Zuplo
Changelog

MCP Gateway Public Beta

With the explosion of AI workloads, agents are being granted unprecedented access to your critical systems. The MCP Gateway, now in public beta, lets you monitor, control, and customize how agents reach your systems through MCP: a fully-managed proxy built into the Zuplo API Gateway you already run.

  • See every call: Detailed analytics on which agents are calling which tools
  • One identity layer: Gate access through a single layer that enforces your company policies
  • Least privilege by default: Filter tools by user, agent, role, or anything else, for humans and agents alike

Here’s what’s in the beta.

Virtual servers in the Portal

Create a virtual server in the Zuplo Portal and pick an upstream from the server library (Stripe, Linear, GitHub, PostHog, and more) or set up a custom one. The setup wizard walks through upstream selection, inbound authentication, tool exposure, and outbound credentials.

New MCP Gateway virtual server wizard with upstream MCP server library

Gateway authentication

  • 10+ identity providers: Auth0, WorkOS, Google, Okta, Microsoft Entra, Amazon Cognito, Keycloak, Logto, OneLogin, and Ping, all configurable from the Portal UI
  • Real client compatibility: OAuth flows work with ChatGPT Apps SDK, Claude Desktop, Claude Code, Cursor, VS Code, and other MCP clients, including Dynamic Client Registration for private_key_jwt clients
  • Stable refresh tokens: Downstream refresh tokens are no longer rotated on each use, so clients can’t become stranded by a lost refresh response

All gateway-hosted UI pages (consent, sign-in, OAuth callback) use a clean, unbranded design with domain-derived favicons, ready to serve from your custom domain.

Capability filtering

The wizard’s Tools step offers two modes: Passthrough federates the upstream’s catalog live with zero config, while Curate lets you pick the specific tools, prompts, and resources to expose, grouped by read-only versus state-modifying behavior.

Tools step of the MCP Gateway wizard in Curate mode, selecting which upstream tools to expose

Under the hood, the MCP Capability Filter policy works as an allowlist: list responses (tools/list, prompts/list, etc.) only show permitted capabilities, and direct calls to hidden capabilities are blocked before they reach the upstream server. See the capability filtering documentation.

End-user analytics

MCP Gateway events attribute usage to individual end users. The new MCP analytics dashboard shows tool calls, active sessions, error rate, and p95 latency, with top capabilities breakdown tables across your upstream servers.

MCP analytics top capabilities breakdown with call volume, error rate, and p95 latency per tool

Policy-composed routes

For code-first workflows, each upstream MCP server is a standard Zuplo route using the new McpProxyHandler, with gateway authentication, upstream credential injection, and capability filtering applied as composable inbound policies:

JSONjson
{
  "x-zuplo-route": {
    "handler": {
      "export": "McpProxyHandler",
      "module": "$import(@zuplo/runtime)",
      "options": {
        "upstream": { "url": "https://my-upstream-mcp.example.com/mcp" }
      }
    },
    "policies": {
      "inbound": [
        "mcp-oauth-inbound",
        "mcp-token-exchange-inbound",
        "mcp-capability-filter-inbound"
      ]
    }
  }
}

Because MCP servers are just routes, existing policies (rate limiting, logging, custom code) work on MCP traffic too. Four MCP policies are now public in the policy catalog: MCP OAuth, MCP Auth0 OAuth, MCP Token Exchange, and MCP Capability Filter.

Getting started

Wire up your first server and point an agent at it. It takes minutes. The MCP Gateway quickstart is the fastest way in, and the MCP Gateway documentation covers architecture details, authentication guides, and client connection instructions.