DEV Community

Cover image for Obot MCP Gateway: An Enterprise Control Plane for the Model Context Protocol
Om Shree
Om Shree

Posted on • Originally published at glama.ai

Obot MCP Gateway: An Enterprise Control Plane for the Model Context Protocol

#ai #beginners #discuss #productivity

As the Model Context Protocol (MCP), a standard for connecting AI agents to external systems, gains traction, organizations face a new set of operational challenges. Developers are rapidly creating custom MCP servers, leading to fragmented infrastructure, security risks, and a lack of centralized visibility. The Obot MCP Gateway is an open-source solution built to solve this problem. It acts as a single point of control for the MCP ecosystem, enabling IT teams to curate a catalog of approved servers, enforce security policies, and monitor usage, all while simplifying the connection process for end users. This article series delves into how the Obot MCP Gateway works, its core components, and its role in bringing order to the burgeoning world of agentic AI.

The Gateway as a Central Hub

The Obot MCP Gateway is a foundational piece of infrastructure designed for enterprise deployment, typically within a Kubernetes cluster1. It serves three primary functions for an organization:

  1. Centralized Catalog: It provides a curated and managed catalog of all available MCP servers, both internal and external. This allows administrators to own and manage which servers are accessible to different teams.
  2. User Access Platform: It enables end users to access and connect to these approved servers through a native chat client (Obot Chat) or any other MCP-enabled client, such as Cursor, Claude, or VS Code1.
  3. Hosting and Proxying: The gateway is a hosting platform for internal MCP servers and, crucially, proxies all communication to both internally hosted and external servers. This proxying is the key to providing centralized observability, security, and compliance.

Image

From the administrator's perspective, the platform simplifies the entire lifecycle of an MCP server. The admin dashboard allows for the configuration of authentication providers (e.g., GitHub, Google) and model providers to power the chat interface. Administrators can then add servers to the catalog either manually or via a GitOps-based workflow, defining them as single-user, multi-user, or remote servers. This gives IT teams fine-grained control over how resources are provisioned and accessed.

End-User and Administrator Experience

The Obot Gateway provides distinct, yet complementary, experiences for both end users and administrators.

Image

The End-User Experience

For the end user, Obot Chat offers a familiar chat interface with an integrated MCP experience. Users can create projects with custom system prompts and knowledge files and then browse and connect to MCP servers available in the curated catalog. Once connected, they can interact with the tools provided by the server through natural language queries. For example, a user can connect to a Gmail MCP server to find their most recent email simply by asking, "What is my most recent email?" (see 7:34 in the video)2. The platform also supports connecting to the gateway from external clients, such as VS Code, by providing a unique connection URL.

The Administrator Experience

The administrator dashboard offers a comprehensive suite of tools for governance and oversight:

  • Access Control: Administrators can define granular access rules, controlling which users or groups can access specific MCP servers. This is based on an intersection of users, groups, and servers.
  • Audit Logs: The platform provides a detailed audit log that captures every tool call made through the gateway, offering a "bird's-eye view" for debugging and security analysis.
  • Usage Insights: The dashboard tracks usage metrics, including which tools and servers are used most frequently, as well as their average response times, providing valuable insights into operational performance.
  • Request Filtering: A key security feature is the ability to set up webhook-based filters. These allow administrators to programmatically inspect and reject requests based on custom logic, such as blocking calls that contain specific keywords (e.g., "hacking")(see 23:43 in the video)3.

This two-sided approach ensures that end users have a simple, self-service way to consume MCP services while IT maintains full control, visibility, and security.

Behind the Scenes

The core technical innovation of the Obot Gateway4 is its custom-built proxy. Unlike traditional service meshes, this proxy was developed specifically for the MCP protocol. It sits in the middle of every communication path, acting as a server to the client and a client to the downstream MCP server. This unique position allows the gateway to intercept and observe all traffic, providing a central point for auditing and security enforcement.

The proxy's implementation required creating a new Go-based MCP client, distinct from existing open-source SDKs that are typically focused on building a server or client 5. This low-level, homegrown approach ensures maximum visibility and control over the protocol, which is crucial for handling complex, multi-tenant use cases and providing the centralized observability that enterprises require. This design choice anticipates the future of MCP, where a vast amount of "agentic traffic" will flow through the protocol, making centralized visibility an absolute necessity for debugging and governance 5.

My Thoughts

The Obot MCP Gateway addresses a critical and often overlooked problem in the burgeoning AI agent space: governance. While the ease of developing MCP servers has led to a proliferation of tools, it has also created a state of "chaos" in many organizations, with fragmented adoption and security risks. Obot’s approach of providing a centralized, open-source control plane is a pragmatic solution. The choice to build a custom proxy to gain deep protocol-level visibility is particularly insightful, distinguishing this project from more conventional solutions.

A key challenge highlighted in the video is the current state of MCP adoption. While developers are "all in," many core IT and business users are still unaware of the protocol. This suggests that the next phase of MCP adoption will depend not just on developer tools but on platforms like Obot that make it accessible, secure, and manageable for the broader enterprise. The Obot Gateway's focus on a polished user experience and robust administrative features is a step in the right direction to bridge this gap and accelerate enterprise-wide adoption.

Acknowledgements

This article series is based on insights from the talk "Introducing Obot MCP Gateway,"6 presented by Craig Jelik, Co-founder of Acorn, and hosted by The Context - MCP Ecosystem Livestream. We thank Craig for his valuable contribution and insights into the design and implementation of the Obot platform. We also extend our gratitude to the broader MCP and AI community for their continued work on open standards and protocols.

References

  1. Obot AI Launches MCP Gateway to Help Enterprises Manage, Secure, and Scale AI Integration 

  2. Demonstration of retrieving recent Gmail messages from the MCP server at 7 min 34 sec in the video. 

  3. Example of connecting to external clients like VS Code explained at 23 min 43 sec in the video. 

  4. Obot Docs 

  5. Obot-platform/obot: Open-source MCP Gateway and AI Platform 

  6. Introducing Obot MCP Gateway | Open Source MCP Server Management 

Top comments (0)