Server data from the Official MCP Registry
Self-hosted federated MCP gateway: one OAuth 2.1 MCP server in front of N apps, user-level scopes.
Self-hosted federated MCP gateway: one OAuth 2.1 MCP server in front of N apps, user-level scopes.
Remote endpoints: streamable-http: https://mcp.cortex-gateway.dev/mcp
Valid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.
Endpoint verified · Open access · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: CORTEX_CANONICAL_URI
Environment variable: OAUTH_ISSUER
Environment variable: CORTEX_BACKENDS
Environment variable: CORTEX_TECHNICAL_TOKEN
Remote Plugin
No local installation needed. Your AI client connects to the remote endpoint directly.
Add this to your MCP configuration to connect:
{
"mcpServers": {
"io-github-wellknownmcp-cortex-gateway": {
"env": {
"OAUTH_ISSUER": "your-oauth-issuer-here",
"CORTEX_BACKENDS": "your-cortex-backends-here",
"CORTEX_CANONICAL_URI": "your-cortex-canonical-uri-here",
"CORTEX_TECHNICAL_TOKEN": "your-cortex-technical-token-here"
},
"url": "https://mcp.cortex-gateway.dev/mcp"
}
}
}From the project's GitHub README.
A federated MCP gateway: one spec-compliant, OAuth-protected MCP server in front of N plain-HTTP backends.
Your business apps stay ordinary web services. Each one exposes a single
POST /api/cortex/backend endpoint (a ~120-line contract, no MCP library, no
stdio). The gateway discovers their tools, merges them into one MCP catalog,
enforces OAuth 2.1 + scopes, routes tools/call to the owning backend, and
keeps a pseudonymized audit trail.
A backend is a dedicated MCP reduced to its essence: a tool catalog plus tool invocation (and optional prompts/resources) over bare HTTP JSON-RPC — the transport and lifecycle machinery (initialize, sessions, SSE, version negotiation) lives once, in the gateway. Because the contract is a semantic subset of MCP, a native MCP server can also be federated through the built-in MCP→backend proxy adapter (docs/mcp-adapter.md).
[MCP agent: Claude Desktop / claude.ai Custom Connector / any MCP client]
│ HTTPS + OAuth 2.1 JWT (Bearer)
▼
[cortex-gateway] ←— thin gateway, no business logic
│ HTTPS + the same JWT propagated (RFC 8707)
▼
[your backends] ←— domain owners, plain HTTP, own their ACLs
tools/list; the rest keeps working.report_missing_capability
tickets when a tool is missing or insufficient — deduplicated, triaged,
optionally pushed to a webhook when blocking.Company-wide agent surface. An organization runs N internal apps (CRM, quality docs, billing, analytics...). Each app adds the ~120-line backend endpoint; the gateway exposes them as ONE MCP connector protected by the company's SSO. Employees plug a single URL into Claude Desktop / claude.ai and get exactly the tools their token scopes allow, with a central audit trail. This is the setup the gateway was born in.
Product builder. You ship several products and want agents (yours or your customers') to operate them. Instead of maintaining one MCP server per product, every product implements the backend contract and the gateway is your single, versioned, OAuth-protected agent API. Adding a product to the agent surface is one env var.
Thematic hub / curated registry. Run a gateway as a topic endpoint —
e.g. "all open-data tools for domain X" — that federates several providers
behind one URL with one token. The scope model gives you per-provider
opt-in, get_help/get_snapshot give agents self-describing discovery, and
the audit trail tells you what is actually used. Providers either speak the
(deliberately tiny) backend contract natively, or — for off-the-shelf MCP
servers — get fronted by the built-in MCP→backend proxy adapter
(docs/mcp-adapter.md).
Free / paid tool tiers. Scopes are entitlements. Let your authorization
server grant mcp:yourapp:basic to free users and mcp:yourapp:pro to
paying ones (your billing webhook updates the grant): the gateway then shows
and allows each caller exactly the tools of their plan — no paywall logic in
the gateway or the backends, tools just declare their scope. Revocation and
downgrades propagate through the normal OAuth chain.
The built-in MCP→backend proxy adapter lets a bundle mix contract backends and off-the-shelf native MCP servers (Canva, Figma, ...): the adapter is an MCP client downstream (initialize, sessions, SSE framing) and a plain backend upstream, so the gateway core does not change. Per-user downstream OAuth is handled by a token vault (AES-256-GCM at rest) and a linking flow (RFC 9728 discovery, Dynamic Client Registration, PKCE): each user consents once per provider, then agents are identified on the whole bundle with a single Cortex token. See docs/mcp-adapter.md for a worked "design bundle" example (Canva + Figma + your own backend).
client_credentials flow once your AS supports it.listChanged notifications, DELETE session termination)scopes_supported in discovery is derived live from
the federated catalogtools/list_changed pushwhoami (aggregated identity across backends),
find_tools, report_missing_capability, list_cortex_tickets,
list_cortex_resources, read_cortex_resource, plus a self-describing
cortex://architecture resource generated livegit clone https://github.com/wellknownmcp/cortex-gateway
cd cortex-gateway
npm install
# 1. Start the demo backend (dependency-free)
node examples/demo-backend/server.mjs &
# 2. Configure the gateway
cat > .env.local <<'EOF'
OAUTH_ISSUER=https://auth.example.com
CORTEX_BACKENDS=demo
CORTEX_BACKEND_DEMO_URL=http://127.0.0.1:4820
CORTEX_TECHNICAL_TOKEN=demo-technical-token
CORTEX_DEV_BYPASS_TOKEN=dev-secret
CORTEX_DEV_BYPASS_SCOPES=mcp:demo:read
EOF
# 3. Run it
npm run dev
# 4. Talk MCP (dev bypass replaces the Bearer JWT locally)
curl -s http://localhost:3213/mcp \
-H 'Content-Type: application/json' \
-H 'X-Dev-Mode: dev-secret' \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}' | jq '.result.tools[].name'
# → whoami, ..., demo_get_help, demo_echo, demo_get_time
curl -s http://localhost:3213/mcp \
-H 'Content-Type: application/json' \
-H 'X-Dev-Mode: dev-secret' \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"demo_echo","arguments":{"message":"hello"}}}' | jq
In production you point OAUTH_ISSUER at your OAuth 2.1 authorization
server (any server that issues RS256 JWTs with a JWKS endpoint and supports
the scope claim), and MCP clients connect to https://your-host/mcp with
a Bearer token whose aud is the gateway's canonical URI.
list_tools +
your tools (docs/backend-contract.md, reference
implementation in examples/demo-backend/).CORTEX_BACKENDS=demo,docs
CORTEX_BACKEND_DOCS_URL=http://127.0.0.1:4001
docs_* tools within 60s and pushes
tools/list_changed to connected clients.Everything is env-driven — see .env.example for the full annotated list. The essentials:
| Variable | Required | Purpose |
|---|---|---|
CORTEX_CANONICAL_URI | prod | Canonical MCP resource URI (RFC 9728), default JWT audience |
OAUTH_ISSUER | yes | Your OAuth 2.1 authorization server |
CORTEX_BACKENDS + CORTEX_BACKEND_<ID>_URL | yes | Federated backends |
CORTEX_TECHNICAL_TOKEN | yes | Static token for catalog discovery (catalog methods only) |
CORTEX_ALLOWED_ORIGINS | prod | Web origins allowed (exact or *.suffix) |
CORTEX_DATABASE_URL | no | PostgreSQL for audit persistence + gateway tickets |
CORTEX_TICKET_WEBHOOK_URL | no | Webhook for blocking missing-capability tickets |
CORTEX_WEBSITE_URL | no | websiteUrl shown by MCP clients (default: the gateway origin). Server icons: replace public/icon-{light,dark}.png |
sub; foreign session ids get 404.npm run typecheck # tsc --noEmit
npm test # vitest
npm run build # prisma generate + next build
The database is optional in every environment: without CORTEX_DATABASE_URL
the audit stays on stdout and gateway-local tickets are disabled.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.