Synamcps
The secure permission-aware MCP gateway for your knowledge
Synamcps turns your company's scattered knowledge — runbooks, specs, wikis, PDFs, and internal MCP servers — into a single, permission-aware MCP endpoint that any LLM client or AI agent can safely query. It enforces who can see what down to the individual document.

Bring any LLM client; we handle the identity, the permissions, the knowledge ingestion, and the MCP transport — so your AI gets exactly the context it's allowed to have, and nothing more.
What makes it different
Synamcps sits between your AI and your knowledge: an MCP server and a knowledge gateway in one. Ship internal copilots and agentic workflows without writing your own auth, RBAC, rate limiting, ingestion pipeline, and MCP plumbing.
Permission-narrowing tokens
Tokens never expand access — they only intersect a user's existing ACL with token scopes. A leaked token can't do more than its owner, and usually far less.
Document-level visibility
personal / group / public is enforced on top of storage access. Reading a storage is necessary but never sufficient — private docs stay private even to other readers.
Dynamic tool exposure
MCP tools/list is computed per token. Each agent sees only the tools and storages it's allowed to touch — nothing to discover, nothing to probe.
MCP proxy & federation
Register upstream HTTP/SSE MCP servers, auto-discover their tools, resources and prompts, and re-expose them behind one ACL and rate limit. Upstream secrets encrypted at rest.
Governed ingestion + SSRF guard
Add knowledge as text, file or link. Extraction → summary → embeddings runs automatically. Link ingestion refuses loopback, link-local, cloud-metadata and private ranges, even across redirects.
Built-in RAG search
Embedding-based semantic search over pgvector or Qdrant, with source / sourceUrl / storage filters and pagination.
Enterprise auth
OIDC, Keycloak, Google and Teleport Proxy JWT — plus internal login for the Admin UI. Strict CORS allowlist.
Rate limits & metrics
Per-token minute/hour/day + burst limits on both MCP and REST. Prometheus /metrics, Redis TimeSeries usage accounting, component status dashboard.
Admin UI + Connect wizard
Server-rendered console for users, groups, storages, ACLs, tokens, ingestion and search — with an MCP Connect wizard that generates ready-to-paste client config.
Built for real pipelines
From governed corporate RAG to least-privilege agent fleets — the same gateway, tokens, and audit trail underneath.
Corporate RAG pipelines
Governed knowledge base for an internal copilot
Centralize runbooks, architecture docs and policies into per-team storages. Document visibility keeps HR's private docs out of an engineer's results even when both share a storage.
Multi-tenant RAG with hard isolation
Give each customer its own storage and vector scope. Because tokens narrow rather than grant, a misconfigured client physically cannot retrieve another tenant's vectors.
Continuous ingestion from external systems
Wire Confluence / Notion / Jira exporters to POST /api/knowledge with stable source labels. Re-ingest idempotently; the SSRF guard blocks attacker-supplied links from pivoting to cloud metadata.
Compliance-grade retrieval with audit
Every call flows through tokenized auth with Prometheus metrics and Redis TimeSeries events — answering 'which agent read which storage, how often' without a separate observability stack.
Agentic pipelines
One MCP front door for a fleet of agents
Point Claude Code, Cursor and custom agents at a single /mcp endpoint. tools/list returns a different toolset per token — a research agent sees only knowledge_search; an authoring agent also sees write tools.
MCP federation / proxy hub
Register your Jira, GitHub and internal MCP servers in one tab. Synamcps namespaces their tools and re-exposes them behind unified ACLs, scopes and rate limits — credentials encrypted at rest.
Least-privilege agents with rotatable credentials
Provision short-lived, narrowly scoped tokens per agent run. Rotate or revoke instantly via the Admin API; burst + per-window limits 429 a runaway loop instead of hammering downstream systems.
Write-back / knowledge-curating agents
An incident-summarizing agent can persist findings back as group-visible knowledge, feeding the next retrieval cycle — a self-improving loop bounded by the agent's write scope and allowed storages.
A clean HTTP & MCP API
Ingest text, files or links. Search semantically. Manage everything via the admin API or the built-in UI. MCP tools/list is dynamic — clients only see tools and storages allowed by their token.
POST /api/knowledge — create from textPOST /api/knowledge/ingest/file — uploadPOST /api/knowledge/ingest/link — crawl URLPOST /api/knowledge/search — semantic search/api/admin/* — users, groups, storages, tokens/metrics — Prometheus format
curl -X POST http://localhost:8080/api/knowledge/search \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"query": "kubernetes ingress timeout",
"topK": 10,
"filters": { "storageId": "team-sre" }
}'Frequently asked questions
What is Synamcps?
Synamcps is a self-hosted MCP server and knowledge gateway in one. It ingests documents, files and links into governed storages, exposes them over the open Model Context Protocol, and enforces who can see what down to the individual document — so any LLM client or AI agent gets exactly the context it is allowed to have.
How do permission-narrowing tokens work?
Tokens never expand access — they only intersect a user's existing ACL with the token's scopes (read-only, specific storages, specific tools). A leaked token can do no more than its owner, and usually far less.
Which LLM clients and agents are supported?
Any MCP-compatible client connects to the streamable HTTP /mcp endpoint, including Claude Desktop, Claude Code, Cursor and custom agents. Each agent authenticates with its own bearer token and receives a tools/list tailored to its scope.
Can Synamcps proxy our existing MCP servers?
Yes. Register upstream HTTP/SSE MCP servers in the Admin UI and Synamcps auto-discovers their tools, resources and prompts, namespaces them, and re-exposes them behind the same ACLs, scoped tokens and rate limits — with upstream credentials encrypted at rest.
What vector stores and storage backends does it use?
Embeddings are stored in pgvector or Qdrant, raw blobs in S3 or MinIO, with Postgres for metadata and Redis for rate limiting and usage time-series.
How is it deployed?
Docker Compose ships Postgres, Redis, S3/MinIO and Synamcps together. Clone the repo, copy .env.example, run make compose-up, and open the Admin UI at localhost:8080/login.