Claude Desktop. Конфиг проекта приоритетнее глобального.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "mcp-context-forge": {
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  }
}

Щёлкните значок MCP Servers на боковой панели Cline, затем "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "mcp-context-forge": {
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  }
}

Тот же формат, что и Claude Desktop. Перезапустите Windsurf для применения.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "mcp-context-forge",
      "command": "uvx",
      "args": [
        "mcp-context-forge"
      ]
    }
  ]
}

Continue использует массив объектов серверов, а не map.

~/.config/zed/settings.json
{
  "context_servers": {
    "mcp-context-forge": {
      "command": {
        "path": "uvx",
        "args": [
          "mcp-context-forge"
        ]
      }
    }
  }
}

Добавьте в context_servers. Zed перезагружается автоматически.

claude mcp add mcp-context-forge -- uvx mcp-context-forge

Однострочная команда. Проверить: claude mcp list. Удалить: claude mcp remove.

Сценарии использования

Реальные сценарии: IBM Context Forge

Centralize 10+ MCP servers behind one gateway

👤 Platform engineers at mid/large orgs ⏱ ~120 min advanced

Когда использовать: Different teams run different MCPs. You need one URL for clients, one audit log, one auth story.

Предварительные требования
  • Docker/Kubernetes environment — Official images at ghcr.io; Helm chart available
  • An auth provider (or use built-in JWT) — Existing SSO / OIDC / static JWT signer
Поток
  1. Deploy the gateway
    Deploy mcp-contextforge-gateway via Helm with Redis for federation state. Point it at our OIDC provider.✓ Скопировано
    → Admin UI loads, auth works
  2. Register backends
    Register 3 backend MCPs (github, postgres, our-custom) in the admin UI. Apply rate limits: github=100/min, postgres=30/min.✓ Скопировано
    → Backends appear as healthy in registry
  3. Repoint clients
    Update teammate Claude Desktop configs to use a single mcp-remote https://mcp-gw.company.com/mcp with their JWT.✓ Скопировано
    → All backend tools available through one connection

Итог: One place to manage MCP access across the org — centralized like any other API gateway.

Подводные камни
  • Rate limits applied globally but teams have different needs — Use per-user or per-JWT-claim rate limits via the policy engine — don't apply one limit to all
  • Gateway becomes single point of failure — Run at least 2 replicas with Redis-backed session state; health-check the /health endpoint
Сочетать с: cloud-run

Virtualize a REST API as MCP without writing a server

👤 Platform engineers without Python/TS bandwidth ⏱ ~60 min intermediate

Когда использовать: You have an internal REST API with an OpenAPI spec. You want MCP access without writing fastapi-mcp or FastMCP code.

Предварительные требования
  • OpenAPI / Swagger spec for the API — Usually /openapi.json or /swagger.json
Поток
  1. Upload the OpenAPI spec
    In ContextForge admin, register a new REST backend. Upload the OpenAPI spec. Confirm tool auto-generation picked up all endpoints.✓ Скопировано
    → Tool list matches route list
  2. Configure auth passthrough
    Set up header forwarding so the Authorization header flows from the MCP client to the upstream REST API.✓ Скопировано
    → Authenticated routes work end-to-end
  3. Filter exposed surface
    Exclude internal/admin routes via path patterns. Add a description override on the 3 most-used tools.✓ Скопировано
    → Clean, agent-friendly tool list

Итог: REST-as-MCP with zero new service code — an OpenAPI spec is enough.

Подводные камни
  • Auto-generated tool names are awful — Set explicit operationIds in your OpenAPI spec or override names in ContextForge per route

Add tracing and analytics to all MCP calls across your org

👤 SRE / platform observability leads ⏱ ~90 min advanced

Когда использовать: You want to answer 'what did the agents do today?' across every team using MCP.

Предварительные требования
  • An OTel backend (Phoenix, Jaeger, Grafana Tempo) — Running endpoint that accepts OTLP
Поток
  1. Enable OTel export
    Configure the gateway's otel.endpoint to point at our Phoenix instance. Include tool name, latency, user, outcome in spans.✓ Скопировано
    → Spans appear in Phoenix within seconds of calls
  2. Build dashboards
    Create dashboards: top 10 tools by call volume, p95 latency per backend, error rates per user.✓ Скопировано
    → Dashboards populated
  3. Alert on anomalies
    Alert on: error rate >5% for any backend, or a single user burning >10k calls/hour.✓ Скопировано
    → Test alerts fire in staging

Итог: Org-wide MCP visibility — you know who uses what and when it breaks.

Подводные камни
  • OTel span cardinality explodes with per-request IDs as span names — Keep span names to tool names; put request IDs in attributes, not names
Сочетать с: sentry

Комбинации

Сочетайте с другими MCP — эффект x10

mcp-context-forge + cloud-run

Deploy ContextForge on Cloud Run, federate GCP-hosted MCPs behind it

Deploy ContextForge to Cloud Run with IAM auth. Register our 3 internal MCPs (also on Cloud Run) as backends.✓ Скопировано
mcp-context-forge + sentry

Ship gateway traces + errors to Sentry for ops visibility

Configure the gateway's OTel export to also push errors into Sentry for on-call visibility.✓ Скопировано

Инструменты

Что предоставляет этот MCP

ИнструментВходные данныеКогда вызыватьСтоимость
Gateway federation N registered backends Infra-level; not a per-request tool free
REST → MCP virtualization OpenAPI spec + target URL Onboarding a REST service to MCP passthrough of target API costs
gRPC → MCP translation gRPC service descriptor Same as above, for gRPC backends passthrough
Prompt registry Jinja2 templates + variables Share prompts across teams with versioning free
Resource registry URI-based resources Expose static/ dynamic org content free
Admin API / UI HTTP + web UI Ops/config tasks free

Стоимость и лимиты

Во что обходится

Квота API
Self-hosted — whatever your infra supports
Токенов на вызов
Gateway adds ~50ms + minimal schema overhead
Деньги
Open source (Apache 2.0); you pay for infra + backends
Совет
Start with SQLite backend for <10 servers; only move to Redis federation when you need multi-node HA

Безопасность

Права, секреты, радиус поражения

Хранение учётных данных: JWT signing keys in secret manager; never in env vars on container images
Исходящий трафик: Gateway → all configured backends; OTel → tracing backend

Устранение неполадок

Частые ошибки и исправления

Backend marked unhealthy but works when tested directly

Health checks use HEAD or GET /; your backend may only respond to POST. Configure health_check.path per backend.

JWT validation fails

Check iss and aud claims match gateway config. Also verify the JWKS endpoint is reachable from the gateway pod.

Rate limit too aggressive during spikes

Switch from fixed-window to token-bucket policy; set burst=5× average.

Admin UI login loops

Redirect URI in your OIDC provider must match /auth/callback on the gateway's external URL — verify it's set for the exact public hostname.

Альтернативы

IBM Context Forge в сравнении

АльтернативаКогда использоватьКомпромисс
Kong / Apigee + custom pluginsYou already run these and want to extend rather than add a new gatewayNeeds plugin development; MCP not first-class
mcp-use server namespaceSingle-developer use case — just wire multiple MCPs client-sideNo central governance; fine for individuals not orgs
Cloudflare AI GatewayYou want a hosted SaaS gateway, not self-hostedLess MCP-specific functionality; primarily LLM traffic focus

Ещё

Ресурсы

📖 Читать официальный README на GitHub

🐙 Открытые задачи

🔍 Все 400+ MCP-серверов и Skills