I’ll start with a high-level architecture of what an agentic system might look like. You might be building your own agents, or using off-the-shelf ones like copilots or coding agents. We have an open-source project called KAgent that allows you to build agents quickly on top of Kubernetes.
The important part is these agents communicate with AI models or LLMs, with other agents, and with backend APIs—called tools. But those protocols like MCP or A2A don’t natively provide security.
When you give an agent access to APIs and workflows inside your enterprise, you want authentication, fine-grained authorization, and auditability. You want to know the path the agent took. These things communicate over the network, and that’s why we built a new open-source project at Solo called Agent Gateway.
It understands MCP and A2A protocols and can enforce security, collect metrics, provide tracing, and more. So the demo I’m showing is about Agent Gateway. If we go to GitHub and look up Agent Gateway, you’ll see the project.
It’s built in Rust, which is important for performance and resource usage. The proxy is configured via a JSON file—or optionally using an XDS-type protocol, which I won’t demo today.
With the JSON file, we can define a single endpoint that clients can connect to, which then routes to multiple backend MCP servers. Each of those servers can expose its own tools, and now you can apply governance and policy on top. Agent Gateway has a UI.
We can see the exposed listeners, the target MCP servers, and tools available. For example, you might see tools like Everything Echo or Everything Else Add. It’s helpful to visualize the tools available. Now, what if you have RESTful APIs and want to expose them over the MCP protocol?
Let’s take a look at OpenAPI. We’ll run the proxy in OpenAPI mode. If you check out the config, you’ll see we’re now proxying not just MCP servers, but an OpenAPI REST service as well.
When I refresh and look at our targets, we see that the Pet Store backend is a RESTful API—exposed to MCP clients, making it available in agents or LLMs. When we connect to the playground, we can see both the Everything Server tools and Pet Store tools.
If I call something via MCP, Agent Gateway performs the transformation between MCP and REST automatically. Lastly, let’s look at authentication, authorization, and policies around MCP. The JSON file specifies that a JWT token must be included in the HTTP request.
The policy says: “Yes, you can access this, but only the Echo tool.” So if I try to connect without the token—no luck. I’ll go find the right token (hopefully it’s in the README). Got it. I’ll paste that in, connect… and we’re in.
Now, remember—our policy only allows the Echo service. If I try to use the Add tool (say, 1 + 2), nothing happens, because I’m not authorized. But if I call the Echo tool—say “Hello, Agent Gateway”—it works successfully. Agent Gateway is just one piece of the agentic puzzle.
It enforces security, observability, and guardrails between agents and LLMs, between agents and other agents, and between agents and backend MCP tools. We also include a registration portal for governance—approval workflows, agent registration, and tool management.
This is what we’re calling Agent Mesh, and I believe Solo.io is leading the cloud-native community in building these tools.
