Available on GitLab.
Why this exists
I wanted to expose some MCP servers for the team and noticed that none of the gateway options out there actually worked for this use case. Plenty of them — IBM’s ContextForge included, though it looked like it was vibe-coded to hell and back — solve the aggregation problem: organise your own servers for yourself. That’s a different model entirely.
What I needed was a gateway that could: be set up once, front multiple MCP servers, and use OIDC groups to gate which tools a given user could actually call. Not a perfect solution, but a workable one that keeps the endpoints properly secured when you’re sharing them across a team.
Nobody had built that. So I built it.
Architecture
Claude/Client
→ Traefik (JWT validation via Keycloak JWKS)
→ FastAPI MCP Proxy (role extraction + tool ACL from SurrealDB)
→ zereight/gitlab-mcp
→ redhat-et/mcp-server-kubernetes
Traefik handles JWT validation against Keycloak’s JWKS endpoint before anything reaches the proxy. The FastAPI proxy extracts the user’s roles from the token, hits SurrealDB to check what tools that role is allowed to call, and either forwards the request or drops it.
The SurrealDB angle
The RBAC store is SurrealDB, which I hadn’t used before. I liked the vibe it put down — document + graph + relational in one, with a query language that doesn’t make you want to retire. It turned out to be a good fit for a tool ACL model where you want to express things like “this group can call these tools on this server” without fighting your database about it.
Current state
It works. One known bug with reconnecting — the fix exists in the internal version, but hasn’t made it to the released one yet due to a PR conflict that still needs resolving. That’s coming.