TL;DR: Self-hosting an MCP gateway gives you control over auth, audit logging, and tool access in a way managed services do not. I set up Bifrost end to end on a single instance, walked through the security configuration (OAuth 2.0 with PKCE, virtual keys with deny-by-default), and pushed it to its documented sustained throughput. This post covers the setup, the security layer, and the scaling levers, plus the gotchas. This post assumes familiarity with the Model Context Protocol , basic Docker or npx deployment, and how OAuth 2.0 PKCE flows work. Why Self-Host an MCP Gateway Direct MCP connections work for one developer on a laptop. They break in three ways once you scale. Credentials get duplicated across every agent config. Each Claude Code or Cursor instance holds its own MCP server credentials. Audit trails fragment. When a tool call modifies the wrong record, you cannot answer who called it from which agent session without grepping through agent logs. Tool access is all-or-nothing.…