The secure gateway
for all your AI traffic
ThinkWatch is the single control plane through which every model request and every MCP tool call must flow. Authenticated, authorized, rate-limited, logged, and accounted for.
- 2 MB
- Distroless image
- 3+1
- API formats
- Per-user
- MCP OAuth
- Rust
- One binary
Drop-in compatible with
- Claude Code
- Cursor
- Continue
- Cline
- OpenAI SDK
- Anthropic SDK
- LangChain
- LlamaIndex
- Claude Code
- Cursor
- Continue
- Cline
- OpenAI SDK
- Anthropic SDK
- LangChain
- LlamaIndex
AI is everywhere. Governance is nowhere.
As AI agents proliferate across engineering teams, organizations face a growing governance challenge that gets worse every quarter.
Keys scattered everywhere
Hardcoded in .env files, shared in Slack, rotated never. One leaked key drains your monthly budget overnight.
Zero visibility
Who used which model? How many tokens? Against which project? Nobody knows until the bill arrives.
No access control
Every developer has direct access to every model and every MCP tool. There is no least-privilege story.
Compliance gaps
No audit trail for AI-assisted code generation or data access. Legal and security cannot answer basic questions.
Cost surprises
Monthly AI bills nobody can explain or attribute. Budget overruns are discovered weeks after the fact.
ThinkWatch solves all of this with a single deployment.
Every AI request flows through one gateway.
Drop-in replacement for the OpenAI and Anthropic SDKs. Your agents keep their existing code — they just point at ThinkWatch instead.
Gateway, MCP proxy, RBAC, analytics — in one binary.
ThinkWatch is one Rust binary backed by PostgreSQL, Redis, and ClickHouse. No microservice sprawl, no glue code — every concern handled by the same control plane.
One port. Every model. Drop-in compatible.
Multi-format proxy
OpenAI Chat Completions, Anthropic Messages, and OpenAI Responses APIs on a single port — drop-in for Cursor, Continue, Cline, Claude Code, and the official SDKs.
Multi-provider routing
OpenAI, Anthropic, Google Gemini, Azure OpenAI, AWS Bedrock, or any OpenAI-compatible endpoint. Format conversion is automatic.
Virtual API keys
Issue scoped tw- keys per team, project, or developer. Revoke in one click. Plaintext shown exactly once; SHA-256 hashes at rest.
Rate limits & budget caps
Sliding-window RPM/TPM enforced via Redis per key, user, or team. Hard budget caps fail closed — the gateway blocks requests the moment a limit is exhausted, no silent overruns. Spend alerts fire before the cap is hit.
Real-time cost tracking
Per-model pricing with budget alerts and team attribution. SSE pass-through with zero-overhead token counting.
Management API & OpenAPI
Provision API keys, users, and providers programmatically. A full OpenAPI spec ships alongside the gateway — integrate key lifecycle into CI pipelines, Terraform, or your own tooling without ever touching the console.
Built for the team — not for one person.
Most MCP gateways were designed for a single user with a single shared service account. ThinkWatch was designed for organizations where every developer needs to authenticate upstream as themselves, every tool call needs to be audited back to a real person, and the whole thing needs to live inside your network.
| Capability | ThinkWatch | SaaS gateways | DIY mcp-proxy |
|---|---|---|---|
| Per-user upstream OAuth (no shared service account) | ✓ | shared account | — |
| One-paste onboarding via Dynamic Client Registration | ✓ | partial | — |
| Tool-level RBAC + per-user tool catalogs | ✓ | limited | — |
| Full audit trail in ClickHouse (queryable, forwardable) | ✓ | hosted-only | — |
| Response cache scoped per (user, account_label) | ✓ | n/a | — |
| Self-hosted, single Rust binary, distroless | ✓ | SaaS-only | varies |
| Bilingual UI out of the box (English + 中文) | ✓ | English-only | — |
| BSL 1.1 — free for non-prod & small prod | ✓ | proprietary | OSS |
SaaS gateways = Composio, Smithery, Pulse MCP and similar hosted offerings. DIY = mcp-proxy or homegrown shims.
Each developer is themselves upstream
Per-user OAuth means GitHub issues are created by Alice, Linear tickets are assigned to Bob — not to a faceless mcp-bot service account. Audit trails work end-to-end: from the IDE, through ThinkWatch, into the upstream system.
One paste, not seventeen portals
Dynamic Client Registration handles the OAuth handshake. Paste the server URL, click Allow on the consent page — you're connected. No app registration, no copying client_id/secret across browser tabs.
Tools are gated like APIs
Tool-level RBAC plus per-user tool catalogs. Each user sees only the tools their role and their upstream account can actually use. The Viewer role doesn't accidentally get write access to production via an MCP tool.
Lives entirely on your network
ThinkWatch is one self-hosted Rust binary backed by Postgres, Redis, and ClickHouse. No SaaS lock-in, no MCP traffic leaving your perimeter, no quarterly invoice surprise from a vendor that's seen your prompts.
Every token. Every key. Every call.
Real-time observability over every AI request flowing through your organization. The panels below are live React components — not screenshots — rendering with mock data so you can see what the console feels like.
- OpenAIus-eastHealthyCB:Closed412 ms99.8%
- Anthropicus-westHealthyCB:Closed538 ms99.6%
- Google Geminius-centralHealthyCB:Closed297 ms99.9%
- Azure OpenAIeastus2DegradedCB:HalfOpen1240 ms96.2%
- AWS Bedrockus-east-1HealthyCB:Closed624 ms99.4%
Up and running in under a minute.
Self-host with Docker Compose for a single-node deployment, or use the Helm chart for production Kubernetes. Either way, four commands and you have a working gateway.
- Start infrastructure
Bring up PostgreSQL, Redis, and ClickHouse via Docker Compose.
$ make infra - Start the gateway
Both ports come up: 3000 (gateway) and 3001 (console API).
$ cp .env.example .env && make dev-backend - Start the console UI
Vite dev server on :5173 with hot reload.
$ cd web && pnpm install && pnpm dev - Run the setup wizard
Create the super_admin account and add your first provider.
$ open http://localhost:5173/setup
curl https://gateway.your-org.com/v1/chat/completions \
-H "Authorization: Bearer tw-prod-xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"model": "gpt-4o",
"messages": [{"role": "user", "content": "Hello"}],
"stream": true
}' Zero code changes required — just swap the base URL and use a virtual tw- key.
Source-available. Free for most teams.
ThinkWatch is licensed under the Business Source License 1.1. Non-production use is free forever, and production use is free up to generous monthly thresholds — only commercial above that.
Development, staging, evaluation, internal demos.
- Unlimited tokens
- Unlimited MCP tool calls
- All gateway features
- All security features
- Community support
Small teams running production workloads.
- Up to 10,000,000 billable tokens / month
- Up to 10,000 MCP tool calls / month
- All features included
- BSL 1.1 license
- Auto-converts to GPL-2.0-or-later after change date
Organizations exceeding the free thresholds.
- Above 10M tokens or 10K MCP calls per UTC month
- Commercial license required
- Priced by usage tiers
- Priority support available
- Custom deployment guidance
"Billable Token" and "MCP Tool Call" definitions, the tiering model, and the changeover to GPL-2.0-or-later are all detailed in LICENSING.md.
Watch the project grow.
ThinkWatch is open development. Star the repo to follow releases and shape the roadmap.