MCP Gate API: JSON-RPC endpoint with policy gating

mcp-gate speaks the MCP protocol over HTTP. Your MCP client connects to this endpoint instead of the upstream server. All tools/call methods are evaluated against your policies. Base URL: https://<project-ref>.supabase.co/functions/v1/mcp-gate Required scope: mcp (falls back to evaluate) Transport: Streamable HTTP / SSE endpoint over HTTP POST (not stdio)

Authentication

Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
X-Agent-Id: my-agent-name  (optional, recorded in audit logs)

initialize

POST /functions/v1/mcp-gate/sse

curl -X POST \
  "https://<project-ref>.supabase.co/functions/v1/mcp-gate/sse" \
  -H "Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"initialize"}'

// Response
{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {
    "protocolVersion": "2024-11-05",
    "capabilities": { "tools": { "listChanged": false } },
    "serverInfo": { "name": "sentrail-mcp-gate", "version": "1.0.0" }
  }
}

tools/list

curl -X POST \
  "https://<project-ref>.supabase.co/functions/v1/mcp-gate/sse" \
  -H "Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":2,"method":"tools/list"}'

// Response (forwarded from upstream, cached 60s)
{
  "jsonrpc": "2.0",
  "id": 2,
  "result": {
    "tools": [
      {
        "name": "create_issue",
        "description": "Create a GitHub issue",
        "inputSchema": {
          "type": "object",
          "properties": {
            "title": { "type": "string" },
            "body": { "type": "string" }
          },
          "required": ["title"]
        }
      }
    ]
  }
}

tools/call

curl -X POST \
  "https://<project-ref>.supabase.co/functions/v1/mcp-gate/sse" \
  -H "Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  -H "X-Agent-Id: my-agent" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 3,
    "method": "tools/call",
    "params": {
      "name": "create_issue",
      "arguments": {
        "title": "Fix login bug",
        "body": "The logout button is broken."
      }
    }
  }'

Allow response:

{
  "jsonrpc": "2.0",
  "id": 3,
  "result": {
    "content": [{ "type": "text", "text": "Issue created: #42" }],
    "_meta": {
      "sentrail": {
        "status": "allowed",
        "auditLogId": "7c9e6679-...",
        "correlationId": "550e8400-...",
        "matchedPolicyId": "b3c4d5e6-..."
      }
    }
  }
}

Block response:

{
  "jsonrpc": "2.0",
  "id": 3,
  "error": {
    "code": -32001,
    "message": "Blocked by Sentrail policy",
    "data": {
      "reason": "Policy 'Block delete operations' matched",
      "auditLogId": "...",
      "correlationId": "...",
      "matchedPolicyId": "..."
    }
  }
}

Require approval response:

{
  "jsonrpc": "2.0",
  "id": 3,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "⏳ Sentrail requires approval before running `create_issue`. Poll /mcp-gate/status/APPROVAL_ID for the decision."
      }
    ],
    "isError": false,
    "_meta": {
      "sentrail": {
        "status": "require_approval",
        "approvalRequestId": "550e8400-e29b-41d4-a716-446655440000",
        "auditLogId": "...",
        "correlationId": "..."
      }
    }
  }
}

Status polling

GET /functions/v1/mcp-gate/status/:approvalId
Authorization: Bearer agk_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

{
  "ok": true,
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "status": "executed",
  "reviewedAt": "2026-04-20T10:35:00.000Z",
  "reviewedBy": "user-uuid",
  "reviewReason": "Looks good",
  "executionResult": { "content": [{ "type": "text", "text": "Issue created: #42" }] },
  "expiresAt": "2026-04-21T10:00:00.000Z"
}

JSON-RPC error codes

Code	Meaning
`-32001`	Action blocked by Sentrail policy
`-32000`	Internal Sentrail error
`-32602`	Invalid params (missing `name` in tools/call)

Method allow-list

Only the following JSON-RPC methods are permitted through mcp-gate:

Method	Behavior
`initialize`	Handled locally; returns Sentrail server info and protocol version `2024-11-05`
`notifications/initialized`	Client lifecycle notification — acknowledged with HTTP 202, no response body
`tools/list`	Forwarded to the upstream server; result is cached 60 seconds per workspace+connection set
`tools/call`	Intercepted and policy-evaluated before forwarding
`ping`	Answered locally with `{}`

All other methods return RPC error -32601:

{
  "jsonrpc": "2.0",
  "id": 1,
  "error": {
    "code": -32601,
    "message": "Method not permitted by Sentrail policy"
  }
}

Every blocked unknown method is recorded in the workspace audit log with action: "unknown_method_blocked" and the method name in the payload. This prevents agents from routing side-effecting work through non-tools/call methods (such as resources/*, prompts/*, or custom extensions) to bypass policy evaluation.

Status codes

HTTP Code	Meaning
`200`	RPC processed (check `error` field in body for RPC-level errors)
`400`	Invalid JSON body
`401`	Invalid or expired API key
`405`	Method not allowed
`424`	No MCP server connected for this workspace
`500`	Internal error

​Authentication

​initialize

​tools/list

​tools/call

​Status polling

​JSON-RPC error codes

​Method allow-list

​Status codes