Agent Gateway

Agent Gateway Overview

Enterprise-grade governance and control for AI agents connecting to your business systems through the Model Context Protocol (MCP).

Tray Agent Gateway provides enterprise governance, security, and control for AI agents that interact with your business systems. Built on the Model Context Protocol (MCP), Agent Gateway enables you to expose Tray workflows and connector operations as tools that AI agents can use to securely execute actions across your systems, while maintaining control over permissions, access, and execution.

What is Agent Gateway?

Agent Gateway acts as a secure bridge between AI assistants (Claude, ChatGPT, custom agents) and your business systems:

• Workflows as Composite Tools - Multi-step business logic packaged as single tools
• Connector Operations as Tools - Individual operations from 700+ connectors with granular control
• Built-in Governance - Permissions, rate limiting, and audit logs at organization and workspace level
• Enforced Security - OAuth or API token authentication, RBAC, and execution monitoring

How it works

Agent Gateway enables AI agents to execute tools securely through a controlled flow:

1. Configure your MCP server

   • Add tools (workflows or connector operations)
   • Define how each tool authenticates
   • Add users to the Access Management allowlist

2. Connect an AI client

   • Connect via OAuth2 (recommended) or API token

3. Run tools from the AI client

   • The AI agent discovers and invokes tools
   • If a tool requires user-provided authentication, the user is prompted to authenticate at runtime

4. Execute with the correct permissions

   • Tools run using either shared service credentials or the end user’s credentials

5. Observe and manage execution

   • Logs show which user executed a tool and which authentication was used
   • Sensitive data is protected through access controls and masking

Authentication model

Agent Gateway has two separate authentication layers: client authentication controls how an AI client connects to your MCP server (via OAuth2 or API token), and tool authentication controls how actions execute within a tool (via a shared service account or the end user's own credentials). The second mode is referred to as Dynamic (User-provided) Authentication.

For full details on both layers and how to configure access, see Authentication and Access and and Dynamic (User-provided) Authentication.

Key Capabilities

MCP Server

The MCP Server exposes your Tray capabilities as tools that AI agents can discover and execute:

Tool Types:

• Workflow Tools (Composite Tools) - Complete workflows with business logic, transformations, rules, and reusable callable logic
• Connector Tools - Individual operations from Tray's 700+ connectors

Agent Capabilities:

• Discover available tools automatically
• Execute tools with natural language inputs using either shared or user-level authentication
• Receive structured responses
• Chain multiple tool calls for complex tasks

Workspace-Level Configuration

MCP servers are configured per workspace:

• Enable/disable MCP server
• Custom server names and URLs
• Selective tool exposure
• Independent security boundaries
• Control which users can access and execute MCP tools

Secure execution and governance

Agent Gateway ensures that tool execution is both controlled and auditable:

• Identify which user executed each tool
• Control how tools authenticate (service account or user-provided)
• Restrict access to tools at the workspace level
• Protect sensitive data through access controls and masking

This is especially important for enterprise use cases where actions must be executed with the correct permissions and full traceability.

Use Cases

Customer Support: Create AI agents that look up customers, check orders, create tickets, and send follow-ups across multiple systems through Composite Tools with validation and logging.

Sales Enablement: Enable agents to search leads, retrieve pricing, generate quotes with business rules, and update opportunities in Salesforce.

IT Operations: Build assistants that query infrastructure status, execute runbooks, retrieve logs, and create incidents with proper categorization.

Data Analysis: Allow agents to run approved SOQL queries, retrieve data from multiple sources, and generate reports with governance controls.

Why Composite Tools?

Composite Tools reduce LLM context usage and hallucination risk by packaging multi-step logic into single tools.

Example: Send Slack Message

Without Composite Tools:

1. AI needs separate "lookup user" tool
2. AI needs separate "send message" tool
3. Requires multiple LLM calls and context coordination
4. Higher risk of errors

With Composite Tools:

1. Single "send message" tool handles lookup logic internally
2. Workflow prompts user for clarification if multiple matches
3. One tool call, reduced context, controlled logic

Why Connector Tools?

Connector Tools provide quick access to individual operations with fine-grained control.

Example: Salesforce Read-Only Access

Expose only query operations:

• Run SOQL queries
• Look up accounts
• Read opportunity data

Block modification operations:

• No create account
• No update records
• No delete operations

This control isn't available with direct MCP server connections where tool availability is managed client-side.

Getting Started

1. Request Access - Contact your Tray team to enable Agent Gateway
2. Configure MCP Server - Set up your workspace server, add tools, and configure authentications per tool (service account or user-provided)
3. Connect AI Client - Use Claude Desktop, Cursor, VS Code, or other MCP client (via OAuth or API token)
4. Test and Expand - Run tools, configure user-provided authentication where needed, and expand to more complex Composite Tools

Continue to Getting Started for detailed setup instructions.