Scopegate
Features

The missing permission layer
for the MCP ecosystem

ScopeGate sits between your AI agents and your connected services — enforcing granular permissions, logging every action, and letting you revoke access in one click.

View on GitHub

Features

The missing permission layer
for the MCP ecosystem

Per-agent, per-service granular scope control

Every agent gets its own permission profile. Define exactly which services it can access, which scopes it has, and what it's rate-limited to. Not team-level. Not org-level. Per agent.

Permission matrix
AgentDriveGmailCalendar
sales-assistantread /Salessend-onlyread
hr-botread /HRread+write
dev-agent
Folder-level scopesRate limits per agentDefault denyInstant toggle

5-min developer onboarding

No Kubernetes. No Entra ID. No platform team. One OAuth click, one config line, one MCP URL. You’re live.

  • Visual toggle matrix
  • YAML config option
  • Auto-generated endpoint

Instant cross-service revocation

One click. All services. The proxy stops forwarding immediately — no waiting for OAuth tokens to expire.

  • All services at once
  • Automated triggers
  • Recorded in audit log

Full audit trail

Every tool call logged: action, params, status, error, duration. Queryable, exportable, and retention-configurable.

  • Every request logged
  • SOC 2 ready
  • 7–365 day retention
Explore all features

Everything included

Everything you need to govern AI agents

Per-agent granular scope control

Every AI agent gets its own permission profile. Define exactly which services it can access, which scopes it has, and what it's rate-limited to. Not team-level. Not org-level. Per agent.

  • Folder-level restrictions within Google Drive
  • Send-only Gmail — agents can't read your inbox
  • Calendar read-only per agent
  • Instant toggle without revoking OAuth

Instant cross-service revocation

One click. All services. The proxy stops forwarding immediately — no waiting for OAuth tokens to expire. Perfect for incident response or when an agent behaves unexpectedly.

  • Revoke one agent or all agents at once
  • Automated triggers via API
  • Every revocation recorded in audit log

Full audit trail

Every tool call logged: action, params, status, error, duration. Queryable, exportable, and retention-configurable. Know exactly what every agent did and when.

  • Every request logged with timestamp
  • SOC 2 & EU AI Act ready
  • 7–365 day retention depending on plan

5-minute developer onboarding

No Kubernetes. No Entra ID. No platform team. One OAuth click, one config line, one MCP URL — and you're live. ScopeGate is designed for developers, not enterprise IT.

  • Visual toggle matrix
  • YAML config option
  • Auto-generated MCP endpoint

Rate limiting per agent

Set request-per-minute and daily caps on each agent independently. Prevent runaway agents from burning through API quotas or triggering abuse detection on third-party services.

  • Configurable per service per agent
  • Hard caps with graceful errors
  • Usage visible in dashboard

Works with any MCP client

ScopeGate exposes a standard MCP endpoint URL. Drop it into Claude Desktop, Cursor, Continue.dev, or any MCP-compatible agent framework — no custom SDK required.

  • Claude Desktop, Cursor, Continue.dev
  • Standard MCP transport (SSE + JSON-RPC)
  • Custom agents via open-source SDK

Integrations

Works with the tools your agents need

Google DriveGmailGoogle CalendarGoogle SheetsSlackNotionGitHubTwitter/XLinkedInGoogle AdsOpenRouter+ more every week

Need an integration not listed? Request it on GitHub →

Ready to add a permission layer?

Start free — one project, five endpoints, no credit card required.

View on GitHub