Forem: Rodrigo Serra Coelho The latest articles on Forem by Rodrigo Serra Coelho (@rodrigo_serracoelho_bba4). https://forem.com/rodrigo_serracoelho_bba4 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F2051928%2Fcdf6f7cd-0771-46c2-afc6-265496b41092.jpeg Forem: Rodrigo Serra Coelho https://forem.com/rodrigo_serracoelho_bba4 en MCP in Production: Routing LLM Tool Calls Through an API Gateway Rodrigo Serra Coelho Sun, 29 Mar 2026 09:42:53 +0000 https://forem.com/rodrigo_serracoelho_bba4/mcp-in-production-routing-llm-tool-calls-through-an-api-gateway-2fbj https://forem.com/rodrigo_serracoelho_bba4/mcp-in-production-routing-llm-tool-calls-through-an-api-gateway-2fbj <h2> MCP in Production: Routing LLM Tool Calls Through an API Gateway </h2> <p>Your LLM can now call tools. But who controls which tools it can call, how often, and with what credentials?</p> <p>Model Context Protocol (MCP) gives LLMs a standard way to discover and invoke external tools — databases, APIs, file systems, anything you expose as a tool server. The protocol is clean and simple: JSON-RPC 2.0 over HTTP.</p> <p>But "clean and simple" doesn't mean "production-ready." The moment you have multiple MCP servers, multiple LLM clients, and real users, you need the same infrastructure you'd need for any API: authentication, authorization, rate limiting, load balancing, failover, and observability.</p> <p>That's what an API gateway does. So we built one for MCP.</p> <h2> The Problem </h2> <p>Here's a typical MCP setup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>LLM Client → MCP Server A (database queries) LLM Client → MCP Server B (email sending) LLM Client → MCP Server C (code execution) </code></pre> </div> <p>This works fine on a developer's laptop. In production, you need answers to:</p> <ul> <li> <strong>Who is allowed to call which tools?</strong> An intern's AI assistant shouldn't have access to the production database tool.</li> <li> <strong>How do you enforce rate limits?</strong> An LLM in a retry loop can hammer a tool server with thousands of requests per minute.</li> <li> <strong>What happens when a tool server goes down?</strong> Your LLM client gets a connection error and the user sees a failure.</li> <li> <strong>How do you add a new tool server?</strong> Reconfigure every client? Redeploy?</li> <li> <strong>Where are the logs?</strong> When the CEO asks why the AI sent 400 emails, you need an answer.</li> </ul> <p>These aren't hypothetical problems. They're the same problems every API faces at scale, and they have the same solution: put a gateway in front.</p> <h2> Architecture </h2> <p>CAPI's MCP Gateway runs as a dedicated Undertow server (default port 8383) alongside CAPI's existing REST, WebSocket, and gRPC gateways. All MCP traffic flows through a single endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">POST /mcp </span></code></pre> </div> <p>Every request is a JSON-RPC 2.0 message. The gateway understands four methods:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Method</th> <th>Purpose</th> </tr> </thead> <tbody> <tr> <td><code>initialize</code></td> <td>Create a session, get capabilities</td> </tr> <tr> <td><code>tools/list</code></td> <td>Discover all available tools</td> </tr> <tr> <td><code>tools/call</code></td> <td>Invoke a specific tool</td> </tr> <tr> <td><code>ping</code></td> <td>Health check</td> </tr> </tbody> </table></div> <p>The gateway isn't a proxy that blindly forwards bytes. It understands the MCP protocol: it parses JSON-RPC, validates sessions, resolves tool names to backend services, enforces policies, and routes the call to the right server.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ┌─────────────────────────────────┐ │ CAPI MCP Gateway │ │ POST /mcp │ LLM Clients ─────────► │ │ │ ┌──────────┐ ┌──────────────┐ │ │ │ Sessions │ │ Tool Registry│ │ │ └──────────┘ └──────────────┘ │ │ ┌──────────┐ ┌──────────────┐ │ │ │ OAuth2 │ │ OPA Policy │ │ │ └──────────┘ └──────────────┘ │ │ ┌──────────┐ ┌──────────────┐ │ │ │Throttling│ │Load Balancer │ │ │ └──────────┘ └──────────────┘ │ └──────┬──────────┬──────────┬────┘ │ │ │ ▼ ▼ ▼ MCP Server MCP Server REST API (native) (native) (wrapped) </code></pre> </div> <h2> Zero-Config Tool Discovery </h2> <p>Here's where it gets interesting. CAPI uses HashiCorp Consul for service discovery. You register your MCP tools as Consul service metadata — no gateway reconfiguration needed.</p> <p>A service with MCP tools registers like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"Name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"order-service"</span><span class="p">,</span><span class="w"> </span><span class="nl">"Tags"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"capi"</span><span class="p">],</span><span class="w"> </span><span class="nl">"Meta"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"mcp-enabled"</span><span class="p">:</span><span class="w"> </span><span class="s2">"true"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mcp-toolPrefix"</span><span class="p">:</span><span class="w"> </span><span class="s2">"orders"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mcp-tools"</span><span class="p">:</span><span class="w"> </span><span class="s2">"search,create,cancel"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mcp-tools-search-description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Search orders by customer ID, date range, or status"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mcp-tools-search-inputSchema"</span><span class="p">:</span><span class="w"> </span><span class="s2">"{</span><span class="se">\"</span><span class="s2">type</span><span class="se">\"</span><span class="s2">:</span><span class="se">\"</span><span class="s2">object</span><span class="se">\"</span><span class="s2">,</span><span class="se">\"</span><span class="s2">properties</span><span class="se">\"</span><span class="s2">:{</span><span class="se">\"</span><span class="s2">customerId</span><span class="se">\"</span><span class="s2">:{</span><span class="se">\"</span><span class="s2">type</span><span class="se">\"</span><span class="s2">:</span><span class="se">\"</span><span class="s2">string</span><span class="se">\"</span><span class="s2">},</span><span class="se">\"</span><span class="s2">status</span><span class="se">\"</span><span class="s2">:{</span><span class="se">\"</span><span class="s2">type</span><span class="se">\"</span><span class="s2">:</span><span class="se">\"</span><span class="s2">string</span><span class="se">\"</span><span class="s2">,</span><span class="se">\"</span><span class="s2">enum</span><span class="se">\"</span><span class="s2">:[</span><span class="se">\"</span><span class="s2">pending</span><span class="se">\"</span><span class="s2">,</span><span class="se">\"</span><span class="s2">shipped</span><span class="se">\"</span><span class="s2">,</span><span class="se">\"</span><span class="s2">delivered</span><span class="se">\"</span><span class="s2">]}},</span><span class="se">\"</span><span class="s2">required</span><span class="se">\"</span><span class="s2">:[</span><span class="se">\"</span><span class="s2">customerId</span><span class="se">\"</span><span class="s2">]}"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mcp-tools-create-description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Create a new order"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mcp-tools-create-inputSchema"</span><span class="p">:</span><span class="w"> </span><span class="s2">"{</span><span class="se">\"</span><span class="s2">type</span><span class="se">\"</span><span class="s2">:</span><span class="se">\"</span><span class="s2">object</span><span class="se">\"</span><span class="s2">,</span><span class="se">\"</span><span class="s2">properties</span><span class="se">\"</span><span class="s2">:{</span><span class="se">\"</span><span class="s2">customerId</span><span class="se">\"</span><span class="s2">:{</span><span class="se">\"</span><span class="s2">type</span><span class="se">\"</span><span class="s2">:</span><span class="se">\"</span><span class="s2">string</span><span class="se">\"</span><span class="s2">},</span><span class="se">\"</span><span class="s2">items</span><span class="se">\"</span><span class="s2">:{</span><span class="se">\"</span><span class="s2">type</span><span class="se">\"</span><span class="s2">:</span><span class="se">\"</span><span class="s2">array</span><span class="se">\"</span><span class="s2">}},</span><span class="se">\"</span><span class="s2">required</span><span class="se">\"</span><span class="s2">:[</span><span class="se">\"</span><span class="s2">customerId</span><span class="se">\"</span><span class="s2">,</span><span class="se">\"</span><span class="s2">items</span><span class="se">\"</span><span class="s2">]}"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mcp-tools-cancel-description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Cancel an existing order by ID"</span><span class="p">,</span><span class="w"> </span><span class="nl">"mcp-tools-cancel-inputSchema"</span><span class="p">:</span><span class="w"> </span><span class="s2">"{</span><span class="se">\"</span><span class="s2">type</span><span class="se">\"</span><span class="s2">:</span><span class="se">\"</span><span class="s2">object</span><span class="se">\"</span><span class="s2">,</span><span class="se">\"</span><span class="s2">properties</span><span class="se">\"</span><span class="s2">:{</span><span class="se">\"</span><span class="s2">orderId</span><span class="se">\"</span><span class="s2">:{</span><span class="se">\"</span><span class="s2">type</span><span class="se">\"</span><span class="s2">:</span><span class="se">\"</span><span class="s2">string</span><span class="se">\"</span><span class="s2">}},</span><span class="se">\"</span><span class="s2">required</span><span class="se">\"</span><span class="s2">:[</span><span class="se">\"</span><span class="s2">orderId</span><span class="se">\"</span><span class="s2">]}"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The gateway's <code>McpToolRegistry</code> polls the Consul service cache and builds a unified tool catalog. When an LLM client calls <code>tools/list</code>, it gets every tool from every registered service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"jsonrpc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"tools"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"orders_search"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Search orders by customer ID, date range, or status"</span><span class="p">,</span><span class="w"> </span><span class="nl">"inputSchema"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"orders_create"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Create a new order"</span><span class="p">,</span><span class="w"> </span><span class="nl">"inputSchema"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"email_send"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Send an email to a recipient"</span><span class="p">,</span><span class="w"> </span><span class="nl">"inputSchema"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">]</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Deploy a new service with <code>mcp-enabled: true</code> in Consul, and its tools appear in the catalog automatically. Remove the service, and they disappear. No gateway restart required.</p> <h2> Two Flavors of Backend </h2> <p>The gateway supports two types of tool backends:</p> <p><strong>REST APIs (default):</strong> Your existing REST services. The gateway translates <code>tools/call</code> into an HTTP request to the service. You expose tools via Consul metadata without touching your service code.</p> <p><strong>Native MCP servers:</strong> Backends that speak the MCP protocol natively (<code>mcp-type: server</code>). The gateway initializes a session with the backend, discovers its tools via <code>tools/list</code>, and forwards <code>tools/call</code> requests directly. This is useful when you already have MCP servers and want to aggregate them behind a single gateway.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># REST backend — gateway translates tool calls to HTTP</span> <span class="na">mcp-type</span><span class="pi">:</span> <span class="s">rest</span> <span class="c1"># (default)</span> <span class="c1"># Native MCP backend — gateway proxies JSON-RPC</span> <span class="na">mcp-type</span><span class="pi">:</span> <span class="s">server</span> </code></pre> </div> <p>For native MCP backends, the gateway handles session lifecycle with each backend independently — your LLM client maintains a single session with the gateway, while the gateway maintains separate sessions with each backend server.</p> <h2> Authentication: OAuth2 at the Gate </h2> <p>When OAuth2 is enabled, the <code>initialize</code> call requires a valid Bearer token:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="err">POST</span><span class="w"> </span><span class="err">/mcp</span><span class="w"> </span><span class="err">Authorization:</span><span class="w"> </span><span class="err">Bearer</span><span class="w"> </span><span class="err">eyJhbGciOiJSUzI</span><span class="mi">1</span><span class="err">NiIs...</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"jsonrpc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"method"</span><span class="p">:</span><span class="w"> </span><span class="s2">"initialize"</span><span class="p">,</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The gateway validates the token against your OIDC provider (Keycloak, Auth0, Okta — anything with a JWKS endpoint). If valid, it creates a session bound to the client's identity:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"jsonrpc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"result"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"protocolVersion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2025-03-26"</span><span class="p">,</span><span class="w"> </span><span class="nl">"capabilities"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"tools"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"listChanged"</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"serverInfo"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"name"</span><span class="p">:</span><span class="w"> </span><span class="s2">"CAPI MCP Gateway"</span><span class="p">,</span><span class="w"> </span><span class="nl">"version"</span><span class="p">:</span><span class="w"> </span><span class="s2">"4.3.0"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>The response includes a <code>Mcp-Session-Id</code> header. All subsequent requests must include this header. Sessions expire after a configurable TTL (default: 30 minutes), with a sliding window — active sessions stay alive.</p> <h2> Authorization: OPA for Fine-Grained Policy </h2> <p>Authentication tells you <em>who</em> the caller is. Authorization tells you <em>what they're allowed to do</em>. CAPI delegates authorization to Open Policy Agent (OPA).</p> <p>Each service can define an OPA policy via Consul metadata. When a <code>tools/call</code> request arrives, the gateway sends the caller's token to OPA along with the service's policy. OPA returns allow or deny.</p> <p>This means you can write policies like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight rego"><code><span class="c1"># Only users with "admin" role can call order cancellation tools</span> <span class="ow">default</span> <span class="n">allow</span> <span class="o">=</span> <span class="kc">false</span> <span class="n">allow</span> <span class="p">{</span> <span class="n">input</span><span class="p">.</span><span class="n">token</span><span class="p">.</span><span class="n">realm_access</span><span class="p">.</span><span class="n">roles</span><span class="p">[</span><span class="n">_</span><span class="p">]</span> <span class="o">==</span> <span class="s2">"admin"</span> <span class="n">input</span><span class="p">.</span><span class="n">service</span><span class="p">.</span><span class="n">category</span> <span class="o">==</span> <span class="s2">"orders"</span> <span class="p">}</span> <span class="c1"># Data team can query but not mutate</span> <span class="n">allow</span> <span class="p">{</span> <span class="n">input</span><span class="p">.</span><span class="n">token</span><span class="p">.</span><span class="n">realm_access</span><span class="p">.</span><span class="n">roles</span><span class="p">[</span><span class="n">_</span><span class="p">]</span> <span class="o">==</span> <span class="s2">"data-analyst"</span> <span class="n">input</span><span class="p">.</span><span class="n">service</span><span class="p">.</span><span class="n">category</span> <span class="o">==</span> <span class="s2">"orders"</span> <span class="ow">not</span> <span class="n">endswith</span><span class="p">(</span><span class="n">input</span><span class="p">.</span><span class="n">tool</span><span class="p">.</span><span class="n">name</span><span class="p">,</span> <span class="s2">"_create"</span><span class="p">)</span> <span class="ow">not</span> <span class="n">endswith</span><span class="p">(</span><span class="n">input</span><span class="p">.</span><span class="n">tool</span><span class="p">.</span><span class="n">name</span><span class="p">,</span> <span class="s2">"_cancel"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>If the policy denies the request, the LLM gets a JSON-RPC error:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"jsonrpc"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2.0"</span><span class="p">,</span><span class="w"> </span><span class="nl">"error"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"code"</span><span class="p">:</span><span class="w"> </span><span class="mi">-32000</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Access denied by policy"</span><span class="w"> </span><span class="p">},</span><span class="w"> </span><span class="nl">"id"</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>This is critical. Without gateway-level authorization, every tool server needs its own auth logic, and you're one misconfiguration away from an LLM accessing something it shouldn't.</p> <h2> Load Balancing and Failover </h2> <p>Tool backends can run on multiple instances. The gateway's <code>McpBackendLoadBalancer</code> distributes calls with round-robin rotation and a circuit breaker:</p> <ol> <li>Get all healthy instances of the target service from Consul</li> <li>Rotate through them round-robin</li> <li>If an instance fails, mark it as circuit-broken for 30 seconds (configurable)</li> <li>Circuit-broken instances are deprioritized but not removed — they're tried last as a fallback</li> <li>For synchronous tool calls, the gateway tries each instance in order until one succeeds </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>tools/call "orders_search" ├─ Try instance-1 (healthy) → 503 → mark circuit-broken ├─ Try instance-2 (healthy) → 200 ✓ return result └─ instance-3 (circuit-broken, not tried) </code></pre> </div> <p>Your LLM client sees a single reliable endpoint. Backend failures are invisible.</p> <h2> Streaming with SSE </h2> <p>Some tools produce output incrementally — think code generation, log tailing, or long-running queries. The gateway supports streaming via Server-Sent Events.</p> <p>Mark a tool as streaming in Consul metadata:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"mcp-streaming"</span><span class="p">:</span><span class="w"> </span><span class="s2">"generate,tail_logs"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>When the client sends <code>Accept: text/event-stream</code>, the gateway streams the backend response line by line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span> <span class="na">Content-Type</span><span class="p">:</span> <span class="s">text/event-stream</span> <span class="na">Cache-Control</span><span class="p">:</span> <span class="s">no-cache</span> data: {"jsonrpc":"2.0","result":{"content":[{"type":"text","text":"Processing..."}]},"id":3} data: {"jsonrpc":"2.0","result":{"content":[{"type":"text","text":"Found 42 results"}]},"id":3} data: {"jsonrpc":"2.0","result":{"content":[{"type":"text","text":"Done."}]},"id":3} </code></pre> </div> <h2> Distributed Sessions with Hazelcast </h2> <p>In a single-instance deployment, sessions live in an in-memory cache (cache2k). But if you're running multiple gateway instances — say, behind a Kubernetes service — sessions need to be shared.</p> <p>When Hazelcast is enabled, <code>HazelcastMcpSessionStore</code> distributes sessions across all gateway instances with automatic TTL-based expiration. A client can <code>initialize</code> on one gateway pod and <code>tools/call</code> on another.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># Single instance — sessions in memory</span> <span class="na">capi.throttle.enabled</span><span class="pi">:</span> <span class="kc">false</span><span class="s"> → LocalMcpSessionStore (cache2k)</span> <span class="c1"># Multi-instance — sessions distributed</span> <span class="na">capi.throttle.enabled</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> → HazelcastMcpSessionStore (IMap)</span> </code></pre> </div> <h2> Configuration </h2> <p>The MCP Gateway is opt-in. Enable it with a few properties:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">capi</span><span class="pi">:</span> <span class="na">mcp</span><span class="pi">:</span> <span class="na">enabled</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8383</span> <span class="na">sessionTtl</span><span class="pi">:</span> <span class="m">1800000</span> <span class="c1"># 30 min</span> <span class="na">toolCallTimeout</span><span class="pi">:</span> <span class="m">30000</span> <span class="c1"># 30 sec per tool call</span> <span class="na">circuitBreakerCooldownMs</span><span class="pi">:</span> <span class="m">30000</span> <span class="c1"># 30 sec circuit breaker</span> </code></pre> </div> <p>That's it. Tool discovery, authentication, authorization, load balancing, and session management are all inherited from CAPI's existing infrastructure.</p> <h2> What It Looks Like End to End </h2> <p>Here's a complete flow — an LLM assistant looking up a customer's orders:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 1. Initialize session (with OAuth2 token)</span> curl <span class="nt">-X</span> POST https://gateway.example.com:8383/mcp <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$TOKEN</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"jsonrpc":"2.0","method":"initialize","id":1}'</span> <span class="c"># Response includes Mcp-Session-Id header</span> <span class="c"># Mcp-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890</span> <span class="c"># 2. Discover available tools</span> curl <span class="nt">-X</span> POST https://gateway.example.com:8383/mcp <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Mcp-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"jsonrpc":"2.0","method":"tools/list","id":2}'</span> <span class="c"># 3. Call a tool</span> curl <span class="nt">-X</span> POST https://gateway.example.com:8383/mcp <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Mcp-Session-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "jsonrpc": "2.0", "method": "tools/call", "params": { "name": "orders_search", "arguments": { "customerId": "C-1234", "status": "pending" } }, "id": 3 }'</span> </code></pre> </div> <h2> Why Not Just Use a Regular API Gateway? </h2> <p>You could put Kong or Envoy in front of your MCP servers. But a generic HTTP proxy doesn't understand MCP:</p> <ul> <li> <strong>Tool-level routing</strong> — A regular gateway routes by URL path. MCP routes by tool name inside the JSON-RPC body. You'd need custom Lua/Wasm plugins to parse every request.</li> <li> <strong>Tool-level authorization</strong> — OPA policies that understand which tool is being called, not just which endpoint.</li> <li> <strong>Unified tool catalog</strong> — <code>tools/list</code> aggregates tools from all backends. A reverse proxy can't do this.</li> <li> <strong>Session management</strong> — MCP sessions with TTL, sliding expiration, and distributed storage. Not just HTTP cookies.</li> <li> <strong>Protocol translation</strong> — Exposing REST APIs as MCP tools without modifying the backend service.</li> </ul> <p>A generic gateway can proxy MCP traffic. An MCP gateway <em>understands</em> it.</p> <h2> Try It </h2> <p>CAPI is open source: <a href="https://github.com/surisoft-io/capi-core" rel="noopener noreferrer">github.com/surisoft-io/capi-core</a></p> <p>The MCP Gateway ships alongside CAPI's REST, WebSocket, gRPC, and Admin gateways in a single 39MB jar. If you're already running Consul, you can have MCP tool routing in production in under an hour.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml — minimal setup</span> <span class="na">services</span><span class="pi">:</span> <span class="na">consul</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">hashicorp/consul:latest</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">8500:8500"</span><span class="pi">]</span> <span class="na">capi</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">surisoft/capi:latest</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">CAPI_MCP_ENABLED</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">CAPI_CONSUL_HOST</span><span class="pi">:</span> <span class="s">consul</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8380:8380"</span> <span class="c1"># REST gateway</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8383:8383"</span> <span class="c1"># MCP gateway</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8381:8381"</span> <span class="c1"># Admin API</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">consul</span><span class="pi">]</span> </code></pre> </div> <p><em>CAPI is built by <a href="https://github.com/surisoft-io" rel="noopener noreferrer">Rodrigo</a> and runs in production at government scale on EKS and VM clusters. If you're building LLM infrastructure and want to talk about MCP in production, open an issue or reach out.</em></p> api architecture llm mcp