Railway

Deploy McpVanguard

Open-source MCP security gateway for routed tool calls.

Deploy McpVanguard

Just deployed

Deploy and Host McpVanguard on Railway

McpVanguard is an open-source security gateway for the Model Context Protocol (MCP). It sits between AI agents and MCP tool servers, inspects routed tool calls before execution, and applies configurable policy before requests reach the upstream server.

About Hosting McpVanguard

Hosting McpVanguard on Railway lets you expose an MCP gateway over a public HTTPS endpoint while keeping policy enforcement in front of your upstream MCP server.

In a typical deployment, Railway runs the McpVanguard SSE gateway as the public entrypoint. McpVanguard then launches or connects to the MCP-compatible upstream server configured by MCP_SERVER_COMMAND.

Railway handles public networking and TLS. McpVanguard adds MCP tool-call inspection, API-key authentication, configurable profiles, deterministic rules, safe-zone checks, metadata inspection, behavioral signals, and structured audit logs for routed MCP traffic.

McpVanguard is not an OS sandbox and does not secure traffic that bypasses the gateway. For production use, route the relevant MCP workflow through McpVanguard, configure a long random API key, restrict the upstream server command, and tune safe zones for the tools being protected.

Common Use Cases

  • Expose an existing MCP server through a guarded SSE gateway
  • Add policy enforcement in front of file, shell, API, or network-capable MCP tools
  • Inspect routed MCP tool calls before they reach the upstream server
  • Block configured high-confidence risky actions before execution
  • Start with monitor, move to balanced, and use strict for production-sensitive deployments
  • Attach Redis for shared behavioral state in multi-instance deployments

Dependencies for McpVanguard Hosting

  • Python 3.11+
  • An MCP-compatible upstream server command or process
  • A long random VANGUARD_API_KEY for client authentication
  • Recommended: VANGUARD_ALLOWED_SERVER_COMMANDS to restrict which upstream executables can be spawned
  • Optional Redis for shared behavioral state and session-aware enforcement
  • Optional semantic backend for Layer 2 intent scoring

Deployment Dependencies

Implementation Details

Set the upstream MCP server command with MCP_SERVER_COMMAND.

The Railway template starts McpVanguard as an SSE gateway on Railway's public bind path:

vanguard sse \
  --host 0.0.0.0 \
  --port 8080 \
  --profile balanced \
  --server "$MCP_SERVER_COMMAND"
Recommended environment variables:
VANGUARD_PROFILE=balanced
VANGUARD_MODE=enforce
VANGUARD_API_KEY=replace-with-a-long-random-secret
MCP_SERVER_COMMAND=npx -y @modelcontextprotocol/server-filesystem /app/data
VANGUARD_ALLOWED_SERVER_COMMANDS=npx,node,python
PORT=8080
Optional Redis:
VANGUARD_REDIS_URL=${{Redis.REDIS_URL}}
Optional semantic scoring:
VANGUARD_SEMANTIC_ENABLED=true
VANGUARD_SEMANTIC_CUSTOM_URL=https://your-openai-compatible-endpoint/v1
VANGUARD_SEMANTIC_CUSTOM_MODEL=your-model
VANGUARD_SEMANTIC_CUSTOM_KEY=your-provider-key
Health Check
McpVanguard exposes:
GET /health
Use this endpoint for Railway health checks and deployment readiness visibility.
Important Security Notes
McpVanguard protects MCP traffic routed through the gateway. Direct agent-to-server connections are outside this template's enforcement path.
MCP_SERVER_COMMAND is operator-controlled configuration. Do not allow untrusted users or remote clients to modify it.
For hosted deployments, set VANGUARD_API_KEY before exposing the service to real clients. Clients should send it with:
X-Api-Key: 
For stronger hosted posture, set VANGUARD_ALLOWED_SERVER_COMMANDS so McpVanguard refuses to spawn unexpected upstream executables.
Audit And Receipts
McpVanguard emits structured audit logs for routed MCP traffic. Optional receipt_v1 JSONL emission can be enabled separately for receipt-oriented workflows.

Template Content

More templates in this category

View Template
Rocky Linux
[Jul'26] Hosted Rocky Linux 9 workspace with SSH and persistent storage. 🚀

codestorm
21
View Template
Foundry Virtual Tabletop
A Self-Hosted & Modern Roleplaying Platform

Lucas
71
View Template
Letta Code Remote
Run a Letta Code agent 24/7. No inbound ports, just deploy.

Letta
51