> For the complete documentation index, see [llms.txt](https://docs.vngcloud.vn/vng-cloud-document/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vngcloud.vn/vng-cloud-document/ai-stack/agent-base/mcp-governance/mcp-gateway.md).

# MCP Gateway

MCP Gateway gives you centralized control over all MCP tool calls from agents to external services — authentication and Policy Group enforcement — without changing agent code.

***

## Architecture

Every MCP tool call from an agent passes through the MCP Gateway (Kong OSS) before reaching an MCP Tool Server. LLM calls follow a separate path through the Sidecar LLM Proxy (auto-injected, bypasses Kong).

***

## Key Components

### Inbound Authentication

Controls how agents authenticate when calling the gateway. Three modes are supported:

* **IAM Permissions** — uses the GreenNode AI Platform IAM token
* **JSON Web Tokens (JWT)** — the agent attaches a JWT; the gateway validates it using a Discovery URL (automatically fetches and refreshes public keys) or inline JWKS. This is the default mode.
* **No authorization** — gateway is publicly accessible with no access control

The JWT claim used as the principal when enforcing Policy Group is configured via the **Principal claim** field (default `sub`).

### MCP Servers (Outbound)

Each gateway can route to multiple MCP Tool Servers. For each server, you configure:

* **MCP endpoint URL** — the URL of the MCP server
* **Outbound Auth** — how the gateway authenticates when calling out: OAuth 2.0, API Key, or No authentication
* **Mode** — `2LO (Machine to machine)` for service-to-service flows; `3LO (User federation)` when user redirect is needed (Return URL required)

Secrets (client credentials) are sourced from the **Identity** component — the gateway references the secret without storing it directly.

### Policy Group

A Policy Group is a set of rules defining which agents can call which tools under which conditions. A gateway can attach at most **1 Policy Group**.

Each MCP tool call goes through the following evaluation pipeline:

1. Validate API Key (Inbound Auth)
2. Evaluate Policy Group rules in `order` sequence
3. First match wins: **ALLOW** → forward to MCP server; **DENY** → return 403
4. No rule matches → hard-block 403

{% hint style="warning" %}
If a gateway has no Policy Group attached, **all** MCP tool calls are blocked with 403 (`No policy allows this request`). Always attach a Policy Group before agents start calling through the gateway.
{% endhint %}

`tools/list` always bypasses policy evaluation — only `tools/call` goes through it.

### Network & Compute

* **Public** — The system manages zone assignment automatically; no zone selection required
* **Private** — select VPC and Subnet; zone is inferred from the selected subnet; DNS resolution must be enabled in the VPC

Compute consists of **Flavor** (vCPU / RAM) and **Replicas** (1–10 instances) to ensure HA and throughput.

***

## MCP Gateway vs Sidecar LLM Proxy

|                        | MCP Gateway                   | Sidecar LLM Proxy                   |
| ---------------------- | ----------------------------- | ----------------------------------- |
| **Handles**            | MCP tool calls (`tools/call`) | LLM calls                           |
| **Infrastructure**     | Kong OSS, created on demand   | Auto-injected at agent creation     |
| **Endpoint**           | Configured in the portal      | `localhost:18080` (in agent config) |
| **Policy enforcement** | Yes — via Policy Group        | No                                  |

***

## Get Started

| I want to...                            | Go to                                                                                                          |
| --------------------------------------- | -------------------------------------------------------------------------------------------------------------- |
| Create my first MCP Gateway             | [Manage MCP Gateway](/vng-cloud-document/ai-stack/agent-base/mcp-governance/mcp-gateway/manage-mcp-gateway.md) |
| Understand what MCP Governance includes | [MCP Governance](/vng-cloud-document/ai-stack/agent-base/mcp-governance.md)                                    |


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vngcloud.vn/vng-cloud-document/ai-stack/agent-base/mcp-governance/mcp-gateway.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.