Remote OpenClaw Blog
MCP Gateway: What It Is and the Real Options in 2026
8 min read ·
An MCP gateway is a reverse proxy that sits between AI clients like Claude Desktop, Claude Code, or Cursor and multiple MCP servers, exposing them all through a single endpoint while adding authentication, tool filtering, secrets management, and observability. Instead of configuring ten servers in every client, you configure one gateway once. As of July 2026 the main open-source options are Docker MCP Gateway, IBM's ContextForge, agentgateway, MetaMCP, and Unla, with Kong and Zuplo covering the managed enterprise end. This guide explains when a gateway earns its place in your stack, compares the real options, and walks through a verified Docker MCP Gateway setup.
What Is an MCP Gateway?
An MCP gateway is infrastructure that aggregates and proxies multiple Model Context Protocol servers behind one endpoint, the same way an API gateway fronts microservices. Your client speaks MCP to the gateway; the gateway fans requests out to the right upstream server, injects credentials, enforces policy, and logs everything in between.
The term covers two related shapes. Aggregators (Docker MCP Gateway, MetaMCP, ContextForge) merge many servers into one unified tool list. Pure proxies (like sparfenyuk/mcp-proxy) mostly bridge transports, for example exposing a local stdio server over streamable HTTP. Most teams searching for "MCP gateway" want the first kind. If you are still picking which servers to run at all, start with our ranked list of the best MCP servers.
The Problems a Gateway Solves
MCP gateways exist because per-client server configuration stops scaling somewhere around your fifth server. Four specific problems come up repeatedly across vendor docs:
- Config sprawl (the N-by-M problem). Every client needs its own config entry per server. Ten servers across four tools means forty configs to keep in sync; a gateway makes it four.
- Tool and context bloat. Every connected server's tool definitions consume context tokens on every request. Gateways add tool allowlists and per-profile filtering so each agent sees only what it needs.
- Credential sprawl. API keys scattered across client config files are a breach waiting to happen. Gateways centralize secrets: Docker's gateway pulls from the OS keychain or Docker Desktop secrets and injects credentials at call time.
- Security and observability. A gateway is a natural chokepoint for defenses against tool poisoning attacks, secret-leak blocking, signature verification, and call logging. Our guide on securing MCP server connections covers the underlying risks.
The Spec Is Being Rebuilt Around Gateways
The MCP specification's 2026-07-28 release candidate, locked on May 21, 2026, is explicitly designed for gateway and proxy infrastructure. The protocol core becomes stateless (dropping the session handshake), and new Mcp-Method and Mcp-Name HTTP headers exist so load balancers, gateways, and rate limiters can route on the operation without inspecting the request body, per the official MCP blog.
The spec does not define a formal "gateway" role, but the direction is unambiguous: MCP deployments are expected to grow intermediary layers, and the protocol is being reshaped so those layers scale. We track developments like this in our MCP news page.
The Real MCP Gateway Options in 2026
Eight projects and products dominate the MCP gateway space as of July 2026, and they split cleanly by deployment model. Star counts are approximate GitHub figures checked in July 2026.
| Gateway | Stars | Best for | Notes |
|---|---|---|---|
| Docker MCP Gateway | ~1.5k | Local dev, Docker shops | MIT, Go. Runs catalog servers in isolated containers; powers Docker Desktop's MCP Toolkit; secrets, interceptors, signature checks |
| IBM ContextForge | ~4k | Self-hosted enterprise | Apache-2.0, Python. Federates MCP, A2A, and REST under one endpoint; admin UI, OpenTelemetry, Helm charts; v1.0.4 shipped June 23, 2026 |
| agentgateway | ~3.7k | Cloud-native / K8s | Rust proxy created by Solo.io, donated to the Linux Foundation in Aug 2025; MCP federation plus A2A and LLM traffic |
| MetaMCP | ~2.5k | Namespaced endpoints | Aggregates servers into unified endpoints with middleware, OIDC, and selective tool filtering per namespace |
| Unla | ~2.2k | Turning APIs into MCP | Go gateway that converts existing APIs and MCP servers into managed MCP endpoints; multi-tenant with a management UI |
| Microsoft mcp-gateway | ~730 | Kubernetes | Session-aware reverse proxy with Entra ID auth, built for AKS-style deployments |
| Lasso mcp-gateway | ~380 | Security overlay | Guardrail plugins, PII and token masking, server reputation scanning before load |
| Kong / Zuplo | n/a | Managed / API-gateway route | Kong's Enterprise MCP Gateway adds MCP session observability; Zuplo federates upstream MCP servers with OAuth and audit logs |
Honorable mentions: sparfenyuk/mcp-proxy (~2.6k stars) and TBXark/mcp-proxy (~700 stars) are transport bridges rather than full gateways, and Envoy AI Gateway and Traefik Hub both added native MCP gateway capabilities for teams already running those proxies.
When You Need an MCP Gateway (and When You Do Not)
You need an MCP gateway when at least one of these is true: you run five or more servers across multiple clients, more than one person needs the same server set with consistent policy, secrets currently live in plaintext client configs, or you need audit logs of what your agents actually called. Teams standardizing agent tooling across an org hit all four at once.
You do not need one for a personal setup with one client and a handful of servers. Adding claude mcp add entries directly, as covered in our Claude Code MCP guide, is simpler, has fewer moving parts, and one less process to debug. A gateway is infrastructure; adopt it when the pain is real, not preemptively.
Setup Example: Docker MCP Gateway
Docker MCP Gateway is the fastest gateway to stand up because it ships as a Docker CLI plugin and pulls hardened server images from the Docker MCP Catalog (200+ containerized servers, per Docker). With Docker Desktop 4.59+ the MCP Toolkit runs the gateway automatically; on any Docker engine you can drive it by hand:
# See what is available
docker mcp catalog ls
# Add servers from the catalog to a profile
docker mcp profile server add dev-tools --server catalog://mcp/docker-mcp-catalog/notion
# Run the gateway over stdio (default) or HTTP
docker mcp gateway run --profile dev-tools
docker mcp gateway run --port 8080 --transport streaming
# Wire up clients in one command
docker mcp client connect claude-code
docker mcp client connect claude-desktop
One warning about stale tutorials: the docker mcp server enable command that most 2025-era guides show no longer appears in the current CLI reference; the workflow is profile-based now. Each server runs in its own container with restricted privileges, secret-leak blocking is on by default (--block-secrets), and --verify-signatures checks image signing. For the container fundamentals, see our guide to running MCP servers with Docker.
Limitations and Tradeoffs
A gateway adds a hop, a process, and a new single point of failure between your agent and its tools. If the gateway dies, every tool dies with it, so treat it like any other piece of infrastructure: monitor it, pin versions, and keep a fallback client config for critical servers. Latency overhead is usually negligible for tool calls but real for streaming-heavy workloads.
Security centralization also cuts both ways. The gateway holding all your credentials is better than keys scattered across configs, but it makes the gateway host the highest-value target on your machine. And no gateway fully solves prompt-level risks: a poisoned tool description that passes through unfiltered still reaches your model, which is why interceptors and reputation scanning (Docker, Lasso) matter more than the proxying itself. Test what your gateway actually exposes with the MCP Inspector before pointing production agents at it.
Related Guides
- Best MCP Servers in 2026: The Complete Ranked List
- Securing Your MCP Server Connections
- MCP Inspector: How to Test and Debug Any MCP Server
- Best MCP Clients in 2026: 7 Tools Compared
Go deeper
The operator playbooks
Production-ready PDF guides for OpenClaw and Hermes Agent — $19.99 each.
Skills for this topic
Browse all skills →Frequently Asked Questions
What is an MCP gateway?
An MCP gateway is a reverse proxy that aggregates multiple Model Context Protocol servers behind a single endpoint, adding centralized authentication, secrets management, tool filtering, and logging. Clients like Claude Desktop or Claude Code connect once to the gateway instead of configuring every server individually.
Do I need an MCP gateway?
Only at scale. One client and a few servers is simpler with direct configuration; a gateway pays off when you run five or more servers across multiple clients or people, need central credential handling, or want audit logs and policy enforcement on agent tool calls.
Is Docker MCP Gateway free?
Yes. Docker MCP Gateway is open source under the MIT license at github.com/docker/mcp-gateway, and it is the engine behind the MCP Toolkit bundled with Docker Desktop 4.59 and later. The Docker MCP Catalog servers it runs are also free to pull.
What is the difference between an MCP gateway and an MCP server?
An MCP server exposes one set of tools (GitHub, Postgres, a browser); an MCP gateway sits in front of many servers and presents them to clients as one endpoint. The gateway speaks MCP on both sides but provides no tools of its own beyond management functions.
Can Claude Code use an MCP gateway?
Yes. A gateway that exposes stdio or streamable HTTP registers like any other server, for example claude mcp add --transport http gateway http://localhost:8080/mcp , and Docker's gateway wires it automatically with docker mcp client connect claude-code . See our Claude Code MCP guide for scopes and transports.





