These packages give you a full-featured gateway for MCP (Model Context Protocol) servers, handling authentication, rate limiting, caching, schema validation, tool access control, and fan-out routing to multiple upstreams. You would adopt them to add production middleware—like Kong or Envoy—in front of your MCP servers without building each piece from scratch. The ten packages are independently versioned and composable, so you can install only the middleware you need (e.g., just auth and rate limiting) or wire them all together through the provided Express 5 server with a CLI.
A per-tenant tool access control library for MCP gateways, providing Express middleware that enforces allow/deny rules with wildcard pattern matching and versioned allowlist storage.
Pluggable Express middleware that authenticates requests via API key, JWT (with JWKS), OAuth2 token introspection (RFC 7662), or OIDC ID token validation, attaching a typed `AuthContext` with tenant, user, and scope information to every request.
An Express middleware and cache manager for MCP Gateway responses, providing in-memory LRU or Redis backends with per-tool TTL strategies, `Cache-Control` bypass support, and standard `X-Cache` response headers.
Core types, Zod schemas, configuration loading, and structured logging for the MCP Gateway ecosystem. It provides domain interfaces, runtime validation, YAML-based config loading with hot-reload, SSRF-protected upstream validation, and a Pino-based structured logger.
A function that fans out a single MCP request to multiple upstream servers, then aggregates responses using strategies like first-success, all-wait, or majority-vote. It provides `executeFanout()` and related utilities for weighted upstream selection, circuit breaking, retry with exponential backoff, and health checking.
An Express 5-based MCP Gateway server factory (`createApp()`) that wires together authentication, rate limiting, schema validation, tool allowlists, fan-out routing, response caching, audit logging, and OpenTelemetry observability into a single middleware pipeline, with a CLI binary for start, health checks, config validation, and diagnostics.
OpenTelemetry tracing, metrics, health checks, and structured logging for the MCP Gateway, providing auto-configured OTel SDK initialization, pre-built gateway metrics (counters, histograms, gauges), liveness/readiness/deep-health endpoints, and structured JSON logging via Pino. Exports health check functions (`getLiveness`, `getDeepHealth`, `registerProbe`, `createRedisProbe`), metric instruments, and a Pino logger.
A per-tenant rate limiter for MCP gateways using a token bucket algorithm, providing Express middleware that enforces configurable per-minute and per-day request limits and sets standard `X-RateLimit-*` response headers. Exports a `createRateLimiter()` factory function that returns a `RateLimiter` class instance, with in-memory and Redis-backed storage options (Redis support requires the `redis` package).
JSON Schema validation for MCP protocol messages, providing an Express middleware that validates JSON-RPC 2.0 request structure and MCP method payloads, plus a `SchemaValidator` class and `CustomSchemaManager` for per-tool argument/output validation with schema caching and versioning.
