gh-aw-mcpg — MCP Gateway for Sandboxed Agents

Practical Notes

• One HTTP endpoint can route to multiple MCP backends (config-driven)
• Default quick start uses port 8000 and mounts /var/run/docker.sock to spawn backend servers
• GitHub stars/forks (verified): see Source & Thanks

A gateway matters when your agent environment is constrained:

• Your agent runs in a sandbox/container and shouldn't have direct network access to every tool.
• You want one place to apply policy (what repos can be read, what data can be written), logging, and health checks.

Operationally, treat the gateway as “MCP ingress”:

1. Put all tool access behind it (even if some tools are stdio-in-container).
2. Keep the configuration file in version control so changes are reviewable.
3. Rotate API keys and restrict backend credentials (e.g., GitHub tokens) the same way you would for CI.

If you're already using GitHub Agentic Workflows, this repo is designed as the MCP access layer for sandboxed runs.

FAQ

Q: What does it do? A: It proxies/routs MCP requests over HTTP to multiple configured backend MCP servers.

Q: Why is Docker required in quick start? A: The gateway can spawn containerized stdio servers, so it mounts Docker socket to run them.

Q: How do I secure it? A: Use API keys, restrict backend tokens, and keep guard/policy configuration under review.