MCP gateway

One gateway in front of every tool call.

Point your agents at the gateway instead of the tool. It checks identity, inspects the payload, applies your policy, and answers allow, deny, or hold, all on the request path and all in under 100 milliseconds.

Open the console Read the docs

Drop-in · default-deny allowlist · decision in <100ms

add to your MCP client

{
  "mcpServers": {
    "your-server": {
      "command": "npx @axiorank/mcp-gateway",
      "env": { "AXR_KEY": "axr_live_…" }
    }
  }
}

every call now runs the gateway

<0ms

Decision on the hot path

Checks per call

Agent rewrites

Directions governed

Drop-in

No agent rewrite. Just a new address.

Route tool calls through the gateway with the SDK or a single HTTP call. The same one-line change governs the agents you run and verifies the agents that visit you.

import { AxioRank } from "@axiorank/sdk";
const axio = new AxioRank({ apiKey: process.env.AXR_KEY });

const { decision, risk } = await axio.toolCall({
  tool: "db.query",
  arguments: { sql },
});
if (decision !== "allow") throw new Error("blocked by the gateway");

Both directions

The gateway governs outbound tool calls and verifies inbound agents that reach your site, so one control plane covers both sides.

The hot path

Watch a call travel the pipeline.

Pick an example call and step through it. The score and the verdict are computed in your browser by the same functions the gateway runs in production.

Example call

Validate
Identity
Score
Policy
Egress
Audit
Quota
Decision

1 / 8

AuthorizationBearer axr_tok_…

verifiedlocally, no database round-trip

expiresin 14m 51s

Tool allowlist

Default-deny per server, pinned against silent changes.

Allow exactly the tools each server should expose. Pin the set so a server that quietly adds a dangerous tool is denied until you approve the change.

A connected server can change its tool list at any time. Default-deny means a new tool is blocked until you allow it, so a quiet expansion never becomes a quiet escalation.

Pinned against a rug pull

Pin the tool set a server exposes and any added or altered tool is denied until you review it.

server: github

repos.read
issues.read
issues.write
repos.deletedenied · not allowed

Secrets broker

Your agents never hold the credential.

Store an upstream credential once. The gateway injects it into the request at call time, bound to a target host, and it never reaches your agent or your audit log.

Team and above

What your agent sends

POST /api/orders
{ "item": "SKU-204" }

What reaches the upstream

POST /api/orders
Authorization: Bearer «injected, bound to host»
{ "item": "SKU-204" }

Record and limit

Every decision is logged, redacted, and counted.

The same pass that decides the call also records it and meters it, with no extra round trips.

Redacted audit log

An append-only record of every decision, with secrets fingerprinted, never stored raw.

See content inspection

Quota and rate limits

Per-workspace volume and request-rate limits, enforced on the same hot path.

See plan limits

Keep exploring

Put a gateway in front of every tool call.

Drop in the SDK or point your MCP client at the gateway, and govern the agents you run and the agents that visit you from one place.

Open the console Read the docs

One gateway in front of every tool call.

No agent rewrite. Just a new address.

Watch a call travel the pipeline.

Default-deny per server, pinned against silent changes.

Your agents never hold the credential.

Every decision is logged, redacted, and counted.

Redacted audit log

Quota and rate limits

Continue across the control plane.

Agent identity

Policy engine

Content inspection

Automated response

Threat intelligence

Developers

Pricing

Put a gateway in front of every tool call.