# The MCP Gateway The MCP Gateway is the enforcement surface of Cakewalk Agent Access. Every Agent tool call passes through it before reaching a downstream app, which is what makes Policies executable instead of just documented. *** ### 📖 Key Concepts * **MCP Gateway**: Cakewalk's proxy between AI Agents and the third-party apps they access. Speaks the Model Context Protocol (MCP) on both sides: it presents as an MCP server to the Agent and acts as an MCP client to the downstream Connection. * **Tool call**: A single action an Agent attempts against a Connection (read a record, create an issue, send a message). Every tool call passes through the MCP Gateway and produces exactly one outcome. * **Policy**: The rule the MCP Gateway evaluates against every tool call. Produces exactly one outcome: Auto-approve, Require approval or Deny. See [Policies](/docs/ai-agent-access/concepts/policies.md) for the full model. :bulb: *Why this matters:* The MCP Gateway is the choke point. If an Agent accesses a Connection without going through it, that Connection is ungoverned. Every other concept in this chapter assumes the MCP Gateway is in the path. *** ### 🛠 The Four Responsibilities The MCP Gateway does exactly four things on every tool call. #### Evaluate Policy The MCP Gateway runs each tool call through the Policy engine. It takes the action type, the User's attributes and the Connection's attributes and produces one of three outcomes: **Auto-approve**, **Require approval** or **Deny**. See [Policies](/docs/ai-agent-access/concepts/policies.md) for how Policies are authored and how conflicts resolve. #### Mediate Credentials Agents never see real tokens. Credentials (OAuth tokens, PATs) sit in the Cakewalk vault. The Agent holds only a reference ID, an opaque session-scoped identifier. On each tool call, the MCP Gateway looks up the real credential, injects it into the outbound request and proxies to the Connection. See [Trust and Security](/docs/ai-agent-access/concepts/trust-and-security.md) for the full credential model. #### Suspend and Resume When a Policy requires approval, the MCP Gateway pauses the tool call and surfaces an MCP elicitation prompt inside the Agent client. The Agent does not fail or retry: it waits. Once the User decides, the MCP Gateway either proxies the call or returns a denial. #### Record Decisions Every evaluation produces a structured, immutable [audit event](/docs/ai-agent-access/concepts/audit-log.md): the request payload, the response payload and every triggered Policy with its outcome. Audit is the output of enforcement, not a separate system. *** ### 🔌 What the Gateway Is Not The MCP Gateway is intentionally narrow. It is not: * A general-purpose API proxy. No caching, no payload transformation, no load balancing. * A resource-level enforcement layer. The MCP Gateway operates at the Connection and tool-call level. Per-record permissions (this Salesforce record, this GitHub repo) stay with the downstream app. * An Agent runtime. The MCP Gateway sees tool calls, not the Agent's reasoning, prompts or non-MCP actions. *** ### 🌐 MCP as the Starting Surface MCP (Model Context Protocol) is the dominant agent-to-tool standard. Cakewalk's MCP Gateway speaks it natively because MCP tool annotations (`readOnlyHint`, `destructiveHint`, `openWorldHint`) inform the action types the Policy engine evaluates against. When a tool does not declare its annotations, Cakewalk infers the action type from the Catalog. Non-MCP traffic (direct REST calls, CLI, browser automation) is not governed by the MCP Gateway today. *** ### Related Concepts * [The Tool Call Lifecycle](/docs/ai-agent-access/concepts/the-tool-call-lifecycle.md): the six steps the MCP Gateway runs on every tool call * [Policies](/docs/ai-agent-access/concepts/policies.md): what the Policy engine evaluates * [Trust and Security](/docs/ai-agent-access/concepts/trust-and-security.md): how credentials and reference IDs work * [Audit Log](/docs/ai-agent-access/concepts/audit-log.md): what gets recorded --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.cakewalk.security/docs/ai-agent-access/concepts/the-mcp-gateway.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.