MCP (Model Context Protocol)
MCP is a set of rules that helps AI models communicate and understand context better when working with different apps, tools, or systems.
🔹 Model (🤖) – This is the AI system (like ChatGPT) that processes information.
🔹 Context (🧠) – The background info, memory, or ongoing conversation that the AI uses to give better responses.
🔹 Protocol (📡) – The rules and structure for sharing data and making sure everything runs smoothly.
✅ Helps AI remember useful details in a conversation ✅ Makes AI interactions smarter & more relevant ✅ Allows different apps and AI models to work together
Think of it like a universal translator 🗣️ that makes sure AI models understand and respond correctly across different platforms.
A path to AI agents
MCP can be seen as a gateway to AI agents 🤖 because it helps AI models connect, share context, and work together across different tools, apps, or systems.
Think of MCP like an airport control tower 🏢✈️ that manages how AI agents communicate and exchange information. It ensures that:
✅ AI agents understand the same context ✅ They can work together smoothly ✅ Different models & apps can interact without confusion
This makes AI more powerful and useful by allowing agents to remember, adapt, and take action across various platforms.
Supported MCP features
Otoroshi provides full support for the MCP specification, both as a client (connecting to MCP servers) and as a server (exposing tools to MCP clients).
As an MCP client (MCP Connectors)
MCP Connectors allow Otoroshi to connect to external MCP servers and consume their capabilities:
- Tools (
tools/list,tools/call) - Discover and call tools exposed by MCP servers - Resources (
resources/list,resources/read) - List and read resources (files, data, etc.) from MCP servers - Resource Templates (
resources/templates/list) - List parameterized resource templates - Prompts (
prompts/list,prompts/get) - List and retrieve prompt templates with their arguments
Connectors support several transport kinds (stdio, SSE, Streamable HTTP, WebSocket, and a meta connector that aggregates others). In addition, the OpenAPI connector needs no MCP server at all: it turns any OpenAPI / Swagger spec into MCP tools and calls the target REST API directly.
All these features support filtering (include/exclude patterns) and advanced rules (JsonPath-based access control).
As an MCP server
Otoroshi can expose your tool functions and MCP connectors as an MCP server. The recommended transport is Streamable HTTP; SSE (deprecated), WebSocket (experimental) and a local stdio proxy are also available.
All the exposition settings — filtering, OAuth, scopes, meta mode, rate limiting & caching, managed resources/prompts, overlays, zero-trust controls (anti-rug-pull pinning, prompt-injection scanning, PII/secrets redaction), and registry publication — are bundled in a reusable MCP Virtual Server that the plugins reference with server_ref.
A published virtual server is exposed through the standard MCP registry endpoints (GET /v0/servers, projecting each server to the official server.json), so registry-aware MCP clients discover the governed servers and connect through the gateway.
All transports support the full MCP protocol:
| Method | Description |
|---|---|
tools/list | List available tools |
tools/call | Execute a tool |
resources/list | List available resources |
resources/read | Read a resource by URI |
resources/templates/list | List available resource templates |
prompts/list | List available prompts |
prompts/get | Get a prompt with its messages |
Resources are returned with their uri, name, description, and mimeType. Resource contents can be text or binary (blob). Prompts include their name, description, and arguments (with name, description, and required for each argument). When getting a prompt, the response includes the prompt description and its messages (each with a role and content).
Observability & auditability
Both sides of MCP can be audited, each with its own opt-in audit event:
| Audit event | Side | Emitted when | Enabled by |
|---|---|---|---|
McpAudit | Server / exposition | An external client calls an MCP server Otoroshi exposes | emit_audit_events on the MCP server plugin |
McpClientAudit | Client / connector | Otoroshi calls an upstream MCP server through a connector | audit_events on the MCP connector |
McpZeroTrustAlert | Server / exposition | A zero-trust control fires (rug-pull mutation, guardrail denial, or redaction) | zero_trust controls on the MCP virtual server |
Both produce standard Otoroshi AuditEvents that can be shipped anywhere with data exporters. See the Observability documentation for the full picture.
Otoroshi + MCP = ❤️
With Otoroshi you can use many tools to interact with MCP.
Thanks to our MCP Connectors you can link Otoroshi with your AI provider and an MCP Server.