Yes! It's a proxy that might modify results on the way in or out, which proxies can do.

Could also be called a gateway, which feels a bit more accurate.

The same way API gateways perform additional services like rate-limiting and authentication and billing, an MCP gateway abstracts the services behind it and adds context such that an LLM can more easily interact with them.

More here (not my post, someone I know wrote this): https://hookdeck.com/blog/mcp-gateway

in this case, people are arguing it's a MITM attack, obscured by the MCP

Yeah it is a proxy. I feel that in general we always use the term proxy as short for transparent proxy, while "server" is a bit more general purpose.

If you squint hard enough you can call almost any server a proxy. An FTP server is a proxy for data on disk. Github.com is a proxy for a git repo.

But yeah, saying "MCP is a proxy to your application" might be more insightful than "MCP is a client to your application"

"server" implies that the content being served has the same owner/same scope of control and trust. the sysadmin of an ftp server is the one owning the disk that the ftp server uses; github.com controls the repos that are available on the github site.

i think this whole "mcp security is terribad" thing spawns from the incorrect categorization of the thing as a "server" - if it were instead called a proxy, the rabble would die down.

In relation to the client (AI Agent), the MCP server is serving resources like tools, but in relation to your platform that hosts the API those tools call, it is a client.

exactly, a proxy has tools but no content.