Wombat Gateway
Unix-style rwxd permissions proxy for MCP tool calls. Enforces resource-level deny-by-default policies between Claude Code and upstream MCP servers. Full audit logging.
- Block Claude from pushing to production branches while allowing feature branches
- Enforce read-only access to sensitive config files
- Audit every MCP tool call with structured logging for compliance
The only runtime permissions proxy for MCP. Prevents AI agents from pushing to production branches, deleting files, or executing unauthorized operations.
Any team deploying Claude Code at scale who needs guardrails on what agents can actually do. Essential for enterprise deployments.
https://github.com/usewombat/gateway
By usewombat
How to Get It
Trust Signals Automated Scan
Data & Access
Community Pulse Active
Discussed on Hacker News, Reddit
- The gateway tapes have given me psychic abilities — Reddit · 1208 pts
- Tell HN: Slack decides to close down IRC and XMPP gateways — Hacker News · 1148 pts
- Guacamole – A clientless remote desktop gateway — Hacker News · 1096 pts
24 mentions across 2 sources
Reviewer notes
Automated Scan review. These are observations, not a security certification.
Designed as a security layer. No data leaves machine. Full audit logging.
Things to check
- Single maintainer. Consider the risk if this person stops maintaining the project.
How to evaluate tools before deploying →
Data shown here comes from public APIs and automated scanning. Reviewer notes reflect one person's experience. This is not a security certification or legal recommendation. Always evaluate tools according to your own organization's policies.