Secure MCP Gateway

The control plane
between AI agents
and MCP servers.

Security policies. Audit logging. Daemon mode.
Project isolation. One binary. Zero tokens upfront.

Get Started Security Docs GitHub

$ brew install codestz/tap/mcpx

terminal

$mcpx list

serena serena (daemon)

postgres postgres-mcp

$mcpx serena find_symbol --name "Auth"

[{"name": "AuthService", "kind": "class", "file": "src/auth.go"}]

$mcpx postgres query --sql "DROP TABLE users"

error: policy "no-mutations" denied tool "query"

Reason: Mutation queries blocked

tokens upfront

<5ms

startup time

transports

∞

servers, same cost

The Problem

MCP servers are expensive and unrestricted.

Every server dumps its schema into context. Every tool call has zero access control. mcpx fixes both.

Without mcpx

# 5 servers loaded at session start

"serena": { ... } # ~20K tokens

"postgres": { ... } # ~15K tokens

"jira": { ... } # ~12K tokens

"slack": { ... } # ~8K tokens

"github": { ... } # ~30K tokens

~85K tokens gone. No security. No audit.

With mcpx

# .mcpx/config.yml — one file

5 servers configured

Security policies per server

Audit log for every call

Scoped daemon isolation

Per-server security modes

0 tokens. Full security. Full audit.

Security

Every call. Every server. Enforced.

Policies evaluate tool names, arguments, and content before the call reaches the server.

.mcpx/config.yml

security:
  enabled: true
  global:
    audit:
      enabled: true
      log: .mcpx/audit.jsonl
    policies:
      - name: no-path-traversal
        match:
          args:
            "*path*":
              deny_pattern: "\\.\\.\\/|\\.\\.\\\\\\/"
        action: deny
        message: Path traversal blocked

servers:
  postgres:
    security:
      mode: read-only

result

$mcpx serena replace_symbol_body \

--relative_path "../../../etc/passwd"

error: policy "no-path-traversal" denied

Reason: Path traversal blocked

relative_path = "../../../etc/passwd"

$cat .mcpx/audit.jsonl | jq .action

"allowed"

"denied"

Three commands to start

Install

brew install codestz/tap/mcpx

Configure

mcpx init

Call

mcpx serena find_symbol --name "Auth"

Security Policies

Tool allow/deny, argument inspection, content regex. Global + per-server cascading rules.

Audit Logging

Every tool call recorded in JSONL. Timestamps, args, policy decisions. Secret redaction built in.

Scoped Daemons

Project-scoped daemon isolation. Each project gets its own daemon instance. No cross-session conflicts.

Serena Integration

Daemon mode for fast startup. Security modes and path-restricted editing. Zero-config integration.

Daemon Mode

Heavy servers stay warm via unix socket. Zero spawn cost after first invocation.

On-Demand Discovery

Tools discovered lazily with mcpx list and --help. Zero context overhead.

Three Transports

stdio for local, HTTP (streamable) and SSE for remote. Auth headers and bearer tokens built in.

Single Binary

Go. No runtime deps. Sub-millisecond startup. Homebrew, go install, or build from source.

The missing control plane for MCP.

Security, audit, daemon mode — from CLI to production.

Get Started Why mcpx Daemon Mode

The control plane between AI agents and MCP servers.