Case study · 2026
mcp-guardian: putting MCP on a diet
An MCP proxy that replaces hundreds of tool schemas with three meta-tools, cutting 160k+ startup tokens to 456 (a 99.7% reduction), and adds scoping, audit, and OAuth-aware fan-out to any upstream MCP server, with no client changes.
Author · Maintainer · Speaker
Stack
Python · MCP · asyncio · FastAPI · tiktoken · Docker · PostgreSQL MCP · GitHub MCP
Outcomes
- 99.7% reduction in MCP startup token cost (160,143 to 456 tokens) across 248 PostgreSQL + 41 GitHub tools.
- Proxy overhead ≈ -8 ms (within noise) measured against real upstream servers; 93% hit rate on keyword-based tool search.
- 27/27 scope-enforcement security checks pass; OAuth, bearer, header, and pass-through auth modes all supported per-server.
- Conference talk accepted at the Linux Foundation MCP Dev Summit Bengaluru (9-10 June 2026).
What I owned
The full design: the three-tool API (search_tools, get_schema, execute_tool), the YAML-driven scope model (per-server allow/block lists, per-scope policies), the OAuth-aware auth broker, the audit log, the in-browser dashboard with a live chat-demo for side-by-side token comparison, the benchmark harness against real upstream MCP servers, and the conference talk at the Linux Foundation summit.
What shipped
An MCP proxy that an AI client can drop in front of any number of upstream MCP servers. The client sees three meta-tools (search, fetch-schema, execute) instead of the cartesian sum of every server’s catalog. The proxy enforces scopes, handles OAuth flows, resolves API keys from .env or browser keystore, logs everything for audit, and exposes a dashboard that lets you compare token cost with and without the proxy in real time. The benchmark suite proves the savings hold against PostgreSQL MCP (248 tools) and GitHub MCP (41 tools).
Lessons
The MCP spec already recommends progressive discovery; the hard part is making it implementable without rewriting every client. A proxy at the infrastructure layer is the right place to put that recommendation. The break-even point is around 39 tools; beyond that, the math is overwhelming. And the most interesting work isn’t the token math; it’s the auth broker. Once you have OAuth-aware fan-out across heterogeneous servers, you stop treating MCP as a curiosity and start using it like real infrastructure.