What it does today
Fleet orchestration: Provision/scale multiple Docker MCP Gateways per org/env, health checks, zero-downtime updates.
Identity & access: SSO/OIDC, SCIM, service accounts, org/env/gateway-level RBAC.
Policy-as-code: Guardrails for who can deploy what, egress allow/deny, rate limits/quotas, approvals.
Secrets & keys: KMS-backed secret injection + rotation (no raw env vars).
Audit & compliance: Immutable logs for auth/config/tool calls; exportable evidence (SOC2/ISO mappings).
Observability & cost: p95/p99 latency, error budgets, usage & cost allocation per tenant.
Hardening: Rootless/read-only containers, minimal caps, mTLS, IP allowlists.
If open-sourced, what’s in scope (proposal)
Agents/operators that supervise gateways, plus Terraform/Helm modules.
Baseline policy packs (OPA/Rego) for common guardrails.
Dashboards & exporters (Prometheus/Grafana) for health, latency, and usage.
CLI & API for provisioning, config, rotation, and audit export. (Thinking Apache-2.0 or AGPL—open to input.)
What stays managed/commercial (if there’s a cloud edition)
Multi-tenant hosted control plane & UI, SSO/SCIM integration, compliance automations, anomaly detection, and cost/chargeback analytics.
What I’d love feedback on
Would you self-host this, or only consider a SaaS? Why?
Must-have integrations: Kubernetes, ECS, Nomad, bare metal?
License preferences (Apache/MIT vs AGPL) and why.
Deal-breakers for adopting: security model, data residency, migration path, etc.
What’s missing for day-1: backups/DR, blue/green, per-tenant budgets, something else?
Would your team contribute policies/integrations if the core is OSS?
Who I think this helps
Platform/DevOps teams wrangling 5–50 MCP servers and multiple environments.
Security/compliance teams who need auditability and policy guardrails out of the box.
Startups that want to avoid building “yet another control plane” around Docker MCP.