These packages give you a full-featured API gateway for MCP servers, handling authentication, rate limiting, schema validation, tool allowlists, fan-out routing, response caching, audit logging, and OpenTelemetry observability. You would adopt them to add production-grade access control, traffic management, and observability to an MCP server deployment without building these capabilities from scratch. Each capability ships as a separate package with a framework-neutral core and thin Express or Fastify adapters, so you can compose exactly the pipeline you need and run it on either framework with the same tenant context flowing through every stage.
Per-tenant tool access control for MCP gateways, providing Express middleware that enforces allow/deny lists with wildcard pattern matching and versioned allowlist storage.
A structured audit logging library for the MCP Gateway that captures security-relevant events with configurable severity, multiple storage backends (console, file, in-memory), tamper-evident SHA-256 chaining, and a query API. Provides logger classes and event creation utilities for compliance audit trails.
Pluggable Express middleware that authenticates requests via API key, JWT (with JWKS), OAuth2 token introspection (RFC 7662), or OIDC ID token validation, attaching a typed `AuthContext` with tenant, user, and scope information to the request object.
A cache manager for MCP Gateway responses, providing in-memory LRU or Redis backends with per-tool TTL strategies, `Cache-Control` bypass support, and standard `X-Cache` headers, exposed as a class (`CacheManager`) and an Express middleware function.
Core types, Zod schemas, configuration loading, and structured logging for the MCP Gateway ecosystem. It provides domain interfaces, runtime validation, YAML-based config loading with hot-reload, SSRF-protected upstream validation, and a Pino-based structured logger.
A function that fans out a single MCP request to multiple upstream servers, then aggregates responses using strategies like first-success, all-wait, or majority-vote. It provides `executeFanout()` and related utilities for weighted upstream selection, circuit breaking, retry with exponential backoff, and health checking.
An Express 5-based MCP Gateway server factory (`createApp()`) that wires together authentication, rate limiting, schema validation, tool allowlists, fan-out routing, response caching, audit logging, and OpenTelemetry observability into a single middleware pipeline, with a CLI binary for start, health checks, config validation, and diagnostics.
OpenTelemetry tracing, metrics, health checks, and structured logging for the MCP Gateway, providing auto-configured OTel SDK initialization, pre-built gateway metrics (counters, histograms, gauges), liveness/readiness/deep-health endpoints, and structured JSON logging via Pino. Exports health check functions (`getLiveness`, `getDeepHealth`, `registerProbe`, `createRedisProbe`), metric instruments, and a Pino logger.
A per-tenant rate limiter for MCP gateways using a token bucket algorithm, providing Express middleware that enforces configurable per-minute and per-day limits with standard `X-RateLimit-*` headers and JSON-RPC 429 error responses. Exports `createRateLimiter()` factory (returns a `RateLimiter` class instance) and `createRateLimitMiddleware()` for Express, with optional Redis-backed storage via atomic Lua scripts.
JSON Schema validation for MCP protocol messages, providing an Express middleware that validates JSON-RPC 2.0 request structure and MCP method payloads, plus a `SchemaValidator` class and `CustomSchemaManager` for per-tool argument/output validation with schema caching and versioning.
