cortex-gateway

One MCP server in front of all your apps — with each app's own permissions, per user

Cortex Gateway is an open-source, self-hosted MCP gateway. Agents connect to a single OAuth 2.1-protected URL; the gateway federates the tools of every app behind it and propagates the real user identity — so each app's native permission model applies automatically, at the user level. Nothing to mirror, nothing to sync, no service-account flattening.

Get started on GitHub →

MIT-licensed · Docker image on GHCR · hosted demo you can plug into Claude in 30 seconds

How it works

[MCP agent: Claude Desktop / claude.ai / OpenClaw / Hermes / ...]
         │  HTTPS + OAuth 2.1 JWT (Bearer)
         ▼
[cortex-gateway]   ←— thin gateway, no business logic
         │  the SAME JWT propagated (RFC 8707)
         ▼
[your backends]    ←— domain owners, plain HTTP, own their ACLs

A backend is a dedicated MCP reduced to its essence: a tool catalog plus tool invocation over bare HTTP (~120-line contract, no MCP library). The transport and lifecycle machinery — initialize, sessions, SSE, version negotiation — lives once, in the gateway. Native third-party MCP servers federate through the built-in proxy adapter with a per-user encrypted token vault.

What you get

CapabilityHow
User-level permissions, automaticallyIdentity propagation: your JWT to first-party backends, the user's own linked token to third-party MCP servers. The app that owns the permission enforces it.
Scope-filtered tool catalogAgents only see (and can call) tools their token scopes allow. Scopes double as plan entitlements — free/pro tiers with zero paywall logic.
Live federationBackends are polled every 60s; new tools appear without redeploying, with SSE tools/list_changed push.
Audit & revocationOne pseudonymized audit line per call; central OAuth revocation cuts every backend at once.
Context-efficient tools/listBackend filtering + a compact search mode (~80% smaller payloads for programmatic agents).

Connect your client

claude.ai (web & mobile)Custom Connectors — the 30-second path Claude DesktopRemote MCP server with OAuth Claude CodeCLI: one command, OAuth in the browser OpenClawopenclaw mcp add + oauth login Hermes AgentTwo lines of YAML, DCR handled

Comparing options?

Composio alternativeSelf-hosted vs hosted tool platform Pipedream MCP alternativeOwn your token vault and audit trail

FAQ

Is Cortex Gateway free?

Yes — MIT-licensed, self-hosted. You run it on your own infrastructure (a small VM or the Docker image). There is no hosted plan and no usage billing.

Does it work with any OAuth server?

Any OAuth 2.1 authorization server that issues RS256 JWTs with a JWKS endpoint works. The repo ships a complete demo authorization server (DCR, PKCE, magic-link signup) you can start from.

Can it federate existing third-party MCP servers?

Yes, through the built-in MCP→backend proxy adapter (beta): it speaks real MCP downstream and holds per-user OAuth tokens in an AES-256-GCM vault, so providers see each user's own account — their seat, their rate limits, their permissions.

How is this different from Composio or Pipedream?

Those are hosted tool platforms with large connector catalogs. Cortex Gateway is self-hosted infrastructure: your token vault, your audit trail, your OAuth perimeter, and a tiny contract for your own apps. See the detailed Composio and Pipedream pages.