Scriptable MCP Gateway

Agent-scriptable MCP tools in secure containers

sMCP combines the smcp-gate cloud platform with local and remote bridges so agents can execute LLM-generated TypeScript against any Model Context Protocol server. Build rich toolchains, keep secrets on-device, and scale execution on demand without punching new holes in your infrastructure.

Quick Start

Verified performance gains

60% faster
Execution than traditional tool calling.
68% fewer
Tokens consumed for equivalent workflows.
88% fewer
API round trips for compound tool sequences.
98.7% less
Context overhead on complex, multi-session workflows.

What is sMCP?

sMCP (Scriptable Model Context Protocol) is a dynamic, agent-scriptable version of MCP that runs in isolated sandbox sessions. It lets LLM agents execute JavaScript with access to multiple MCP servers, choose which servers to hit at inference-time, and manage long-lived stateful sessions.

Key capabilities:

  • Execute JavaScript/TypeScript with MCP tool access
  • Dynamic MCP server configuration during inference
  • Session-based isolation with resource limits
  • Unified API across all your MCP servers

Secure execution and bridges for agent-coded tools

sMCP gives you typed sandboxes, bridges, and observability for scripting MCP tools across cloud, edge, and desktop—without layers of hand-rolled glue code.

Typed TypeScript runtime

Generate type-safe bindings for every MCP schema and execute code inside hardened V8 isolates.

LLM-authored scripts only talk to the smcp bridge, protecting tokens and preventing arbitrary network access.

Session isolation at scale

smcp-gate provisions Docker containers per session with configurable CPU, memory, and TTL.

Auto-create sessions on demand or reuse them for multi-step workflows without leaking state between customers.

Bring your local MCP servers

smcp-bridge authenticates to apothic.ai and exposes stdio MCP servers running on your device.

Keep filesystem, Git, or database MCP servers close to your data while gating access through OAuth-secured tunnels.

Centralized observability

smcp-remote-bridge tracks active devices, tool calls, and resource usage across all bridges.

Audit every execution, export metrics, and disconnect devices instantly when policies change.

How sMCP routes tool calls end-to-end

Your MCP client speaks HTTP to smcp-gate. Gate provisions a fresh sMCP runtime, which can call hosted tools, remote bridges, or anything exposed by your local bridge devices. Every hop is authenticated, rate-limited, and observable.

1. smcp-gate

Hosted FastMCP gateway
  • Creates containerized sMCP runtimes per session with Docker volume isolation.
  • Offers HTTP transport so Claude Desktop, Cursor, or custom MCP clients connect from anywhere.
  • Provides management tools for session lifecycle, metrics, and cleanup automation.

2. smcp-remote-bridge

Server-side bridge
  • Terminates WebSocket connections from local bridges and registers their tool catalogs.
  • Namespacing guarantees user_device_server_tool uniqueness across all connected machines.
  • Enforces connection limits, JWT validation, and exposes device management MCP tools.

3. smcp-bridge

Desktop agent
  • Authenticates with apothic.ai via OAuth, then maintains a persistent secure tunnel.
  • Wraps stdio MCP servers like filesystem, git, sqlite, or custom scripts running on your machine.
  • Gives you CLI commands to add, enable, disable, and inspect local servers in seconds.

Execution flow

  1. 1. An MCP client calls `smcp_execute` via HTTP. Gate spins up a new session or reuses an active container.
  2. 2. The sandboxed TypeScript runtime fetches generated bindings and executes inside an isolated V8 context.
  3. 3. Calls targeting remote tools flow through smcp-remote-bridge, which dispatches to authenticated local bridges.
  4. 4. Local bridges invoke stdio MCP servers on the user machine and stream responses back to the runtime.
  5. 5. Observability data is pushed to the control plane so you can trace, audit, and revoke access instantly.

Launch secure MCP workloads in three steps

sMCP handles sandboxing, tenancy boundaries, and device connectivity so you can focus on designing powerful tools and workflows.

Step 1

Connect your infrastructure

Register hosted MCP servers or plug in sMCP Gate to surface shared tooling for your team. Define CPU, memory, and TTL policies per session.

Gate exposes management tools so you can script onboarding in CI.
Step 2

Install smcp-bridge

Developers download the local CLI to authenticate, register stdio servers, and expose their localhost tools securely through apothic.ai.

Run `smcp-bridge start` to authenticate and begin tunneling.
Step 3

Monitor in the dashboard

Track active sessions, resource consumption, and execution metrics in real-time. View logs, manage sessions, and configure alerts for your team's usage patterns.

Dashboard provides visibility into container health and MCP performance.

Ready to get started with SMCP?

Join teams using sMCP to run serious automations, power IDE copilots, and bridge sensitive data into AI agents without spraying credentials everywhere. Deploy your gateway in minutes and start collaborating through isolated, sandboxed execution environments.

View DashboardRead Usage Docs