A hackable MCP gateway

Apache 2.0 licensed

Gatekit is a Model Context Protocol gateway that controls traffic between your LLM and MCP tools for better visibility, security, and control.

Extend it with plugins, not forks. Your customizations stay separate, so you can keep getting Gatekit updates without merge conflicts.

Built-in plugins handle:

  • Tool management — expose only the tools you want, rename and modify descriptions for cleaner context and better discoverability
  • Content security — catch PII and secrets before they leave your machine, defend against basic prompt injection attacks (regex-based)
  • Audit logging — debug failures, track usage, inspect full request and response bodies
uv tool install gatekit
Get started View source
Gatekit configuration editor

Gatekit configuration editor (Terminal UI)

How It Works

Gatekit proxies traffic between Model Context Protocol (MCP) clients and servers. Config files define which servers to proxy and which plugins to run.

MCP Client (Claude, Cursor) gatekit-gateway plugins MCP Server(s) (filesystem, github) gatekit.yaml • mcp servers • security • middleware • auditing gatekit (TUI) configures writes
gatekit The TUI. Detects your MCP clients, discovers servers, and generates YAML config files.
gatekit.yaml Your config. Defines upstream servers and plugins.
gatekit-gateway The runtime. Your MCP client points here. Applies your plugins to all traffic.

Plugins intercept traffic between client and servers, allowing you to modify, block, or log messages:

Built-in Plugins

Plugins intercept traffic between client and servers, allowing you to modify, block, or log messages.

Tool Manager configuration

Tool Manager plugin configuration

Middleware

Transform requests and responses

  • Tool Manager — Filter, rename, and customize tool descriptions
  • Call Trace — Append diagnostic info to tool responses

Security

Regex-based pattern matching. Not a substitute for dedicated security tooling.

  • PII Filter — Detect and redact personally identifiable information
  • Secrets Filter — Detect API keys, tokens, and other secrets
  • Prompt Injection Filter — Detect common prompt injection patterns

Auditing

Log all MCP traffic for debugging or compliance

  • JSON Lines — Structured logs for processing
  • CSV — Spreadsheet-compatible logs
  • Human Readable — Plain text logs for quick review

Custom Plugins

When the built-in plugins aren't enough, write your own. Plugins intercept and modify tool calls and responses, enabling:

  • Pruning responses to avoid context bloat
  • Injecting credentials into tool calls without exposing them to the LLM
  • Joining additional information from other data sources
  • Human-in-the-loop approval for dangerous actions
  • Response caching and deduplication
from gatekit.plugins.interfaces import MiddlewarePlugin, PluginResult

class MyPlugin(MiddlewarePlugin):
    async def process_request(self, request, server_name):
        # Your logic here
        return PluginResult()

    async def process_response(self, request, response, server_name):
        # Your logic here
        return PluginResult()

HANDLERS = {"my_plugin": MyPlugin}

Guided Setup

Run gatekit to launch the terminal UI. The guided setup wizard handles configuration for supported clients.

Guided setup wizard showing server discovery
  1. Auto-detects MCP clients on your system (Claude Desktop, Codex, Claude Code, Cursor, Windsurf)
  2. Discovers all configured MCP servers from each client
  3. Generates a complete Gatekit configuration
  4. Provides client-specific setup instructions with copy buttons
  5. Creates restore scripts in case you want to revert

Installation

Requires Python 3.10+.

uv (recommended)

uv tool install gatekit

pipx

pipx install gatekit

pip

pip install gatekit

Documentation

Getting Started Installation, configuration, first run Configuration Specification Complete YAML schema documentation Built-in Plugins All included plugins with config options Plugin Development Guide Write custom security, middleware, or auditing plugins

Roadmap and Limitations

Gatekit currently only supports local stdio servers and regex pattern matching based security and privacy filters.

Planned features include:

Feedback

Have feedback on the roadmap? Join the discussion. Found a bug? Open an issue. For anything else: dbright@gatekit.ai