Enterprise Runtime

MCP Gateway

The Enterprise Runtime for AI Agents

A production-grade .NET gateway that connects AI agents to enterprise systems through the Model Context Protocol. Handles authentication, authorization, session management, and tool execution — so your agents don't have to.

Start a Proof of Concept View Technical Architecture

Multi-tenant

Single Deployment

Auth Methods

34+

Built-in Tools

580+

Unit Tests

Architecture

How MCP Gateway connects agents to enterprise systems

Your agents talk to MCP Gateway. MCP Gateway talks to ServiceNow, OneDrive, Outlook, and your custom APIs. Security, access control, and monitoring happen in one place.

    AI Agent Platforms
    (Copilot Studio, Bedrock, Vertex AI, Claude, Custom)
                      |
                MCP Protocol
                      |
          +-----------------------+
          |     MCP Gateway       |
          |   (.NET 10.0 API)     |
          +-----------------------+
          | Authentication Layer  |  API Key / JWT / OAuth 2.1 / mTLS
          | Session Management    |  8-hour idle timeout, auto-recovery
          | Access Control        |  Namespace-based, deny-by-default
          | Tool Router           |  Agent -> Namespace -> Plugin -> Tool
          +-----------------------+
          |   Plugin Ecosystem    |
          | +-------+ +--------+ |
          | |Service| |Document| |  ServiceNow, PDF/Excel, OneDrive,
          | | Now   | | Plugin | |  Outlook, DateTime, Weather, Echo
          | +-------+ +--------+ |
          | +-------+ +--------+ |
          | |OneDrive| | Email | |  + your custom plugins
          | +-------+ +--------+ |
          +-----------------------+
                      |
            Enterprise Systems
      (ServiceNow, Microsoft 365, Custom APIs)

.NET 10.0, ASP.NET Core

Technology Stack

MCP Spec 2025-03-26

Protocol Compliance

Streamable HTTP + SSE

Transport Modes

Core Capabilities

Enterprise-grade infrastructure built into every layer

Multi-Tenant by Design

Serve multiple agents from a single deployment. Each agent gets its own identity, API credentials, and tool access permissions. No cross-contamination — agents only see tools in their authorized namespaces.

Agent: "expense-agent"
  Allowed: [documents, onedrive, email]
  Rate Limit: 100 req/min

Agent: "it-support"
  Allowed: [servicenow, datetime]
  Rate Limit: 200 req/min

Agent: "dev-test"
  Allowed: [echo, datetime, weather]
  Rate Limit: 50 req/min

Enterprise Authentication

Five authentication modes for every deployment scenario. OAuth 2.1 with Dynamic Client Registration enables Copilot Studio's automatic discovery.

Method	Use Case
API Key	Simple agent-to-gateway auth, SHA256 hashed
JWT (Entra ID)	Enterprise SSO pass-through
OAuth 2.1 + DCR	Copilot Studio Dynamic Discovery
mTLS	Zero-trust environments, mutual certificates
User Token (OBO)	Delegated access, On-Behalf-Of flows

Session Management

Agent-scoped sessions with identity and namespace permissions. Automatic recovery ensures continuity — if a session expires mid-conversation, the gateway transparently recreates it.

8-Hour Timeout

Covers a full workday

Auto-Recovery

No user disruption

1,000 Concurrent

Configurable limits

Session Affinity

SSE transport support

Namespace-Based Access Control

Every tool belongs to a namespace. Agents are granted access to namespaces, not individual tools. Deny-by-default means new agents start with zero access.

New tools added to a namespace are automatically available to authorized agents

New agents start with zero access — you explicitly grant what they need

Unauthorized tool calls return 403 Forbidden with clear error messages

Plugin Ecosystem

7 production-ready plugins, 34+ tools

MCP Gateway ships with a comprehensive plugin library covering ITSM, document generation, file management, email, and more.

ServiceNow Plugin

Enterprise ITSM

14 tools

Full ServiceNow integration: incidents, knowledge base, service catalog, user management. Circuit breaker pattern, retry with exponential backoff, response caching, multi-layer rate limiting.

get_current_user / get_user_info

get_user_tickets / get_incident

create_incident / update_incident

search_knowledge / list_knowledge_articles

search_catalog / list_catalog_items

create_catalog_request / get_catalog_request

580+ unit tests · 4 auth modes · Production hardened

Documents Plugin

Report Generation

2 tools

PDF expense reports with receipt images and Excel reports with real-time currency conversion.

OAuth OBO flow · AppFolder scoping · SHA256 token cache

OneDrive Plugin

File Operations

8 tools

Read, create, update, upload, delete files and folders. Resumable chunked uploads for files over 4MB.

Sandboxed AppFolder access · Graph API integration

Email Plugin

Outlook Integration

1 tool

Send emails with OneDrive attachments. Email validation, 10MB attachment limit, retry logic.

3 retry attempts · 5 concurrent max

DateTime Plugin

Time Operations

4 tools

Current time, timezone conversion, duration calculation, date formatting.

Weather Plugin

Weather Data

2 tools

Current weather and 7-day forecasts by location. Open-Meteo API — free, no auth required.

Echo Plugin

Testing & Debugging

3 tools

Message echo, JSON reflection with type info, configurable delay echo for timeout testing.

Extensibility

Build custom plugins in minutes

MCP Gateway's plugin architecture makes it straightforward to add new integrations. Implement the interface, register the plugin, configure agent access, deploy.

C# · IToolPlugin Interface

public class MyPlugin : IToolPlugin
{
    public string Namespace => "my_service";
    public string DisplayName => "My Service";

    public IReadOnlyList<ToolDescriptor> GetTools() => [
        new ToolDescriptor("my_tool", "Does something useful",
            inputSchema: JsonSchema.FromType<MyInput>())
    ];

    public async Task<ToolResult> ExecuteAsync(
        string toolName, JsonElement arguments, CancellationToken ct)
    {
        // Your integration logic here
        return ToolResult.Success(result);
    }
}

The gateway handles authentication, session management, access control, and monitoring automatically.

Deployment & Operations

Production-ready from day one

Cloud Deployment

Primary deployment on Azure App Service with Azure Developer CLI (azd up). Alternative: Azure Container Apps, Kubernetes, Docker.

Infrastructure as Code (Bicep):

App Service configuration
Application Insights monitoring
Azure Key Vault for secrets
Resource group organization

CI/CD Pipeline

Pre-built Azure Pipelines configuration with multi-environment deployment support.

Build stage (restore, compile, publish)
Multi-environment (Dev, UAT, Production)
Parameterized environments with service connections
Artifact-based deployment

Health Monitoring

Built-in health check endpoints for Kubernetes and load balancer probes.

Endpoint	Purpose
GET /health	Overall health status
GET /health/ready	Kubernetes readiness probe
GET /health/live	Kubernetes liveness probe

Observability

Structured logging with Serilog, request correlation IDs, and OpenTelemetry metrics compatible with Application Insights and Prometheus.

OpenTelemetry Metrics:

mcp_gateway_requests_total

mcp_gateway_request_duration_seconds

mcp_gateway_active_sessions

mcp_gateway_tool_executions_total

Protocol Support

MCP Specification 2025-03-26

Full implementation of the Model Context Protocol with modern and legacy transport support.

Supported Messages

Message	Support
initialize	Session establishment and capability negotiation
tools/list	Agent-filtered tool listing
tools/call	Authorized tool execution with timeout enforcement
ping	Keep-alive for session maintenance

Transport Modes

Streamable HTTP (Default)

Modern, stateless-or-persistent transport. Recommended for all new integrations.

SSE (Legacy)

Server-Sent Events for backward compatibility with older MCP clients.

Platform Integration

Connect any AI agent platform

Native patterns for Microsoft, AWS, Google, and direct MCP client connections.

Microsoft Copilot Studio

Native integration via custom connector. Supports Dynamic Discovery mode via OAuth 2.1 + DCR endpoints.

1.Agent authenticates via Entra ID (Teams SSO)
2.Copilot Studio calls MCP Gateway connector
3.Gateway validates agent identity + user token
4.Tools execute with user context (OBO)
5.Results formatted as Adaptive Cards in Teams

AWS Bedrock

Lambda proxy pattern for seamless Bedrock Agent integration.

1.Bedrock Agent action group invokes Lambda
2.Lambda calls MCP Gateway via HTTP
3.Gateway executes tools and returns results
4.Lambda formats response for Bedrock

Google Vertex AI uses the same Cloud Function proxy pattern.

Direct Integration

Any MCP-compatible client can connect directly to the gateway.

Claude Code / Claude Desktop
Custom applications using MCP SDKs
Testing and development tools
Google Vertex AI (Cloud Function proxy)

Security Posture

Defense in depth, built into the runtime

Every layer of MCP Gateway enforces security controls. No bolt-on security — it's the architecture.

Control	Implementation
Authentication	5 methods including mTLS and OAuth 2.1
Authorization	Namespace-based, deny-by-default
Token Storage	In-memory only, SHA256 hashed keys, per-request isolation
Scope Management	Least-privilege (AppFolder only for OneDrive)
Rate Limiting	Per-agent, configurable requests/minute + burst
Resilience	Circuit breaker, exponential backoff, timeout enforcement
Secrets	Environment variables (Azure Key Vault recommended for production)
Transport	HTTPS required, mTLS optional
Session Security	Configurable idle timeout, maximum concurrent limits
Token Forwarding	Only Azure AD tokens forwarded; self-issued/DCR tokens filtered

Ready to connect your agents to enterprise systems?

MCP Gateway gives your AI agents secure, governed access to ServiceNow, Microsoft 365, and your custom APIs — with enterprise authentication, multi-tenancy, and full observability built in.

Start a Proof of Concept Explore Build Studio

Australian entity · ISO 27001 certified · Your data stays yours