gatekit

Gatekit is an MCP gateway that sits between MCP clients (like Claude Desktop, Cursor, etc.) and MCP servers, applying a configurable set of plugins for security, auditing, and tool management. It lets you auto-discover MCP servers, generate a unified gatekit.yaml configuration, and proxy traffic through a customizable pipeline. Core capabilities include a Tool Manager for renaming and filtering tools exposed to LLMs, PII and secrets filtering for content security, comprehensive auditing (JSON Lines, CSV, and human-readable logs), and token usage estimation per server/tool. Gatekit can run as a local stdio gateway or over HTTP/SSE, with a terminal UI (TUI) that guides setup and configuration. To start using Gatekit, run the gateway in your environment and point your MCP clients to gatekit-gateway; Gatekit will apply the configured plugins to all proxied traffic.

Prerequisites:

• Python 3.10 or newer
• An environment where you can install Python packages (system Python, virtualenv, or a tool like uv)
• Optional: pipx for isolated tool install

Install using uv (recommended):

uv tool install gatekit

Install with pipx:

pipx install gatekit

Install with pip (in a virtual environment):

python -m venv .venv
source .venv/bin/activate  # on macOS/Linux
# Windows: .venv\Scripts\activate
pip install gatekit

Notes:

• Gatekit requires Python 3.10+. Ensure your environment matches this requirement.
• After installation, run the gateway with the gatekit command to begin discovery and configuration (see Usage section).
• The recommended path is uv or pipx for isolation, but a virtual environment via pip also works fine.

Tips and common considerations:

• Guided Setup: Use Gatekit's guided setup wizard to auto-detect MCP clients, discover servers, and generate gatekit.yaml. This is the easiest way to get an initial configuration.
• gatekit.yaml: This is your config file. It defines upstream servers and the plugins to apply. You can edit it manually if needed after generation.
• Plugins: Gatekit ships with built-in plugins for Tool Management, Security (PII, Secrets, Prompt Injection), and Auditing. You can enable/disable or customize these in the configuration.
• Security models: Regex-based detection is used for PII/secret filtering. For production-grade needs, consider integrating additional security tooling as part of a custom plugin.
• Stdio vs HTTP/SSE: Gatekit supports both local stdio servers and remote MCP servers. Choose the transport that matches your deployment scenario.
• Environment variables: If using the TUI and guided setup, Gatekit will help populate necessary paths and configuration locations (e.g., gatekit.yaml). No mandatory environment variables are required beyond the defaults for your installation method.