MCP Servers
Aerostack is the gateway layer for MCP servers. Connect any MCP server — whether you build it, already run it, or find it on the Hub — and expose it through a single workspace URL with encrypted secrets, per-user analytics, and team access control.
Your team configures one URL in their editor. You control everything behind it.
Three Modes
Aerostack supports three ways to connect MCP servers, each for a different situation:
| Mode | What it means | When to use |
|---|---|---|
| Host on Aerostack | Build your own MCP server, deploy to Cloudflare edge | You want to create a new MCP server with no infrastructure to manage |
| Proxy your existing MCP | Register your MCP server’s URL in Aerostack | You already run an MCP server and want team access + secret management |
| Install from Hub | One-click install community MCP servers | You want GitHub, Stripe, Slack, Notion, or 30+ other integrations |
How It Fits Together
Every MCP server you connect — regardless of mode — gets added to a Workspace. A workspace is a single gateway URL that composes all your MCP servers into one endpoint.
Tools are namespaced by server slug. If you add a GitHub MCP and a Slack MCP to the same workspace, your AI client sees:
github__create_issue
github__list_pull_requests
slack__send_message
slack__create_channelOne URL. One config. Every tool available.
{
"mcpServers": {
"my-workspace": {
"url": "https://gateway.aerostack.dev/ws/my-workspace/sse",
"headers": { "Authorization": "Bearer mwt_xxxxxxxx" }
}
}
}Key Differentiators
Zero-Trust Secrets
API keys are stored AES-GCM encrypted in Aerostack. They are injected at request time as headers or Bearer tokens. Team members connect via workspace tokens (mwt_ prefix) and never see the underlying API keys.
If someone leaves the team, revoke their workspace token. The production API keys stay untouched.
Per-User Analytics
Every tool call is logged per user via Cloudflare Analytics Engine. You see exactly who called what tool, when, and how often — without any instrumentation on your side.
Team Access Control
Each team member gets their own workspace token. Invite, revoke, and audit access from the Admin dashboard. No shared credentials. No key rotation when someone leaves.
Use Cases
Internal Team Toolkit
30 engineers using Cursor. One workspace URL. Every engineer gets a personal mwt_ token. Install your internal MCP servers (CRM, deploy pipeline, incident response) and they appear for everyone instantly. Remove a tool and it disappears for the whole team.
API Gateway for AI Tools (Proxy Mode)
You already run MCP servers on your infrastructure. Register them in Aerostack as proxied servers. Aerostack becomes the gateway — injecting secrets, logging analytics, enforcing access. Your engineers connect to the workspace URL and never touch production API keys.
Secret-Free Developer Access
Developers using Cursor or Claude Desktop connect to your workspace URL with their personal token. Behind the scenes, Aerostack injects the Stripe API key, GitHub token, or database credentials. The developer’s laptop never has production secrets. If a laptop is compromised, revoke one token — not your API keys.
Usage Monitoring and Compliance
Every tool call is attributed to a specific user. See who created GitHub issues, who queried the database, who sent Slack messages — all through the analytics dashboard. Export logs for compliance audits.
Community Contribution
Build an MCP server, publish it to the Hub. Other Aerostack users install it with one click. Your server runs on Cloudflare edge with zero infrastructure cost to you.
Concepts
| Concept | What it is |
|---|---|
| MCP Server | A connector exposing tools via the Model Context Protocol (e.g., GitHub, Stripe, your custom API) |
| Workspace | A named collection of MCP servers exposed through a single gateway URL |
| Gateway | The HTTPS endpoint that routes tool calls to the right MCP server, injecting secrets and logging analytics |
| Workspace Token | A per-member mwt_ token used to authenticate with the gateway |
| Skill | A single atomic tool within an MCP server (e.g., github__create_issue) |
| Function | TypeScript business logic on Cloudflare edge — can back a hosted MCP server |
| Secret | An AES-GCM encrypted credential (API key, token) injected at request time |
What Makes Aerostack Different
| Platform | What they offer | What they lack |
|---|---|---|
| Smithery / Glama | MCP server directories | No proxy mode, no encrypted secrets, no per-user analytics |
| Zapier MCP | Single URL for Zapier actions | Closed ecosystem, no custom MCP servers, no team tokens |
| Self-hosted gateway | Full control | You build and maintain secret injection, analytics, access control |
Aerostack gives you:
- Three connection modes — host, proxy, or install from Hub
- Zero-trust secrets — AES-GCM encrypted, injected at request time, never exposed
- Per-user analytics — every tool call attributed to a specific team member
- One gateway URL — add MCP servers, they appear for the whole team
- Cross-LLM — works with Claude, ChatGPT, Gemini, Cursor, and any MCP client