io.github.titus-civic/mcp-gateway
Identity, authorization, audit trails, and revocable permissions for AI agents accessing MCP tools.
Ask AI about io.github.titus-civic/mcp-gateway
Powered by Claude Β· Grounded in docs
I know everything about io.github.titus-civic/mcp-gateway. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
Civic MCP Gateway
Connecting AI Agents to tools and data via the Civic MCP Gateway gives builders access to guardrails, scoped permissions, audit trails, and revocable access when calling MCP tools. Civic separates the permission layer from the AI agent so they can't get around restrictions.
This repository contains integration metadata, configuration files, and client examples. The gateway itself runs at app.civic.com.
What it does
Without an identity layer, any AI agent can call any MCP tool with no record of who authorized it, what it accessed, or how to revoke its access. Civic fixes that:
- Agent identity β agents authenticate with a Civic-issued bearer token
- Scoped permissions β grant agents access to specific tools only
- Audit trail β every tool call is logged with agent identity and timestamp
- Revocable access β revoke a token and the agent loses access immediately
- Guardrails β rate limits, approval workflows, and deny lists via the configurator
MCP Endpoint
https://app.civic.com/hub/mcp
Transport: Streamable HTTP Auth: Bearer token (generated at app.civic.com)
Quickstart
1. Get a token
Sign in at app.civic.com and generate a bearer token from the onboarding flow.
2. Configure your MCP client
Claude Desktop β native Streamable HTTP:
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"civic": {
"url": "https://app.civic.com/hub/mcp"
}
}
}
Claude Code β native HTTP transport (no bridge needed):
claude mcp add --transport http civic https://app.civic.com/hub/mcp
Or for stdio via Hub Bridge:
claude mcp add civic "npx @civic/hub-bridge"
Cursor β native Streamable HTTP:
Add to your Cursor MCP config:
{
"mcpServers": {
"civic": {
"url": "https://app.civic.com/hub/mcp"
}
}
}
Cline (VS Code) β add to cline_mcp_settings.json:
{
"mcpServers": {
"civic": {
"url": "https://app.civic.com/hub/mcp",
"headers": {
"Authorization": "Bearer YOUR_CIVIC_TOKEN"
}
}
}
}
Windsurf β native Streamable HTTP, no bridge required:
Add to ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"civic": {
"serverUrl": "https://app.civic.com/hub/mcp"
}
}
}
Windsurf handles OAuth automatically on first connection.
3. Optional: lock to a profile
Append ?profile=your-toolkit to scope the gateway to a specific configuration:
https://app.civic.com/hub/mcp?profile=your-toolkit
Automated agents (token-based auth)
For non-interactive agents that can't complete an OAuth flow, generate a bearer token at app.civic.com and pass it directly:
curl -X POST https://app.civic.com/hub/mcp \
-H "Authorization: Bearer $CIVIC_TOKEN" \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"tools/list","id":1}'
Install from a registry
| Registry | Link |
|---|---|
| Smithery | smithery.ai/servers/@civic/civic-mcp-gateway |
| ClawHub | clawhub.ai/civictechuser/openclaw-civic-skill |
Example use cases
| Use case | What Civic adds |
|---|---|
| Gmail guardrails & audit | Block outbound sends with secrets, redact PII from email content, log every send |
| Google Calendar guardrails & audit | Prevent event deletion, restrict to business hours, block external attendees |
| PostgreSQL guardrails & audit | Block destructive queries, enforce read-only access, redact sensitive columns |
Documentation
Full documentation at docs.civic.com
Working example
See civicteam/nexus-demo for a full client integration using Next.js, federated auth, and MCP tool visualization.
License
MIT