Wombat Gateway
Unix-style rwxd permissions proxy for MCP tool calls. Enforces resource-level deny-by-default policies between Claude Code and upstream MCP servers. Full audit logging.
- Block Claude from pushing to production branches while allowing feature branches
- Enforce read-only access to sensitive config files
- Audit every MCP tool call with structured logging for compliance
The only runtime permissions proxy for MCP. Prevents AI agents from pushing to production branches, deleting files, or executing unauthorized operations.
Any team deploying Claude Code at scale who needs guardrails on what agents can actually do. Essential for enterprise deployments.
https://github.com/usewombat/gateway
By usewombat
How to Get It
Trust Signals Auto-scanned
Data & Access
Community Pulse Active
Discussed on Hacker News, Reddit
- Europe opens its ‘first gateway office’ to fast-track hiring in India — Reddit · 5277 pts
- The gateway tapes have given me psychic abilities — Reddit · 1208 pts
- Tell HN: Slack decides to close down IRC and XMPP gateways — Hacker News · 1148 pts
35 mentions across 2 sources
Reviewer notes
Auto-scanned review. These are observations, not a security certification.
Designed as a security layer. No data leaves machine. Full audit logging.
Things to check
- Single maintainer. Consider the risk if this person stops maintaining the project.
How to evaluate tools before deploying →
Data shown here comes from public APIs and automated scanning. Reviewer notes reflect one person's experience. This is not a security certification or legal recommendation. Always evaluate tools according to your own organization's policies.
Evaluation
Related Outcomes
This tool shows up in these problem-focused recommendations.