Open Source (OSS)
Aegis MCP Gateway is a 100% free and open-source project. The code is licensed under the highly permissive MIT License, ensuring that you can deploy, modify, and distribute the gateway for both commercial and personal projects without restrictions or vendor lock-in.
All core governance features—including Cedar policy evaluation, drift validation, and PostgreSQL/Redis adapters—are provided directly in the primary MIT repository. There are no hidden subscription tiers for basic security workloads.
Community Philosophy
We believe that security utilities are most reliable when built in the open. Developing Aegis in public repositories guarantees transparency in cryptography routines, allows CISOs to audit our container configurations, and helps us build support for new MCP transports quickly.
Contribution Guidelines
We welcome contributions from the community! To suggest features, patch bugs, or build new database adapters, use the following workflow:
- Fork the primary repository on GitHub.
- Clone your fork and instantiate a local development environment (see the Quickstart Guide).
- Write code in a dedicated branch, adhering to our .NET formatting rules.
- Verify changes by executing the local test suites.
- Submit a Pull Request with a clear description of the modifications.
Test Conformance
Because the gateway abstracts storage, eventing, and credential details behind hexagonal ports, any custom adapter (e.g. for Google Cloud or Azure) must pass the shared conformance test suites prior to merge approval:
# Run adapter conformance tests
dotnet test tests/Mcp.Gateway.Adapters.Conformance
# Run protocol compliance suites
dotnet test tests/Mcp.Gateway.Protocol.Conformance
Code of Conduct
Aegis is dedicated to providing a harassment-free experience for everyone. We require all contributors to review and adhere to the Contributor Covenant Code of Conduct, ensuring welcoming communication in all issues, pull requests, and chat channels.
Enterprise Support
For organizations deploying Aegis MCP Gateway to handle sensitive compliance workloads, we offer SLA-backed commercial support, customized integration planning, security policy consulting, and early access to v2 enterprise features. Contact us to learn more about support scopes.