Platform · MCP Gateway
How do you secure MCP tool calls with a gateway?
An MCP / tool gateway sits in front of JSON-RPC tools/list and tools/call. It pins tool names, descriptions, and schemas; detects rug-pull drift and namespace shadowing; and enforces source-to-sink policy before any tool executes — treating MCP responses as untrusted observation, not authority.
By the Ultra13 teamPublished Updated
TL;DR
- The gateway inspects tools/list and tools/call.
- Pin names, descriptions, and schemas; detect drift and shadowing.
- Enforce policy before execution.
- MCP responses inform, but cannot authorize actions outside policy.
What the gateway enforces
Schema pinning, drift and shadowing detection, tool-result labelling, and per-call inspection of name, args, resource, identity, tenant, and side effects. Background: MCP security and tool-call inspection.