The latest articles on DEV Community by esoloz (@esoloz). https://dev.to/esoloz https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1126188%2F740bbe93-187b-4478-8249-9acc1418c5c3.png https://dev.to/esoloz en esoloz Thu, 05 Jun 2025 10:50:54 +0000 https://dev.to/esoloz/introducing-mcpx-a-gateway-for-governing-ai-agent-tool-usage-1ni https://dev.to/esoloz/introducing-mcpx-a-gateway-for-governing-ai-agent-tool-usage-1ni <p>As more teams start experimenting with AI agents using <strong>MCP</strong>, one challenge keeps coming up - there's no clear way to <strong>govern how agents access tools</strong>, or understand what's happening when those tools are called.</p> <p>That’s why we built <strong>MCPX</strong> - an open-source gateway that helps you add visibility, guardrails, and permissioning around MCP usage. Whether you're testing locally or building toward more complex workflows, MCPX gives you control over how agents interact with your tool ecosystem.</p> <p>Check it out:<br> 👉 <a href="https://github.com/TheLunarCompany/lunar/tree/main/mcpx" rel="noopener noreferrer"><strong>MCPX on GitHub</strong></a></p> <h2> 🧱 Why We Built MCPX </h2> <p>We’re seeing real traction in teams using MCP to let agents call tools like Slack, GitHub, Gmail, internal APIs, and more. But the operational gaps are clear:</p> <ul> <li>Agents can call tools they shouldn’t</li> <li>No way to group or gate sensitive actions</li> <li>No built-in audit or usage tracking</li> <li>No policies for managing overuse or privilege boundaries</li> </ul> <p>This lack of governance is called out directly by OWASP in <a href="https://owasp.org/www-project-top-10-for-large-language-model-applications/" rel="noopener noreferrer"><strong>LLM07 - Excessive Agency</strong></a>, where AI agents can do more than they should, often unintentionally.</p> <p>MCPX gives teams a simple gateway to safely connect agents to tools - with access controls and observability built in.</p> <h2> 🔐 Access Controls Are Now Live </h2> <p>We recently shipped a major feature: <strong>Access Controls</strong> that let you group and define permissions over tools - across services.</p> <p>You can now define <strong>tool groups</strong> like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">toolGroups</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">writes"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">slack</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">post_message"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">post_reaction"</span> <span class="na">gmail</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">send_email"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">send_attachment"</span> <span class="na">github</span><span class="pi">:</span> <span class="s2">"</span><span class="s">*"</span> <span class="c1"># allow all tools from GitHub</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">reads"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">slack</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">read_messages"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">read_comments"</span> <span class="na">gmail</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">read_email"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">read_attachment"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">admin"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">slack</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">create_channel"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">delete_channel"</span> </code></pre> </div> <p>From there, you can assign specific LLMs, agents, or users to one or more of these groups - allowing fine-grained, flexible control over what tools are allowed and when.</p> <p>More on how it works:<br> 👉 <a href="https://www.lunar.dev/post/mcp-gateway-access-controls-defining-permissions-for-llm-agents" rel="noopener noreferrer">Defining Access Controls for LLM Agents</a></p> <h2> 🧪 Start Local, Scale as You Grow </h2> <p>MCPX is lightweight and easy to run locally. But as your usage grows, you can deploy it in production, plug into observability tooling, and layer in more advanced policies.</p> <p>We share that evolution here:<br> 👉 <a href="https://www.lunar.dev/post/mcpx-from-local-experimentation-to-production-grade-infrastructure" rel="noopener noreferrer">From Local Experimentation to Production-Grade Infrastructure</a></p> <h2> 🛠️ Try It Out or Contribute </h2> <ul> <li>⭐ GitHub: <a href="https://github.com/TheLunarCompany/lunar/tree/main/mcpx" rel="noopener noreferrer">github.com/TheLunarCompany/lunar/tree/main/mcpx</a> </li> <li>Docs: <a href="https://docs.lunar.dev" rel="noopener noreferrer">docs.lunar.dev</a> </li> <li>Community: Join our Discord (linked in the repo)</li> </ul> <p>We’re learning alongside the community and would love your feedback or ideas. If you’re using MCP today - or just exploring how to bring AI agents closer to your systems - MCPX is a layer worth trying.</p> mcp ai tooling