One control plane for every AI model

Multi-tenant MCP gateway with identity-verified governance. Tenant isolation, custom connectors, built-in integrations, and a full dashboard — all powered by GatewayStack's open-source modules.

Request beta access View on GitHub

Model-agnostic

Works with ChatGPT, Claude, Cursor, Windsurf, and any MCP client. See exactly which AI is calling, on every request.

IdP-agnostic

Bring your own identity provider. Auth0, Okta, Entra ID, Firebase, or any OIDC/JWKS-compatible issuer. Your users, your rules.

Full audit trail

Every tool call logged with client, user, latency, and result. Filter by AI client, tool, user, or status in real time.

Agentic Control Plane activity log showing tool calls with user identity, status, client, and response time

Every tool call logged with verified identity, client attribution, and latency.

Built-in connectors. Custom APIs. One URL.

Start with pre-built connectors for popular services, or point ACP at any HTTP API and it becomes an MCP tool — with auth, validation, and audit built in.

GitHub

Repos, issues, PRs, code search

Salesforce

Records, queries, objects

Slack

Channels, messages, threads

Jira

Issues, projects, boards

Confluence

Pages, spaces, search

Linear

Issues, projects, teams

Notion

Pages, databases, blocks

HubSpot

Contacts, deals, companies

Google

Drive, Calendar, Gmail

Custom APIs

Any REST endpoint, your schema

Custom connectors are defined in the dashboard — point to any URL, define the input schema, and ACP handles authentication forwarding, SSRF protection, and request validation.

Agentic Control Plane connector marketplace with built-in and custom connectors

Add built-in integrations or define custom HTTP connectors — all governed by the same pipeline.

Everything you need to govern AI access

Tenant isolation

Path-based tenant routing with Firestore-backed configuration. Each tenant gets their own identity-verified gateway endpoint.

Custom connectors

Define HTTP tools in the dashboard. Executed with SSRF protection and auth injection — no custom code required.

Built-in integrations

GitHub, Salesforce, and custom API connectors out of the box. Connect your existing tools to the governance pipeline.

Dashboard UI

Web interface for managing connectors, tools, policies, and audit logs. No CLI or config files needed for day-to-day operations.

MCP + ChatGPT Apps SDK

Native support for both protocols with identity threading. Connect AI clients through standardized, identity-verified endpoints.

Audit logs

Every tool call is logged with verified user identity, tenant context, and policy decisions. Exportable for compliance review.

Agentic Control Plane content policy with PII detection, risk scoring, and automatic redaction

PII detection, risk-score blocking, and automatic redaction — configured per tenant, no code required.

How it works

1

Sign in

Authenticate with your identity provider. Supports Auth0, Okta, Entra ID, and any OIDC-compliant provider.

2

Create a tenant

Each tenant gets an isolated gateway endpoint, its own configuration, and separate audit logs.

3

Configure your IdP

Point your identity provider at the tenant's audience. Connect handles JWKS discovery and token verification.

4

Connect integrations

Add built-in integrations or define custom connectors. Each connector runs through the full governance pipeline.

5

Monitor

View audit logs, track usage, and manage policies from the dashboard. Every request is attributed to a verified user.

Integration examples

Connect integrations are HTTP tools that run through the full governance pipeline. Define them in the dashboard or use built-in connectors.

GitHub — list repositories

Built-in integration. Connects to GitHub's API with OAuth token forwarding. The gateway verifies the caller's identity, checks their permissions, and logs the request before forwarding to GitHub.

tool: github_list_repos
auth: forward_bearer
endpoint: GET api.github.com/user/repos
scopes: tool:github:read

Custom connector — internal API

Define any HTTP tool in the dashboard. Connect injects authentication, enforces SSRF protection, and applies your tenant's policies. No code required.

tool: lookup_customer
auth: service_oauth
endpoint: POST crm.internal/api/customers
scopes: tool:crm:read

Built on open source

Connect runs all six GatewayStack modules in its request pipeline. Every tool call is identified, transformed, validated, rate-limited, routed, and audited — same governance engine, managed for you.

What Connect adds on top: multi-tenant isolation, a web dashboard for configuration and audit review, built-in integrations (GitHub, Salesforce), custom HTTP connectors, and deployment on Cloud Run with Firestore-backed config.

See the architecture View on GitHub

Ready to get started?

Request beta access and start governing AI access in minutes.

Request beta access See pricing