Gig’MCP
The security-first MCP gateway. Sandboxed servers, credentials that never leave your control.
Kernel-enforced sandboxes
Every community MCP server runs inside bubblewrap with user, PID, mount, and network namespaces, seccomp filters, Landlock, and cgroups. Untrusted code never touches your host.
Credentials stay outside
API keys live in an envelope-encrypted vault and are injected by the egress proxy only on HTTPS calls to allowlisted domains. The key never enters the sandbox.
Signed registry
Servers ship as digest-pinned OCI images with PR-gated entitlement manifests. The gateway verifies a signed index before anything runs.
One MCP endpoint
Aggregate every server behind a single MCP endpoint per profile. Route tools, manage users with OIDC, and audit everything from the dashboard.
Egress allowlists
Each server declares exactly which domains it may reach. The built-in MITM proxy enforces the allowlist by network-namespace identity.
Self-hosted & open source
AGPL-3.0 gateway, Apache-2.0 schema. Run the whole stack on your homelab or VPS with a single docker compose up.
Up and running in one command
git clone https://github.com/gigmcp/gigmcp.git && cd gigmcp
GIG_BEARER_TOKEN=$(openssl rand -hex 32) \
GIG_MASTER_KEY=$(openssl rand -hex 32) \
docker compose up --build -d