MCP Gateway for Agentic AI
Ferro Labs gives agent platforms a governed MCP gateway that connects Model Context Protocol servers, tools, prompts, evals, logs, and access controls.
Connect agentic systems to MCP servers with registry controls, tool ACLs, logs, prompts, and evals.
Buyer Problem
Agentic AI systems need tool access, but unmanaged MCP servers can create security, visibility, and reliability gaps across tools, prompts, users, and environments.
Target Outcome
Teams can register MCP servers, control which tools agents can access, review tool logs, govern prompts and evals, and keep the OSS runtime path available for tool execution.
Capabilities
Gateway controls for this solution
These are the gateway-level capabilities this solution depends on.
Proof Points
Evaluation evidence to review
MCP server registry, tools, ACLs, tool logs, prompts, and evals are wired.
The OSS gateway runtime can execute tool calls.
Cloud hot-path MCP tool invocation is still in progress and should be positioned as beta.
MCP activity can be connected to the same governance, logs, and policy model as other AI traffic.
Status note
Wired: MCP server registry, tools, ACLs, tool logs, prompts, and evals. OSS runtime can execute tool calls. Cloud hot-path MCP invocation is in progress and beta.
Related Features
Feature deep dives
MCP Server (Model Context Protocol)
Add MCP tool servers to your config and the gateway injects their tools into chat-completion requests, then runs the full agentic loop — tool call, execution, result injection — inside the gateway. Your client sends a standard request and receives the final text answer, streaming included, without implementing tool-calling logic.
Built-in Plugins
Plugins extend the request pipeline at three lifecycle stages — before_request, after_request, and on_error. Six ship built in, covering content filtering, token limits, response caching, request logging, rate limiting, and spend control. Each is declared in config.yaml and can be toggled independently.
Real-time Observability
Four observability layers ship in the gateway: Prometheus metrics at /metrics, opt-in OpenTelemetry tracing, structured JSON logs, and a deep /health endpoint. The OTel trace ID, the log trace_id, and the X-Request-ID header are all the same value, so you can jump from a log line straight into your tracing backend.
Rate Limiting & Access Control
Rate limiting works in three independent layers: per-IP HTTP middleware, a global token bucket applied before traffic reaches a provider, and per-API-key and per-user limits. Checks run in order — global, then per-key, then per-user — and the first exceeded limiter rejects the request with a distinct reason string.
Related Links
Next resources
FAQ
Common evaluation questions
What is an MCP gateway?
An MCP gateway gives teams a controlled layer for registering Model Context Protocol servers, exposing approved tools, logging tool calls, and applying policy to agent workflows.
Can Ferro Labs execute MCP tool calls?
Yes in the OSS gateway runtime. In the cloud hot path, MCP tool invocation is still in progress and should be treated as beta.
Can teams restrict which tools agents use?
Yes. Tool ACLs are wired so access can be constrained by approved servers, tools, projects, keys, and policy.
Validate this solution against your deployment model
Start with the open-source gateway, review the docs, or scope a managed deployment with Ferro Labs.