If you're working with AI tools like Claude Code, you've probably encountered MCP — the Model Context Protocol. It's an open standard that lets AI assistants connect to external services through a common interface: databases, APIs, internal tools, you name it.
The catch? Most MCP servers run over HTTP or SSE, but many MCP clients (including Claude Code) speak stdio — they expect to launch a local process and communicate over standard input/output. Bridging that gap usually means installing a Node.js or Python proxy, pulling in dependencies, and hoping nothing breaks when you update your system.
On locked-down corporate machines, minimal server environments, or air-gapped networks, that's often a non-starter.
Here's the typical scenario: you have an MCP server running somewhere — maybe it's a hosted service, maybe it's on your company's internal network. Your MCP client wants to talk to it, but it only knows how to launch a local command and pipe JSON-RPC messages through stdin/stdout.
The existing solutions usually involve a Node.js or Python script that acts as the middleman. That works fine on a developer's laptop, but it means everyone on your team needs the right runtime installed, the right package versions, and the patience to debug dependency conflicts. And in environments where you can't freely install software — think production servers, secure networks, CI runners, edge devices — it falls apart fast.
go-mcp-proxy takes a different approach. It's a single static binary with zero external dependencies — no runtimes, no package managers, no node_modules. Download the binary for your platform (Linux, macOS Intel/ARM, Windows), point it at your MCP server, and it handles the rest.
At its core, it reads JSON-RPC messages from stdin, forwards them as HTTP POST requests to the remote MCP server, and writes responses back to stdout. All logging goes to stderr so it never interferes with the protocol.
The MCP ecosystem is in the middle of a transport transition. The older "Legacy SSE" protocol uses a persistent GET connection for receiving messages and POST for sending. The newer "Streamable HTTP" protocol is cleaner — everything goes through POST, with optional SSE for server-initiated notifications and session management via Mcp-Session-Id headers.
Rather than forcing you to figure out which one your server supports, go-mcp-proxy tries Streamable HTTP first and automatically falls back to Legacy SSE if the server doesn't support it. You can also force a specific transport with -type http or -type sse if you know what you're dealing with.
The proxy supports three layers of configuration, with a clear priority order:
This means you can set a base configuration in a config file, override specific settings with environment variables for different environments, and tweak individual options on the command line when testing.
Connecting to a simple MCP server:
./go-mcp-proxy https://mcp.example.com/mcpAdding authentication:
./go-mcp-proxy \ -header "Authorization=Bearer my-token" \ https://mcp.example.com/mcpDealing with self-signed certificates on internal servers:
./go-mcp-proxy -insecure https://10.0.0.5:8443/mcpSince Claude Code is one of the most common MCP clients, integration is straightforward. Add an entry to your .mcp.json:
{
"mcpServers": {
"my-server": {
"command": "/path/to/go-mcp-proxy",
"args": ["https://mcp.example.com/mcp"],
"env": {
"MCP_AUTH_TOKEN": "my-secret-token"
}
}
}
}
Using env for the token keeps your secrets out of the args array, which can show up in process listings.
This is where a single-binary approach really shines. If you're running a local LLM with MCP support, or using Claude Code on a network without internet access, there's nothing to download at runtime — no npm install, no pip install, no package registry calls. Copy the binary onto the machine, point it at your local MCP server, and you're set.
This makes it especially useful in secure corporate networks, classified environments, or edge deployments where internet access is restricted or nonexistent. The proxy just bridges stdio to HTTP on whatever network is available, whether that's the public internet or a local 10.x.x.x address.
go-mcp-proxy is written in Go using only the standard library — under 1,000 lines of straightforward plumbing code. Cross-compilation is built in, so the CI pipeline produces binaries for all major platforms with a single go build command. Open source under the MIT license.
GitHub: github.com/vchaindz/go-mcp-proxy
Pre-built binaries for Linux, macOS (Intel + ARM), and Windows are available on the releases page. Issues, PRs, and feedback are all welcome.