Config-driven API gateway for Model Context Protocol (MCP) - dynamic routing via YAML
Project description
Kavach MCP Gateway
Config-driven API gateway for Model Context Protocol (MCP) with dynamic routing via YAML configuration.
Integrates with other Kavach packages for logging, events, and optional security scanning.
Features
- Config-driven routing: Define all routes in a single YAML file
- No code changes for new services: Add routes by editing
routes.yaml - Path prefix matching: Routes requests based on path prefixes
- MCP tool routing: Route tool calls to the right MCP server by tool name
- Minimal overhead: Lightweight and performant routing logic
- Kavach integration:
- Structured logging via
kavach-loggerwith optional data masking - Event emission via
kavach-eventsfor route changes and matches - Optional security scanning via
kavach-shield(install with[security]extra)
- Structured logging via
Installation
pip install kavach-mcp-gateway
With optional security support:
pip install kavach-mcp-gateway[security]
Quick Start
1. Create routes configuration in your project
Create routes.yaml in your application directory:
routes:
- prefix: /auth
target: http://localhost:8001
- prefix: /users
target: http://localhost:8002
- prefix: /orders
target: http://localhost:8003
- prefix: /mcp/weather
target: http://localhost:9001
name: weather
tools:
- current
- forecast
- prefix: /mcp/github
target: http://localhost:9002
name: github
tools:
- create_issue
- list_repos
2. Use in your application
from kavach_gateway import MCPGateway
gateway = MCPGateway()
gateway.load_routes("routes.yaml")
# Get target for a request path
target = gateway.get_target("/auth/login")
# Returns: "http://localhost:8001"
# Get target for an MCP tool call
target = gateway.get_tool_target("weather.forecast")
# Returns: "http://localhost:9001"
# Check all configured routes
routes = gateway.get_routes()
# Returns: ['/auth', '/users', '/orders', '/mcp/weather']
# Check all configured MCP tools
tools = gateway.get_tools()
# Returns: ['github.create_issue', 'github.list_repos', 'weather.current', 'weather.forecast', ...]
# Reload routes (useful for hot-reloading)
gateway.reload()
API Reference
MCPGateway
Methods:
load_routes(config_path)- Load routes from YAML configuration fileget_target(path)- Get target URL for a request pathget_tool_target(tool_name)- Get target URL for an MCP tool namematch(path)- Get RouteConfig object for a pathmatch_tool(tool_name)- Get RouteConfig object for a tool nameget_routes()- Get list of all configured route prefixesget_tools()- Get list of all configured MCP tool namesreload()- Reload routes from last loaded configuration file
Events emitted (via kavach-events):
gateway_routes_loaded- When routes are successfully loadedgateway_route_matched- When a request path matches a routegateway_tool_matched- When an MCP tool name matches a routegateway_load_error- When route loading failsgateway_reload_started- When route reloading begins
SecurityScanner
Optional security scanning for requests (requires kavach-shield):
from kavach_gateway import SecurityScanner
scanner = SecurityScanner(enabled=True)
violations = scanner.scan_path("/auth/login")
Methods:
scan_path(path)- Scan request path for violationsscan_body(body)- Scan request body for violations
Integration with Other Kavach Packages
Logging
The gateway uses kavach-logger for structured logging with optional data masking:
from kavach_gateway import MCPGateway
from kavach_logger import get_logger
logger = get_logger("my.gateway", masked=True)
gateway = MCPGateway()
gateway.load_routes("routes.yaml")
Events
Subscribe to gateway events using kavach-events:
from kavach_events import event_manager
@event_manager.subscribe(["gateway_route_matched"])
async def on_route_matched(payload):
print(f"Route matched: {payload['path']} -> {payload['target']}")
gateway.load_routes("routes.yaml") # Triggers event
Security Scanning
Optional security scanning using kavach-shield:
pip install kavach-mcp-gateway[security]
from kavach_gateway import SecurityScanner
scanner = SecurityScanner(enabled=True)
violations = scanner.scan_path("/auth/login")
if violations:
print(f"Security violations found: {len(violations)}")
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kavach_mcp_gateway-0.0.1.tar.gz.
File metadata
- Download URL: kavach_mcp_gateway-0.0.1.tar.gz
- Upload date:
- Size: 6.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
45c7f21643c6fed22fbc9bae3800dbe96a8e66c08012eba61455fdd8fc4b7945
|
|
| MD5 |
2aeb2bc489052e0802611e759e637c09
|
|
| BLAKE2b-256 |
a2666ce1374eb5458f82e13dbcdba6209e869a22260e979eee3523a31dfb04d8
|
File details
Details for the file kavach_mcp_gateway-0.0.1-py3-none-any.whl.
File metadata
- Download URL: kavach_mcp_gateway-0.0.1-py3-none-any.whl
- Upload date:
- Size: 7.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d6c5cb18b91e1c64394479072a87ef9111da30f7438260b3dce8f4c0b1ec17f5
|
|
| MD5 |
757b3e03fc8b3bb146fcde7d7ec76c64
|
|
| BLAKE2b-256 |
a4ad0620964e8f9008b6f486c0afd3de3ace4fdedc97d352f7ad8ff6c5358abf
|