i built this instead of sleeping, please tell me if it’s stupid
i got tired of the whole “just let agents call your API” thing sounding simple but being annoying once you actually try to do it.
everyone shows the happy path, but then you hit the boring stuff: auth, API keys, deciding which endpoints are safe, huge JSON responses, logs, rate limits, and not letting the model see half your backend for no reason.
so i built a rough gateway/proxy layer.
basically:
agent → gateway → real API
it’s not exactly MCP. it’s more like a curated agent-facing layer in front of an existing API.
the agent gets a scoped gateway key, not the real API key. the gateway checks what tools/endpoints that key is allowed to call, injects the real upstream auth server-side, calls the actual API, slims/redacts the response, and logs what happened.
it also supports some per-tool settings, like different auth/base URLs/response cleanup rules, because real APIs are messy and not every endpoint behaves the same.
the idea is not to replace the API. it’s just the boring wrapper/proxy layer people seem to keep rebuilding when they want agents to use APIs safely.
i haven’t launched it yet because it still needs polish, and i’d rather get roasted now than launch, regret the direction, and realize i built the wrong thing.
now you can roast the f out of me. constructive criticism is welcomed.