A centralized gateway for managing and connecting to multiple MCP (Model Context Protocol) servers. Provides secure, scalable access to MCP servers with SSO authentication, session isolation, and central management.
π’ Community Edition - This is the free, open-source version. For enterprise features like Azure AD SSO, Teams, AI Guardrails, Whitelabeling, and more, see COMMERCIAL.md
- π GitHub OAuth - User authentication with GitHub
- π€ Admin Panel - Create and manage users
- π― MCP Server Management - Configure GitHub, Gmail, Google Tasks, Slack, and more
- π OAuth Provider Management - Centralized OAuth credentials per server
- π οΈ Tool Management - Enable/disable tools organization-wide
- π Per-User Session Isolation - Isolated user contexts per MCP server
- π₯ User Dashboard - Connect and authorize MCP servers
- π Docker Compose Deployment - Single command deployment
- π API Documentation - Full OpenAPI/Swagger docs
Need more advanced features? Check out our Enterprise Edition which includes:
- β Azure AD / SAML SSO - Enterprise identity integration
- π₯ Teams & Groups - Organize users, team-based permissions
- π‘οΈ AI Guardrails - Content filtering, PII detection, DLP
- π¨ Whitelabeling - Custom branding, domain, remove Arka branding
- π Advanced Permissions - Per-user/team tool overrides
- π Audit Logs - Full compliance trail, SIEM integration
- π° Cost Management - Usage analytics, budget controls
- π Enterprise Security - CMEK, MFA, IP controls
- π 24/7 Support - Priority support with SLA
Learn more about Enterprise Edition β
- Docker and Docker Compose
- Domain name (for production) or localhost (for local development)
git clone https://github.com/KenisLabs/arka-mcp-gateway.git
cd arka-mcp-gateway# Generate JWT secret key (save this output)
openssl rand -hex 32
# Generate encryption key (save this output)
python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"Create .env.production file in the root directory:
# Database Configuration
POSTGRES_DB=arka_mcp_gateway
POSTGRES_USER=postgres
POSTGRES_PASSWORD=your_secure_password
POSTGRES_PORT=5432
# JWT Configuration (use output from openssl command)
ARKA_JWT_SECRET_KEY=<your_jwt_secret_here>
ARKA_JWT_ALGORITHM=HS256
ARKA_JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
ARKA_JWT_REFRESH_TOKEN_EXPIRE_DAYS=7
# Encryption (use output from python command)
ARKA_ENCRYPTION_KEY=<your_encryption_key_here>
# Application URLs
# For local development:
ARKA_FRONTEND_URL=http://localhost
ARKA_BACKEND_URL=http://localhost:8000
# For production:
# ARKA_FRONTEND_URL=https://your-domain.com
# ARKA_BACKEND_URL=https://your-domain.com
ARKA_WORKER_URL=http://worker:8001
# GitHub User OAuth (for user login)
# Create OAuth App at: https://github.com/settings/developers
# Callback URL: http://localhost:8000/auth/github/callback
ARKA_GITHUB_USER_OAUTH_CLIENT_ID=your_github_oauth_client_id
ARKA_GITHUB_USER_OAUTH_CLIENT_SECRET=your_github_oauth_client_secret
# Optional: Azure OAuth (for user login)
# ARKA_AZURE_CLIENT_ID=your_azure_client_id
# ARKA_AZURE_CLIENT_SECRET=your_azure_client_secret
# ARKA_AZURE_TENANT_ID=your_azure_tenant_id
# Ports
FRONTEND_PORT=80
BACKEND_PORT=8000
WORKER_PORT=8001docker-compose --env-file .env.production -f docker-compose.yml up -d# Create the initial admin user
curl -X POST http://localhost:8000/auth/admin/bootstrap
# Response will contain admin credentials - save them securely!
# Default: admin@example.com / <generated_password>- Frontend: http://localhost
- Admin Login: Use credentials from bootstrap step
- API Docs: http://localhost:8000/docs
βββββββββββββββ
β Nginx β β Frontend (React + Vite)
β (Port 80) β
ββββββββ¬βββββββ
β
βββ /api/* βββββββββββββββ
β βΌ
β ββββββββββββββββ ββββββββββββββββ
β β Backend ββββββββ PostgreSQL β
β β (Port 8000) β β (Port 5432) β
β ββββββββ¬ββββββββ ββββββββββββββββ
β β
β β
βββ /mcp βββββββββββββ
β
βΌ
ββββββββββββββββ
β Worker β β MCP Server Processes
β (Port 8001) β
ββββββββ¬ββββββββ
β
βββββββββββ΄βββββββββ¬βββββββββββ¬ββββββββββ
βΌ βΌ βΌ βΌ
GitHub MCP Gmail MCP Slack MCP ...
- Go to https://github.com/settings/developers
- Create a New OAuth App
- Set these values:
- Application name: Arka MCP Gateway
- Homepage URL:
http://localhost(or your domain) - Authorization callback URL:
http://localhost:8000/auth/github/callback
- Copy Client ID and Client Secret to
.env.production
- Go to Azure Portal β App Registrations
- Create a new registration
- Add redirect URI:
http://localhost:8000/auth/azure/callback - Create a client secret
- Copy values to
.env.production
Important: All MCP server OAuth credentials must be configured via the Admin UI. Environment variables are not supported for MCP servers.
After logging in as admin:
- Navigate to Admin Dashboard β MCP Server Management
- Click Add MCP Server or configure existing servers
- Add OAuth credentials for each MCP server:
- GitHub MCP: Requires GitHub OAuth App
- Gmail MCP: Requires Google Cloud OAuth credentials
- Google Calendar MCP: Requires Google Cloud OAuth credentials
- Google Tasks MCP: Requires Google Cloud OAuth credentials
- Slack MCP: Requires Slack App credentials
- Log in as admin
- Go to MCP Server Management
- Click Browse Catalog to see available servers
- Select a server and configure OAuth credentials
- Enable the server for your organization
- Users can then authorize and connect to the server
cd backend
# Create virtual environment
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
# Install dependencies
pip install -r requirements.txt
# Run backend
uvicorn main:app --reload --host 0.0.0.0 --port 8000cd frontend
# Install dependencies
npm install
# Run dev server
npm run devdocker run -d \
--name arka-postgres \
-e POSTGRES_PASSWORD=postgres \
-e POSTGRES_DB=arka_mcp_gateway \
-p 5432:5432 \
postgres:16-alpine# View logs
docker-compose logs backend
docker-compose logs frontend
docker-compose logs postgres
# Restart services
docker-compose restart backend
# Rebuild after code changes
docker-compose build frontend
docker-compose up -d1. Database connection fails
# Check if postgres is running
docker-compose ps
# Check database logs
docker-compose logs postgres2. OAuth callback errors
- Verify callback URLs in OAuth provider settings match your
ARKA_BACKEND_URL - For GitHub: Should be
{BACKEND_URL}/auth/github/callback - For MCP servers: Should be
{BACKEND_URL}/servers/{server-id}/auth-callback
3. Admin bootstrap fails
# Check if admin already exists in database
docker-compose exec postgres psql -U postgres -d arka_mcp_gateway -c "SELECT email, role FROM users WHERE role='admin';"
# If admin exists, you can reset password via database4. Frontend can't reach backend
- Check nginx configuration in
frontend/nginx.conf - Verify backend container is running:
docker-compose ps backend - Check backend health:
curl http://localhost:8000/health
- FastAPI - Modern async Python web framework
- PostgreSQL - Primary database
- SQLAlchemy - Async ORM
- JWT - Token-based authentication
- Cryptography - Fernet encryption for OAuth secrets
- Uvicorn - ASGI server
- React 18 - UI library
- Vite - Build tool and dev server
- Tailwind CSS - Styling
- shadcn/ui - Component library
- React Router - Client-side routing
- Docker - Containerization
- Docker Compose - Multi-container orchestration
- Nginx - Reverse proxy and static file serving
- JWT Tokens: HTTP-only cookies prevent XSS attacks
- OAuth Credentials: Encrypted at rest using Fernet (AES-128)
- Password Hashing: bcrypt for admin passwords
- CORS: Restricted to frontend URL
- Rate Limiting: Applied to authentication endpoints
- HTTPS Ready: Use SSL/TLS in production
arka-mcp-gateway/
βββ backend/ # FastAPI backend
β βββ main.py # Application entry point
β βββ auth/ # Authentication modules
β βββ gateway/ # MCP gateway logic
β βββ database.py # Database configuration
β βββ requirements.txt # Python dependencies
βββ frontend/ # React frontend
β βββ src/
β β βββ pages/ # Page components
β β βββ components/ # Reusable components
β β βββ lib/ # Utilities
β βββ nginx.conf # Nginx configuration
β βββ package.json # Node dependencies
βββ shared/ # Shared configuration
β βββ mcp_servers_catalog.json
βββ docker-compose.yml # Docker orchestration
βββ .env.production # Production environment variables
βββ README.md # This file
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch:
git checkout -b feature/your-feature - Commit changes:
git commit -am 'Add feature' - Push to branch:
git push origin feature/your-feature - Submit a pull request
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Discord: Join our community
- Enterprise Support: Schedule a call
- Email: support@kenislabs.com
Built with β€οΈ by KenisLabs