I couldn't find anything else to do exactly what I wanted (or wasn't just a blatent rugpull towards "enterprise pricing" waiting to happen) so I slopped together an MCP Proxy that uses FastMCP to proxy a list of upstream MCPs behind Entra oauth, with CEL-expressions for per-tool RBAC.
The peace of mind it brought not trusting other people's slopped out MCPs to do the right thing with authentication is immense.
It's internal only, but it was a Fable 5 one-shot (3 shot if you count a second prompt to generate the Helm Chart and docs site) that you could DIY because the FastMCP library is extremely sensible and well-documented.
Nice. Basically, I see 3 ways the MCP ecosystem converging
- Centralized, well trusted sources for MCP servers
- Technical people like you creating their own, private MCPs for specific use cases
- An MCP governance layer that brings a bit of sense into this new world
Otherwise, it’s a security time bomb. We already see MCP specific attacks out in the wild.
MCP is basically web services for AI tools, thus the same care should be in place for security, unfortunely that isn't what happens, thus as usual DevSecOps will have lots of fun.
I couldn't find anything else to do exactly what I wanted (or wasn't just a blatent rugpull towards "enterprise pricing" waiting to happen) so I slopped together an MCP Proxy that uses FastMCP to proxy a list of upstream MCPs behind Entra oauth, with CEL-expressions for per-tool RBAC.
The peace of mind it brought not trusting other people's slopped out MCPs to do the right thing with authentication is immense.
It's internal only, but it was a Fable 5 one-shot (3 shot if you count a second prompt to generate the Helm Chart and docs site) that you could DIY because the FastMCP library is extremely sensible and well-documented.
Nice. Basically, I see 3 ways the MCP ecosystem converging
- Centralized, well trusted sources for MCP servers - Technical people like you creating their own, private MCPs for specific use cases - An MCP governance layer that brings a bit of sense into this new world
Otherwise, it’s a security time bomb. We already see MCP specific attacks out in the wild.
MCP is basically web services for AI tools, thus the same care should be in place for security, unfortunely that isn't what happens, thus as usual DevSecOps will have lots of fun.