Skip to main content
mcp-gate speaks the MCP protocol over HTTP. Your MCP client connects to this endpoint instead of the upstream server. All tools/call methods are evaluated against your policies. Base URL: https://<project-ref>.supabase.co/functions/v1/mcp-gate Required scope: mcp (falls back to evaluate) Transport: Streamable HTTP / SSE endpoint over HTTP POST (not stdio)

Authentication

Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
X-Agent-Id: my-agent-name  (optional, recorded in audit logs)

initialize

POST /functions/v1/mcp-gate/sse

curl -X POST \
  "https://<project-ref>.supabase.co/functions/v1/mcp-gate/sse" \
  -H "Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize"}'

// Response
{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "protocolVersion": "2024-11-05",
    "capabilities": { "tools": { "listChanged": false } },
    "serverInfo": { "name": "sentrail-mcp-gate", "version": "1.0.0" }
  }
}

tools/list

curl -X POST \
  "https://<project-ref>.supabase.co/functions/v1/mcp-gate/sse" \
  -H "Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/list"}'

// Response (forwarded from upstream, cached 60s)
{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "tools": [
      {
        "name": "create_issue",
        "description": "Create a GitHub issue",
        "inputSchema": {
          "type": "object",
          "properties": {
            "title": { "type": "string" },
            "body": { "type": "string" }
          },
          "required": ["title"]
        }
      }
    ]
  }
}

tools/call

curl -X POST \
  "https://<project-ref>.supabase.co/functions/v1/mcp-gate/sse" \
  -H "Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "X-Agent-Id: my-agent" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tools/call",
    "params": {
      "name": "create_issue",
      "arguments": {
        "title": "Fix login bug",
        "body": "The logout button is broken."
      }
    }
  }'
Allow response: 
{
  "jsonrpc": "2.0",
  "id": 3,
  "result": {
    "content": [{ "type": "text", "text": "Issue created: #42" }],
    "_meta": {
      "sentrail": {
        "status": "allowed",
        "auditLogId": "7c9e6679-...",
        "correlationId": "550e8400-...",
        "matchedPolicyId": "b3c4d5e6-..."
      }
    }
  }
}
Block response: 
{
  "jsonrpc": "2.0",
  "id": 3,
  "error": {
    "code": -32001,
    "message": "Blocked by Sentrail policy",
    "data": {
      "reason": "Policy 'Block delete operations' matched",
      "auditLogId": "...",
      "correlationId": "...",
      "matchedPolicyId": "..."
    }
  }
}
Require approval response: 
{
  "jsonrpc": "2.0",
  "id": 3,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "⏳ Sentrail requires approval before running `create_issue`. Poll /mcp-gate/status/APPROVAL_ID for the decision."
      }
    ],
    "isError": false,
    "_meta": {
      "sentrail": {
        "status": "require_approval",
        "approvalRequestId": "550e8400-e29b-41d4-a716-446655440000",
        "auditLogId": "...",
        "correlationId": "..."
      }
    }
  }
}

Status polling

GET /functions/v1/mcp-gate/status/:approvalId
Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

{
  "ok": true,
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "status": "executed",
  "reviewedAt": "2026-04-20T10:35:00.000Z",
  "reviewedBy": "user-uuid",
  "reviewReason": "Looks good",
  "executionResult": { "content": [{ "type": "text", "text": "Issue created: #42" }] },
  "expiresAt": "2026-04-21T10:00:00.000Z"
}

JSON-RPC error codes

CodeMeaning
-32001Action blocked by Sentrail policy
-32000Internal Sentrail error
-32602Invalid params (missing name in tools/call)

Status codes

HTTP CodeMeaning
200RPC processed (check error field in body for RPC-level errors)
400Invalid JSON body
401Invalid or expired API key
405Method not allowed
424No MCP server connected for this workspace
500Internal error