Mature

MCP Gateway

📄 Model Context ProtocolEU AI ActISO/IEC 42001

[EAAPL-MCP002] MCP Gateway

Category: MCP Sub-category: Integration Infrastructure Version: 1.0 Maturity: Emerging Tags: mcp-gateway, api-gateway, authentication, rate-limiting, routing, policy-enforcement, multi-server Regulatory Relevance: EU AI Act Art. 9/15, APRA CPS 234, ISO/IEC 42001 §8.4, NIST AI RMF (GOVERN 1.6, MANAGE 4.1), Privacy Act 1988 (Cth)

1. Executive Summary

The MCP Gateway Pattern introduces a dedicated intermediary layer between MCP clients (AI models and agents) and the fleet of MCP servers that expose enterprise capabilities. Rather than each client connecting directly to each server, all MCP traffic is routed through a centralised gateway that enforces authentication, authorisation, rate limiting, audit logging, and server discovery in a single, consistently governed enforcement point. The gateway presents a unified endpoint to clients while transparently proxying to the appropriate backend MCP servers based on capability routing rules.

For CIO/CTO audiences: the MCP Gateway is the API management platform for your AI integration fabric. Just as your organisation would never expose internal microservices directly to the internet without an API gateway enforcing auth and rate limits, you should not expose MCP servers directly to AI models without a corresponding enforcement layer. The gateway solves three compounding problems that emerge when MCP deployments scale beyond a handful of servers: authentication fragmentation (each server implementing auth independently with different standards), audit incompleteness (no single log of all AI-to-system interactions), and capability sprawl (clients must be reconfigured every time a server is added or retired). A well-designed gateway reduces these problems to solved infrastructure concerns, freeing application teams to focus on capability development.

2. Problem Statement

Business Problem

As MCP server deployments grow from a pilot (2–3 servers) to a production fleet (10–50+ servers), the cost of managing authentication, access policy, and audit logging per server grows linearly. Security teams cannot enforce consistent policy across independently-managed servers. Compliance teams cannot produce a unified audit trail of all AI model interactions with enterprise systems. Platform teams cannot manage server discovery and health centrally.

Technical Problem

Without a gateway, each MCP server must independently implement authentication token validation, rate limiting, and audit logging — leading to inconsistent implementations and gaps. Clients must maintain individual connection configurations for every server, and any server migration or endpoint change requires client reconfiguration. There is no single point at which to enforce cross-cutting policies (maximum tool argument payload size, blocked tool categories by caller identity, global emergency circuit breaker).

Symptoms of Absence

Different MCP servers implement authentication using different mechanisms with no consistency
A complete audit log of all AI tool invocations across the enterprise requires aggregating logs from dozens of independent servers
When a new MCP server is deployed, every client that needs it must be manually reconfigured with its endpoint
A single misbehaving AI agent consuming excessive resources cannot be throttled without server-by-server intervention
Security teams cannot block a specific tool category across all servers without contacting each server owner

Cost of Inaction

Security: Policy gaps between independently-managed servers create exploitable inconsistencies; no central kill-switch for rogue agent behaviour
Compliance: Fragmented audit logs cannot satisfy APRA CPS 234 requirements for complete, centralised records of AI system actions
Operational: Server endpoint changes break clients; no centralised health monitoring for the MCP fleet
Engineering: Each new MCP server duplicates auth and logging boilerplate, consuming 20–30% of development time per server

3. Context

When to Apply

The organisation operates 3 or more MCP servers and anticipates continued growth
Regulatory requirements demand a unified, centralised audit log of all AI-to-system interactions
Multiple AI clients (different models, different teams, different trust tiers) need differentiated access to the same set of servers
Server endpoint management (discovery, migration, versioning) needs to be decoupled from client configuration
A centralised emergency circuit breaker is required to halt all AI tool access during an incident

When NOT to Apply

Single MCP server deployment where the overhead of a gateway exceeds the benefit
All clients and servers are co-located in the same process or container and a gateway adds unnecessary network hop latency
The organisation's existing API gateway (Kong, AWS API Gateway, Azure APIM) can be extended to handle MCP-specific routing and protocol proxying natively

Prerequisites

At least one production MCP server (EAAPL-MCP001) already deployed and governed
OAuth 2.1 authorisation server or equivalent identity provider for client authentication
Service mesh or container orchestration platform for gateway deployment and availability
Centralised log management infrastructure capable of receiving structured gateway audit events

Industry Applicability

Industry	Requirement	Key Concern	Adoption Level
Financial Services	High — multiple AI systems accessing trading, risk, and reporting systems require unified access governance	Centralised audit, differentiated access tiers per regulatory boundary, emergency kill-switch	Pilot
Healthcare	High — clinical AI systems accessing multiple data sources (EHR, pathology, imaging) must have unified access records	Patient data access audit, minimum-necessary access enforcement, breach detection	Pilot
Government	High — APS AI deployments crossing agency boundaries need centralised policy enforcement	Data sovereignty, cross-agency access control, Australian Government Architecture compliance	Early Evaluation
Technology/SaaS	Medium — multi-tenant SaaS products exposing AI capabilities to customers need tenant-isolated routing	Tenant isolation, rate limiting per customer tier, usage metering	Early Adopter
Retail	Medium — AI agents accessing inventory, pricing, and fulfilment systems benefit from unified rate limiting and monitoring	Transactional consistency, rate limiting during peak trading, cost attribution per agent	Pilot

4. Architecture Overview

The MCP Gateway sits at the network boundary between MCP clients and the MCP server fleet. It operates as a transparent protocol-aware proxy: it terminates the client's MCP connection, enforces all cross-cutting policies, and establishes a new connection to the appropriate backend server on the client's behalf. The gateway is stateful in the sense that it maintains the mapping between client sessions and backend server connections for the duration of each MCP session lifecycle.

Routing is capability-driven: the gateway maintains a server registry that maps tool names, resource URI prefixes, and prompt template identifiers to the backend server responsible for each. When a client sends a tools/call request, the gateway looks up the target server, verifies the client has access to that tool, and proxies the request. Capability discovery (tools/list, resources/list, prompts/list) is aggregated across all servers the client is permitted to access — the client sees a unified capability surface, not individual server boundaries.

Policy enforcement at the gateway covers four layers: authentication (validate the client's OAuth 2.1 bearer token or mTLS certificate before any MCP message is processed), authorisation (check the authenticated identity against the access policy for the requested tool or resource), rate limiting (enforce per-client and per-server token bucket limits to prevent resource exhaustion), and content policy (enforce maximum payload sizes and block prohibited tool invocation patterns based on organisational policy).

Observability is a first-class gateway concern. Every proxied request generates a structured trace event carrying the client identity, target server, capability name, latency, and result status. These events flow to the centralised audit log and to the metrics pipeline. The gateway health endpoint exposes aggregate server fleet health so that a single monitoring check can detect any degraded backend server. An administrative API allows operators to update routing rules, adjust rate limits, and activate the emergency circuit breaker without gateway redeployment.

Wire Protocol Detail

The MCP Gateway operates as a protocol-aware transparent proxy. It must handle the full JSON-RPC 2.0 message lifecycle on both the client-facing and server-facing legs independently. The following wire exchanges illustrate the gateway's dual-handshake behaviour.

Inbound client initialisation — the gateway completes the handshake with the client using an aggregated capability set:

// Client → Gateway: initialize
{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{"tools":{},"roots":{"listChanged":true}},"clientInfo":{"name":"agent-a","version":"2.1"}}}

// Gateway → Client: aggregated initialize response (capabilities merged from permitted backend servers)
{"jsonrpc":"2.0","id":1,"result":{"protocolVersion":"2024-11-05","capabilities":{"tools":{"listChanged":true},"resources":{"subscribe":true,"listChanged":true}},"serverInfo":{"name":"mcp-gateway","version":"1.0"}}}

The gateway does NOT forward the client's initialize to any backend server at this point. It issues a separate initialize to each permitted backend server during gateway startup (or lazily on first route to that server), caches the capability responses, and synthesises the aggregated response.

Proxied tool invocation — the gateway rewrites the request to the target server, injecting the authenticated identity and correlation ID:

// Client → Gateway: tools/call
{"jsonrpc":"2.0","id":7,"method":"tools/call","params":{"name":"query_customers","arguments":{"filter":"region=AU","limit":50}}}

// Gateway → Backend Server: proxied tools/call (id remapped; _meta injected)
{"jsonrpc":"2.0","id":1042,"method":"tools/call","params":{"name":"query_customers","arguments":{"filter":"region=AU","limit":50},"_meta":{"callerIdentity":"agent-a@domain.com","correlationId":"550e8400-e29b-41d4-a716-446655440000","gatewayRequestId":"gw-20240614-001042"}}}

// Backend Server → Gateway: response
{"jsonrpc":"2.0","id":1042,"result":{"content":[{"type":"text","text":"[{\"id\":1,\"name\":\"Acme Corp\"}]"}],"isError":false}}

// Gateway → Client: response (gateway request id stripped; client's original id restored)
{"jsonrpc":"2.0","id":7,"result":{"content":[{"type":"text","text":"[{\"id\":1,\"name\":\"Acme Corp\"}]"}],"isError":false}}

Rate limit and authorisation error responses — the gateway returns structured JSON-RPC errors before proxying:

// Authorisation failure (client lacks scope for requested tool)
{"jsonrpc":"2.0","id":7,"error":{"code":-32000,"message":"Insufficient scope","data":{"required":"mcp:data:customers:read","granted":["mcp:data:orders:read"],"tool":"query_customers"}}}

// Rate limit exceeded
{"jsonrpc":"2.0","id":7,"error":{"code":-32000,"message":"Rate limit exceeded","data":{"retryAfterSeconds":30,"limit":"100 req/min","identity":"agent-a@domain.com"}}}

The gateway MUST preserve the client's original id in all responses, even though it remaps IDs internally when fanning out to multiple backend servers. ID collision between concurrent requests is managed via a gateway-internal request map (client-id → gateway-id → pending response slot).

5. Architecture Diagram

ARCHITECTURE DIAGRAM

flowchart TD subgraph Clients["MCP Clients"] A[AI Agent A] B[AI Agent B] end subgraph Gateway["MCP Gateway"] C[Auth + Policy Engine] D[Capability Router] E[Rate Limiter] F[Audit Logger] end subgraph Servers["MCP Server Fleet"] G[Server: Data Tools] H[Server: Code Execution] I[Server: Comms Tools] end subgraph Infra["Platform"] J[Server Registry] K[Centralised Audit Log] end A -->|OAuth token| C B -->|OAuth token| C C -->|verified| E E -->|allowed| D D -->|lookup| J D -->|proxy| G D -->|proxy| H D -->|proxy| I D --> F F --> K

6. Components

Component	Responsibility	Technology Examples
Protocol Proxy	Terminates client MCP connection; re-establishes connection to backend server; frames and deframes JSON-RPC 2.0 messages on both sides	Custom Node.js/Go proxy; Envoy with custom Lua filter; Kong plugin
Auth Middleware	Validates OAuth 2.1 bearer tokens via introspection or JWT signature verification; extracts identity claims for downstream policy checks	Keycloak, Auth0, AWS Cognito, Azure Entra ID token validation
Capability Router	Maintains tool-to-server and resource-URI-to-server mapping; aggregates capability lists from permitted servers for each client identity	Custom routing table; HashiCorp Consul service registry
Rate Limiter	Enforces per-client and per-server-per-client token bucket limits; returns `429 Too Many Requests` with Retry-After when limits are exceeded	Redis-backed token bucket; Kong Rate Limiting plugin; AWS API Gateway usage plans
Policy Engine	Evaluates cross-cutting access control rules (tool category blocks, data classification restrictions) against authenticated identity	Open Policy Agent (OPA), Cedar, custom rule engine
Gateway Audit Logger	Writes structured audit record for every proxied request and response before the response is forwarded to the client	Fluent Bit, OpenTelemetry Collector, AWS Kinesis Firehose
Server Registry	Stores the live endpoint map for all registered MCP servers with health status and capability metadata	Consul, etcd, AWS Service Discovery, PostgreSQL-backed custom registry

7. Implementation Steps

Step 1: Deploy the Server Registry

Before building the gateway, deploy and populate the server registry. For each MCP server, register its endpoint, transport type, capability list, access tier requirements, and health check URL. The registry is the gateway's source of truth for routing — it must be available for the gateway to start. Implement a registration API that MCP server operators use to register capabilities; do not hand-edit the registry. Include a health polling job that probes registered servers on a 30-second interval and marks degraded servers as unavailable in the routing table.

Step 2: Implement the Protocol Proxy Core

Build the gateway's protocol proxy layer. For each inbound client connection, perform the MCP initialisation handshake with the client to establish the session. Do not forward the client's initialize request directly to a backend server at this point — instead, complete the handshake at the gateway, then establish a separate initialize handshake with each backend server the client is permitted to access. Aggregate the backend servers' capability responses into a unified capabilities declaration returned to the client. This aggregation is the mechanism by which the client sees a single unified MCP server, not a fleet.

Step 3: Layer Authentication and Authorisation

Implement the auth middleware as the first handler in the request pipeline — before any routing or capability lookup. Validate the client's bearer token via the authorisation server's introspection endpoint (preferred for revocation support) or local JWT signature verification (lower latency, higher throughput). Attach the validated identity claims to the request context. Implement the authorisation check in the routing layer: before proxying a tools/call request, verify the authenticated identity is permitted to invoke the named tool on the target server. Return a JSON-RPC -32000 application error with a descriptive message for authorisation failures.

Step 4: Implement Audit Logging and Rate Limiting

Implement the audit logger as middleware that fires synchronously after the backend server returns a response but before the gateway forwards it to the client. The audit record must include: client identity, session ID, tool or resource name, target server ID, request timestamp, response timestamp, result status (success/error), and error code if applicable. Arguments should be logged in sanitised form (PII fields redacted per a configured field mask). Implement rate limiting using a Redis-backed token bucket: separate buckets per client identity and per target server, with configurable refill rates. Return 429 with a Retry-After header — never silently drop requests.

AU Compliance Note — APRA CPS 234 Attachment C & APS 330: The MCP Gateway is the single most important artefact for satisfying APRA CPS 234 Attachment C's requirement to test "the completeness and accuracy of records of access to information assets." As the unified chokepoint for all AI tool invocations, the gateway audit log is the authoritative record. APRA examiners assessing CPS 234 compliance will expect to see: (1) a centralised, tamper-evident log of every AI-to-system interaction with authenticated identity; (2) evidence that no interaction can bypass the log path (architecture diagram + penetration test); (3) log retention of at least 7 years per APS 330. The gateway's sequence-numbered audit log (with alerting on any gap) is the mechanism by which "completeness" can be demonstrated — a log with gaps cannot satisfy Attachment C. Store audit records in WORM storage (S3 Object Lock in Compliance mode, or Azure Immutable Blob Storage) and retain signed log manifests separately so that a storage compromise cannot silently delete records.

8. Security Considerations

OWASP LLM Top 10 Mapping

OWASP ID	Threat	Mitigation
LLM01	Prompt Injection via tool routing manipulation — adversarial content in tool names or arguments attempts to redirect routing	Gateway validates tool names against the server registry; reject any `tools/call` with a tool name not in the authenticated client's permitted capability set
LLM06	Excessive Agency — gateway client can invoke capabilities beyond its task scope	Per-client capability scoping: each client identity is bound to an allowlist of tools it may invoke, not the full server fleet
LLM04	Model Denial of Service — high-volume tool calls exhaust backend server capacity	Token bucket rate limiting per client and per server; global concurrency limits per backend server
LLM09	Overreliance — gateway masks backend server errors, model treats tool failure as success	Never swallow backend errors; propagate structured `isError: true` tool results with error detail
LLM08	Excessive Data Exposure — aggregated capability list reveals server architecture	Capability list returned to client includes only tools the client is permitted to invoke; server names and internal endpoints are not exposed

Additional Controls

Implement a gateway-level emergency circuit breaker (administrative API endpoint) that immediately halts all proxying; activate during incidents without requiring server-by-server intervention
Enforce mutual TLS between the gateway and all backend MCP servers; plain HTTP between gateway and backend is prohibited in production
Rotate gateway-to-server client credentials quarterly; store in secrets manager, not in gateway configuration files
Log all gateway administrative API calls (routing rule changes, rate limit adjustments, circuit breaker activations) to a separate, highly privileged audit log
Apply gateway egress filtering: the gateway process should only be able to reach registered backend server endpoints

9. Governance Artefacts

MCP Server Fleet Register — live registry of all MCP servers with endpoint, capability set, access tier, owner, and health status
Client Identity to Capability Allowlist — per-client-identity mapping of permitted tools and resources; reviewed quarterly
Gateway Audit Log — immutable record of every proxied request, retained per APRA CPS 234 requirements (minimum 7 years for financial services)
Rate Limit Configuration Record — documented per-client and per-server rate limits with justification and approval record
Circuit Breaker Activation Log — record of every emergency circuit breaker activation with trigger, duration, and approver

10. SLOs

SLO	Target	Measurement
Gateway proxy latency overhead (p99)	< 50 ms added latency vs direct server call	Trace span delta: gateway receipt to backend dispatch + backend response to client dispatch
Gateway availability	> 99.9% (no single point of failure)	Synthetic probe from multiple availability zones; alert on any single-AZ unavailability
Auth validation latency (p99)	< 20 ms for JWT validation; < 100 ms for introspection	Auth middleware span in distributed trace
Audit log completeness	100% — every proxied request has a corresponding audit record	Log gap detection job; alert on any sequence number gap
Rate limit enforcement accuracy	< 1% overshoot on configured limits under load	Load test with token bucket boundary verification

11. Cost Model

Cost Driver	Estimate	Notes
Gateway compute (ECS Fargate, 2 replicas, ap-southeast-2)	~AU$180–520/month	0.5 vCPU / 1 GB per replica at low volume; 2 vCPU / 4 GB at 10M+ calls/month. Fargate spot reduces cost ~30% for non-critical tiers
Serverless gateway (API Gateway + Lambda proxy, ap-southeast-2)	~AU$3.50 per million proxied invocations	Viable for < 5M calls/month; at 10M calls/month Lambda compute becomes comparable to container cost
Redis rate limiting state (ElastiCache cache.t3.small, ap-southeast-2)	~AU$55/month	Single-node sufficient for < 5M calls/month; cache.t3.medium (~AU$110/month) for HA cluster mode
CloudWatch log retention — 7yr APRA CPS 234 tier	~AU$0.033/GB/month	Export to S3 Glacier Deep Archive after 90-day hot tier; at 10M gateway events/month (2 KB avg) ≈ 20 GB/month ≈ AU$0.66/month in archive
Auth server / token introspection	AU$0–500/month	Often shared with existing enterprise IdP; dedicated Keycloak adds ~AU$100/month for t3.small compute
Engineering (build and integration)	4–8 weeks	Higher if extending an existing API gateway vs building custom; lower with open-source MCP gateway projects
Total TCO at 10M tool calls/month	~AU$380–650/month	Lower bound: serverless Lambda proxy + Redis + S3 audit. Upper bound: 2× Fargate containers + ElastiCache cluster + CloudWatch Insights. Excludes backend MCP server costs

12. Trade-off Analysis

Dimension	Benefit	Trade-off
Centralised policy enforcement	Single place to update auth, rate limits, and access rules for the entire fleet	Single point of failure; gateway downtime halts all AI tool access unless HA is properly implemented
Aggregated capability discovery	Clients see a unified capability surface; server topology is an implementation detail	Aggregation adds initialisation latency; capability lists must be refreshed when servers change
Protocol-aware proxying vs HTTP-level proxy	MCP session semantics (notifications, streaming) are preserved	Requires MCP-specific proxy logic; generic HTTP reverse proxies (nginx, HAProxy) are insufficient
Per-client capability scoping	Minimal blast radius per client identity	Requires ongoing maintenance of client-to-capability allowlists as new tools are added
Synchronous audit log write	Guaranteed audit completeness	Adds 5–20 ms latency to every proxied response; audit log availability becomes critical path

13. Failure Modes

Failure	Trigger	Recovery
Server registry unavailable	Registry service crash or network partition	Gateway caches last-known registry state for 5 minutes; serves stale routes with degraded flag; alert fires immediately
Backend server unreachable	MCP server crash or network issue	Gateway returns `isError: true` tool result with structured error; marks server degraded in registry; activates circuit breaker after N consecutive failures
Auth server unavailable	IdP outage	If JWT validation is local, gateway continues operating; if introspection is required, gateway fails closed (returns 503) rather than failing open
Redis rate limiter unavailable	Cache cluster failure	Gateway fails open on rate limiting (allows traffic) with an alert — failing closed would halt all AI tool access; log the fail-open condition for audit
Audit log pipeline failure	Log ingestion endpoint unreachable	Gateway buffers audit records in memory (up to configurable limit); if buffer full, fails closed on new requests; never loses an audit record silently

14. Regulatory Mapping

Regulation	Clause	Requirement	How Pattern Addresses It
APRA CPS 234	§21	"An APRA-regulated entity must maintain an information security capability commensurate with the size and extent of threats to its information assets"	Gateway-level input validation, payload size limits, and policy engine enforce the information security capability for the entire AI integration surface — one hardened chokepoint rather than N individually hardened servers
APRA CPS 234	§24	Notification of material information security incidents to APRA within 72 hours	Gateway circuit breaker activation log + real-time alerting on audit log gaps provide the detection and evidence basis for the CPS 234 §24 notification obligation
Privacy Act 1988 (Cth)	Schedule 1 APP 11.1	"reasonable steps to protect personal information from misuse, interference and loss"	Per-client capability scoping enforces minimum-necessary access to resources containing personal information; PII field masking in gateway audit log prevents re-identification from log access
EU AI Act	Art. 9(5)	"appropriate data governance and management practices"	Gateway policy engine enforces data classification-based routing rules (e.g., resources tagged `PII:HIGH` are only routable to clients with the appropriate scope); gateway audit log is the governance record
EU AI Act	Art. 15	Accuracy, robustness, and cybersecurity requirements for high-risk AI systems	Gateway enforces maximum payload size limits and rejects malformed JSON-RPC requests before they reach backend systems, reducing the attack surface for injection and resource exhaustion
NIST AI RMF	MANAGE 4.1	Mechanisms to respond to AI risks in real time	Emergency circuit breaker and per-client kill-switch accessible via the gateway admin API satisfy the real-time response requirement

15. Reference Implementations

AWS

Deploy the gateway as an ECS Fargate service (2 replicas across AZs) behind an Application Load Balancer. Use ElastiCache Redis for rate limiting state. Register backend MCP servers in AWS Cloud Map for service discovery. Route audit logs via Kinesis Data Firehose to S3 with server-side encryption and Object Lock for WORM compliance. Use AWS WAF on the ALB to enforce payload size limits and IP-based rate limiting as a first line of defence before gateway application logic.

Azure

Deploy as an Azure Container Apps environment with a minimum of 2 replicas. Use Azure Cache for Redis for rate limiting. Integrate with Azure API Management as the public-facing TLS termination layer, delegating MCP-specific routing to the container app backend. Use Azure Monitor diagnostic settings to route gateway access logs to a Log Analytics Workspace with the immutable log retention policy enabled. Azure Managed Identity handles gateway-to-backend-server authentication, eliminating stored credentials.

On-Premises / Self-Hosted

Package the gateway as a Helm chart deployed to Kubernetes. Use an Istio service mesh for mTLS between the gateway and backend MCP server pods, eliminating the need for application-level certificate management. Deploy Redis Cluster (3 nodes) for HA rate limiting state. Register backend servers in Consul with health checks. Forward audit logs via Fluentd DaemonSet to Elasticsearch with a dedicated index and ILM policy enforcing append-only writes and 7-year retention.

EAAPL-MCP001: MCP Server Design — the foundational server pattern that MCP Gateway routes to and governs
EAAPL-MCP003: Multi-Server Orchestration — using the gateway as the entry point for orchestrated multi-server workflows
EAAPL-MCP004: MCP Authentication & Authorisation — detailed identity and access management patterns enforced at the gateway
EAAPL-AGT003: Agent Tool Registry — enterprise tool catalogue that feeds the gateway's server registry
EAAPL-SEC001: API Security Gateway — parent pattern for enterprise API governance that MCP Gateway specialises

17. Maturity Assessment

Dimension	Level	Notes
Tooling	2	No dedicated MCP gateway product exists yet; pattern is implemented by extending existing API gateways or building custom proxies
Community Adoption	2	Several organisations implementing this pattern in 2025–2026; no de-facto reference implementation has emerged
AU Enterprise Readiness	2	Pattern is architecturally sound but lacks AU-specific reference implementations and vendor support
Regulatory Clarity	2	Regulatory bodies have not yet addressed MCP-specific gateway requirements; mapping to existing API governance frameworks is practitioner-led

18. Revision History

Version	Date	Change
1.0	2026-06-14	Initial release

← Back to Library More Model Context Protocol →