经 AI Skill Hub 精选评估,ThinkWatch MCP工具 获评「强烈推荐」。这款AI工具在功能完整性、社区活跃度和易用性方面表现出色,AI 评分 8.2 分,适合有一定技术背景的用户使用。
企业级AI API安全堡垒,提供统一代理、访问控制和MCP协议支持。具备API请求加密、速率限制、审计日志等安全特性,适合需要规范化AI服务访问的企业和团队。
ThinkWatch MCP工具 是一款基于 Rust 开发的开源工具,专注于 AI网关、安全防护、MCP协议 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
企业级AI API安全堡垒,提供统一代理、访问控制和MCP协议支持。具备API请求加密、速率限制、审计日志等安全特性,适合需要规范化AI服务访问的企业和团队。
ThinkWatch MCP工具 是一款基于 Rust 开发的开源工具,专注于 AI网关、安全防护、MCP协议 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
# 方式一:cargo install(推荐) cargo install thinkwatch # 方式二:从源码编译 git clone https://github.com/ThinkWatchProject/ThinkWatch cd ThinkWatch cargo build --release # 二进制在 ./target/release/thinkwatch
# 查看帮助 thinkwatch --help # 基本运行 thinkwatch [options] <input> # 详细使用说明请查阅文档 # https://github.com/ThinkWatchProject/ThinkWatch
# thinkwatch 配置说明 # 查看配置选项 thinkwatch --config-example > config.yml # 常见配置项 # output_dir: ./output # log_level: info # workers: 4 # 环境变量(覆盖配置文件) export THINKWATCH_CONFIG="/path/to/config.yml"
<p align="center"> <picture> <source media="(prefers-color-scheme: dark)" srcset="assets/logo-dark.png"> <img src="assets/logo.png" alt="ThinkWatch" width="480"> </picture> </p>
<p align="center"> <img src="https://img.shields.io/badge/Rust-000000?style=for-the-badge&logo=rust&logoColor=white" /> <img src="https://img.shields.io/badge/React-20232A?style=for-the-badge&logo=react&logoColor=61DAFB" /> <img src="https://img.shields.io/badge/PostgreSQL-316192?style=for-the-badge&logo=postgresql&logoColor=white" /> <img src="https://img.shields.io/badge/Redis-DC382D?style=for-the-badge&logo=redis&logoColor=white" /> <img src="https://img.shields.io/badge/Docker-2496ED?style=for-the-badge&logo=docker&logoColor=white" /> <img src="https://img.shields.io/badge/Kubernetes-326CE5?style=for-the-badge&logo=kubernetes&logoColor=white" /> </p>
```
See the Deployment Guide for production setup with Docker Compose or Kubernetes.
Operator goal: "developers get 60 requests/minute on the AI gateway, 1M weighted tokens/day, and 20M weighted tokens/month — but the entire OpenAI provider has a 100k requests/hour ceiling."
On the developer USER subject:
rate_limit_rule ai_gateway / requests / 60s → 60
rate_limit_rule ai_gateway / tokens / 1d → 1_000_000
budget_cap monthly → 20_000_000
On the OpenAI PROVIDER subject:
rate_limit_rule ai_gateway / requests / 1h → 100_000
A request from any developer key against gpt-4o then has to clear: 1. Developer's per-minute request rule 2. OpenAI provider's per-hour request rule 3. After the response: developer's per-day token rule 4. After the response: developer's monthly token budget
Any one of those failing → 429 with the rule label in the body (user:requests/1m, provider:requests/1h, etc).
```bash
system_settings table), configurable via Web UI (Admin > Settings with 7 category tabs)/setup wizard creates the super_admin account, configures the site, and optionally adds the first provider and API key/gateway/guide page in the web console with copy-paste setup instructions for Claude Code, Cursor, Continue, Cline, OpenAI SDK, Anthropic SDK, and cURL; auto-detects the gateway URL/v1/chat/completions), Anthropic Messages (/v1/messages), and OpenAI Responses (/v1/responses) APIs on a single port; works as a drop-in replacement for Cursor, Continue, Cline, Claude Code, and the OpenAI/Anthropic SDKsgpt-/o1-/o3-/o4- for OpenAI, claude- for Anthropic, gemini- for Google) route automatically; Azure and Bedrock require explicit model registrationtw- keys; the same tw- token works on both the AI gateway and the MCP gateway via a per-key surfaces allowlistinput_multiplier / output_multiplierMost "MCP gateways" available today are thin reverse proxies: one shared admin token per upstream, no end-user identity, and "auth" means "did this user pass the gateway's bearer token". That model works for hobby setups and breaks the moment a real organization plugs it into GitHub / Atlassian / Linear / Slack — every tool call shows up as the same service account, scopes can't differ per user, and there's no honest answer to "who renamed this Linear ticket?".
ThinkWatch is built for the second case.
| Capability | Typical MCP proxy | ThinkWatch |
|---|---|---|
| **Upstream sees the real user** | ❌ shared admin token / env var | ✅ per-user OAuth tokens + PAT vault, AES-256-GCM encrypted at rest |
| **Multi-account per user** | ❌ one config = one identity | ✅ work + personal accounts, labelled, default + named |
| **API key → account binding** | ❌ keys are opaque | ✅ Cursor → personal, cron → service-bot, all on the same user |
| **OAuth onboarding** | ❌ hand-edit JSON / env | ✅ paste URL, one-click DCR (RFC 9728 → 8414 → 7591), public-client support |
| **Per-user tool visibility** | ❌ assumes uniform catalog (privilege-escalation if cached) | ✅ separate mcp_user_tools per user, system catalog only holds anonymous-discoverable tools |
| **Generic MCP client UX (Cursor/Claude Desktop)** | ❌ unauthorized = blank list | ✅ catalog returned with _meta.requires_user_auth markers + -32050 with authorize_url |
| **Tool-level RBAC** | ❌ all-or-nothing | ✅ per-role grants + per-key allowed_mcp_tools allowlist bounded by role |
| **Built-in catalog** | ❌ DIY everything | ✅ 23+ templates seeded (GitHub / Notion / Linear / Slack / Atlassian / Cloudflare / GitLab / Discord / Google / Feishu …) |
| **Audit / rate limits / budgets** | ❌ LLM-only or absent | ✅ same engine meters AI tokens AND MCP tool calls |
| **Response cache safety** | ❌ shared cache leaks across users | ✅ scoped by (user, account_label) for OAuth/PAT servers |
| **OAuth refresh races** | ❌ duplicate refresh attempts under concurrency | ✅ pg_advisory_xact_lock per (server, user, label) |
| **Health classification** | ❌ 401/403 = "unhealthy" (false alarms) | ✅ auth_required is a first-class amber state |
| **SSRF protection** | ❌ raw fetcher | ✅ injected URL validator, private/link-local/metadata IPs rejected |
| **One key, two surfaces** | ❌ separate stacks for AI vs MCP | ✅ single tw- key, per-key surfaces allowlist |
If your only requirement is "expose a few public MCP servers to a small team", the simple proxies do fine. The moment you need who did what, on whose behalf, with what scopes, billed to which cost center — ThinkWatch is the design point.
ThinkWatch 是一个基于 Rust 和 React 构建的高性能 AI 网关管理系统。它旨在为开发者提供灵活且强大的 AI 流量调度能力,通过统一的接口管理不同的 AI 服务提供商,帮助用户在复杂的 AI 调用场景中实现精细化的资源控制与成本管理。
ThinkWatch 提供强大的流量控制与配额管理功能。支持针对不同用户(User)或提供商(Provider)设置精细化的速率限制(Rate Limit)和预算上限(Budget Cap),例如可以针对每日 Token 使用量或每小时请求数进行实时监控与拦截,确保 AI 资源分配的合理性与安全性。
在完成基础环境部署后,请访问 http://localhost:5173/setup 运行内置的 Setup Wizard(设置向导)以完成初始化。若需进行生产环境部署,建议参考官方的 Deployment Guide,使用 Docker Compose 或 Kubernetes 进行容器化编排,以实现高可用与易扩展的生产级运行环境。
ThinkWatch 支持通过声明式的规则进行流量管控。例如,您可以针对特定的开发者用户设置每分钟 60 次请求的速率限制,并设定每日 1M 加权 Token 的使用上限,同时为 OpenAI Provider 设置每小时 100k 请求的总量天花板,从而实现对不同层级流量的精准治理。
系统采用动态配置机制,大部分设置均存储在数据库的 `system_settings` 表中,管理员可通过 Web UI 的 Admin > Settings 界面进行分类管理。首次运行需通过 `/setup` 向导创建 super_admin 账号并配置首个 Provider 与 API key。系统内置了详细的 Configuration Guide 以指导用户进行参数调优。
ThinkWatch 作为一个多格式 API Proxy,在单一端口上原生支持 OpenAI Chat Completions、Anthropic Messages 以及 OpenAI Responses 等多种 API 标准。它可以作为 Cursor、Continue、Cline、Claude Code 以及 OpenAI/Anthropic SDK 的无缝替代方案(Drop-in replacement),极大降低了接入成本。
企业级AI安全网关,架构设计成熟,Rust语言确保性能稳定。MCP支持和统一代理特性有竞争力,适合对安全和合规要求高的组织。
该工具使用 NOASSERTION 协议,商用场景请仔细阅读协议条款,必要时咨询法律意见。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
📄 NOASSERTION — 请查阅原始协议条款了解具体使用限制。
AI Skill Hub 点评:ThinkWatch MCP工具 的核心功能完整,质量优秀。对于AI 技术爱好者来说,这是一个值得纳入个人工具库的选择。建议先在非生产环境试用,再逐步推广。
| 原始名称 | ThinkWatch |
| 原始描述 | 开源MCP工具:Enterprise AI bastion host for secure AI API and MCP access, with unified proxyi。⭐866 · Rust |
| Topics | AI网关安全防护MCP协议企业级API代理 |
| GitHub | https://github.com/ThinkWatchProject/ThinkWatch |
| License | NOASSERTION |
| 语言 | Rust |
收录时间:2026-05-16 · 更新时间:2026-05-19 · License:NOASSERTION · AI Skill Hub 不对第三方内容的准确性作法律背书。