Protect any MCP server with @bolyra/gateway in under 2 minutes. Zero auth code in your server.
Agent ---> @bolyra/gateway (port 4100) ---> Your MCP Server (port 3000)
| |
| verifyBundle() | just handles tools
| checkToolPolicy() | reads X-Bolyra-* headers
| rejectReplay() | no crypto, no proofs
| emitReceipt() |
The gateway sits in front of your MCP server. It verifies agent credentials, enforces per-tool permissions, prevents replay attacks, and writes signed audit receipts. Your server never imports a crypto library.
git clone https://github.com/bolyra/gateway-quickstart.git
cd gateway-quickstart
npm installTerminal 1 -- start the MCP server:
npm run serverTerminal 2 -- start the gateway:
npm run gatewayThat's it. The gateway is running on http://localhost:4100 and proxying to your server on http://localhost:3000/mcp.
curl -s http://localhost:4100 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"list_files","arguments":{}}}' | jqcurl -s http://localhost:4100 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"read_file","arguments":{"name":"hello.txt"}}}' | jqcurl -s http://localhost:4100 \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","id":3,"method":"tools/call","params":{"name":"write_file","arguments":{"name":"new.txt","content":"created via gateway"}}}' | jqcurl -s http://localhost:4100/healthz | jqEvery auth decision (allow or deny) produces a signed receipt:
ls receipts/
cat receipts/*.json | jqtarget: http://localhost:3000/mcp # your MCP server
port: 4100 # gateway listens here
devMode: true # mock verification (no real ZKP)
toolPolicy:
list_files: 1 # READ_DATA permission required
read_file: 1 # READ_DATA permission required
write_file: 2 # WRITE_DATA permission required
receipts:
file: ./receipts/The toolPolicy maps tool names to permission bitmasks. The gateway checks the agent's credential against this policy before forwarding the request. Permission reference.
After the gateway verifies a request, it injects headers:
X-Bolyra-Verified: true
X-Bolyra-DID: did:bolyra:base-sepolia:0x1a2b...
X-Bolyra-Permissions: 3
Your server reads these headers to know who passed verification. See server.js lines 23-26.
- Production mode: Remove
devMode: trueand configure real credential resolution. See the production guide. - HMAC header signing: Add
hmac.secrettogateway.yamlso your upstream can verifyX-Bolyra-*headers weren't forged. - Middleware alternative: If you prefer auth inside your server, use
@bolyra/mcpdirectly. - Full docs: bolyra.ai | GitHub
Apache-2.0
