Skip to main content
The MCP Gateway is the core of Devctrl. It sits between your AI agents and the MCP tool servers they use. Every request flows through the gateway — authenticated, authorized, rate-limited, and logged. Gateway endpoint: https://gateway.devctrl.ai/mcp Point your agents at this endpoint to route all tool calls through Devctrl. Configure your projects, identities, tasks, and policies in the console.

What it does

The gateway handles five things on every request:
  1. Authentication — verifies the agent’s bearer token against identity credentials
  2. Policy enforcement — evaluates CEL rules to allow or deny the tool call
  3. Rate limiting — enforces request limits at session, project, and global levels
  4. Proxying — forwards allowed requests to the correct upstream MCP server
  5. Audit logging — records every decision with full context

MCP protocol

The gateway speaks the Model Context Protocol (MCP) — the open standard for connecting AI agents to tools. It supports two MCP methods:
MethodPurpose
tools/listReturns available tools, filtered by the agent’s identity and policies
tools/callExecutes a tool call on the upstream server after policy evaluation
Agents connect to https://gateway.devctrl.ai/mcp using HTTP StreamableHTTP transport.

Upstream authentication

When the gateway forwards requests to your upstream MCP servers, it handles authentication automatically:
Static headers (API keys, tokens) are injected into every request to the upstream server. Configure these when you register an MCP server.
{
  "headers": {
    "X-API-Key": "your-api-key",
    "Authorization": "Bearer your-token"
  }
}
All upstream credentials are encrypted at rest.

Next steps

Connect an agent

Point your MCP client at the gateway.

Gateway overview

See the full endpoint reference and rate limiting details.