Repository files navigation

Enterprise-Ready Gateway & Registry for AI Development Tools

🚀 Get Running Now |Quick Start |Documentation |Enterprise Features |Community

Demo Videos: ⭐MCP Registry CLI Demo |Full End-to-End Functionality |OAuth 3-Legged Authentication |Dynamic Tool Discovery

TheMCP Gateway & Registry is an enterprise-ready platform that centralizes access to AI development tools using theModel Context Protocol (MCP). Instead of managing hundreds of individual tool configurations across your development teams, provide secure, governed access to curated AI tools through a single platform.

Transform this chaos:

❌ AI agents require separate connections to each MCP server❌ Each developer configures VS Code, Cursor, Claude Code individually❌ Developers must install and manage MCP servers locally❌ No standard authentication flow for enterprise tools❌ Scattered API keys and credentials across tools  ❌ No visibility into what tools teams are using❌ Security risks from unmanaged tool sprawl❌ No dynamic tool discovery for autonomous agents❌ No curated tool catalog for multi-tenant environments

Into this organized approach:

✅ AI agents connect to one gateway, access multiple MCP servers✅ Single configuration point for VS Code, Cursor, Claude Code✅ Central IT manages cloud-hosted MCP infrastructure via streamable HTTP✅ Developers use standard OAuth 2LO/3LO flows for enterprise MCP servers✅ Centralized credential management with secure vault integration✅ Complete visibility and audit trail for all tool usage✅ Enterprise-grade security with governed tool access✅ Dynamic tool discovery and invocation for autonomous workflows✅ Registry provides discoverable, curated MCP servers for multi-tenant use

┌─────────────────────────────────────┐     ┌──────────────────────────────────────┐│          BEFORE: Chaos              │     │       AFTER: MCP Gateway             │├─────────────────────────────────────┤     ├──────────────────────────────────────┤│                                     │     │                                      ││  Developer 1 ──┬──► MCP Server A    │     │  Developer 1 ──┐                     ││                ├──► MCP Server B    │     │                │                     ││                └──► MCP Server C    │     │  Developer 2 ──┼──► MCP Gateway      ││                                     │     │                │         │           ││  Developer 2 ──┬──► MCP Server A    │ ──► │  AI Agent 1 ───┘         ├──► MCP A  ││                ├──► MCP Server D    │     │                          ├──► MCP B  ││                └──► MCP Server E    │     │  AI Agent 2 ─────────────├──► MCP C  ││                                     │     │                          ├──► MCP D  ││  AI Agent 1 ───┬──► MCP Server B    │     │  AI Agent 3 ─────────────├──► MCP E  ││                ├──► MCP Server C    │     │                          └──► MCP F  ││                └──► MCP Server F    │     │                                      ││                                     │     │          Single Connection           ││  ❌ Multiple connections per user  │      │         ✅ One gateway for all      ││  ❌ No centralized control         │     │          ✅ Dynamic discovery        ││  ❌ Credential sprawl               │     │         ✅ Unified governance       │└─────────────────────────────────────┘     └──────────────────────────────────────┘

Experience dynamic tool discovery and intelligent MCP server integration in real-time

Interactive terminal interface for chatting with AI models and discovering MCP tools in natural language. Talk to the registry using a Claude Code-like conversational interface with real-time token status, cost tracking, and AI model selection.

Quick Start:registry --url https://mcpgateway.ddns.net |Full Guide

• 🤖 Agentic CLI for MCP Registry - Talk to the Registry in natural language using a Claude Code-like interface. Discover tools, ask questions, and execute MCP commands conversationally.Learn more
• 💬 Interactive MCP-Registry CLI - Terminal-based chat interface with AI-powered MCP tool discovery. Supports Amazon Bedrock and Anthropic API.MCP-Registry CLI
• 🔒 MCP Server Security Scanning - Integrated vulnerability scanning withCisco AI Defence MCP Scanner. Automatic security scans during server registration, periodic registry-wide scans with detailed markdown reports, and automatic disabling of servers with security issues.
• 📥 Import Servers from Anthropic MCP Registry - Import curated MCP servers from Anthropic's registry with a single command.Import Guide
• 🔌 Anthropic MCP Registry REST API Compatibility - Full compatibility with Anthropic's MCP Registry REST API specification.API Documentation
• 🚀 Pre-built Images - Deploy instantly with pre-built Docker images.Get Started |macOS Guide
• 🔐 Keycloak Integration - Enterprise authentication with AI agent audit trails and group-based authorization.Learn more
• 📊 Real-Time Metrics & Observability - Grafana dashboards with SQLite and OpenTelemetry integration.Observability Guide
• Amazon Bedrock AgentCore Integration - AgentCore Gateway support with dual authentication.Integration Guide

Provide both autonomous AI agents and human developers with secure access to approved tools through AI coding assistants (VS Code, Cursor, Claude Code) while maintaining IT oversight and compliance.

Centralized authentication, fine-grained permissions, and comprehensive audit trails for SOX/GDPR compliance pathways across both human and AI agent access patterns.

AI agents can autonomously discover and execute specialized tools beyond their initial capabilities using intelligent semantic search, while developers get guided tool discovery through their coding assistants.

Single gateway supporting both autonomous AI agents (machine-to-machine) and AI coding assistants (human-guided) with consistent authentication and tool access patterns.

The MCP Gateway & Registry provides a unified platform for both autonomous AI agents and AI coding assistants to access enterprise-curated tools through a centralized gateway with comprehensive authentication and governance.

flowchart TB    subgraph Human_Users["Human Users"]        User1["Human User 1"]        User2["Human User 2"]        UserN["Human User N"]    end    subgraph AI_Agents["AI Agents"]        Agent1["AI Agent 1"]        Agent2["AI Agent 2"]        Agent3["AI Agent 3"]        AgentN["AI Agent N"]    end    subgraph EC2_Gateway["<b>MCP Gateway & Registry</b> (Amazon EC2 Instance)"]        subgraph NGINX["NGINX Reverse Proxy"]            RP["Reverse Proxy Router"]        end                subgraph AuthRegistry["Authentication & Registry Services"]            AuthServer["Auth Server<br/>(Dual Auth)"]            Registry["Registry<br/>Web UI"]            RegistryMCP["Registry<br/>MCP Server"]        end                subgraph LocalMCPServers["Local MCP Servers"]            MCP_Local1["MCP Server 1"]            MCP_Local2["MCP Server 2"]        end    end        %% Identity Provider    IdP[Identity Provider<br/>Keycloak/Cognito]        subgraph EKS_Cluster["Amazon EKS/EC2 Cluster"]        MCP_EKS1["MCP Server 3"]        MCP_EKS2["MCP Server 4"]    end        subgraph APIGW_Lambda["Amazon API Gateway + AWS Lambda"]        API_GW["Amazon API Gateway"]        Lambda1["AWS Lambda Function 1"]        Lambda2["AWS Lambda Function 2"]    end        subgraph External_Systems["External Data Sources & APIs"]        DB1[(Database 1)]        DB2[(Database 2)]        API1["External API 1"]        API2["External API 2"]        API3["External API 3"]    end        %% Connections from Human Users    User1 -->|Web Browser<br>Authentication| IdP    User2 -->|Web Browser<br>Authentication| IdP    UserN -->|Web Browser<br>Authentication| IdP    User1 -->|Web Browser<br>HTTPS| Registry    User2 -->|Web Browser<br>HTTPS| Registry    UserN -->|Web Browser<br>HTTPS| Registry        %% Connections from Agents to Gateway    Agent1 -->|MCP Protocol<br>SSE with Auth| RP    Agent2 -->|MCP Protocol<br>SSE with Auth| RP    Agent3 -->|MCP Protocol<br>Streamable HTTP with Auth| RP    AgentN -->|MCP Protocol<br>Streamable HTTP with Auth| RP        %% Auth flow connections    RP -->|Auth validation| AuthServer    AuthServer -.->|Validate credentials| IdP    Registry -.->|User authentication| IdP    RP -->|Tool discovery| RegistryMCP    RP -->|Web UI access| Registry        %% Connections from Gateway to MCP Servers    RP -->|SSE| MCP_Local1    RP -->|SSE| MCP_Local2    RP -->|SSE| MCP_EKS1    RP -->|SSE| MCP_EKS2    RP -->|Streamable HTTP| API_GW        %% Connections within API GW + Lambda    API_GW --> Lambda1    API_GW --> Lambda2        %% Connections to External Systems    MCP_Local1 -->|Tool Connection| DB1    MCP_Local2 -->|Tool Connection| DB2    MCP_EKS1 -->|Tool Connection| API1    MCP_EKS2 -->|Tool Connection| API2    Lambda1 -->|Tool Connection| API3    %% Style definitions    classDef user fill:#fff9c4,stroke:#f57f17,stroke-width:2px    classDef agent fill:#e1f5fe,stroke:#29b6f6,stroke-width:2px    classDef gateway fill:#e8f5e9,stroke:#66bb6a,stroke-width:2px    classDef nginx fill:#f3e5f5,stroke:#ab47bc,stroke-width:2px    classDef mcpServer fill:#fff3e0,stroke:#ffa726,stroke-width:2px    classDef eks fill:#ede7f6,stroke:#7e57c2,stroke-width:2px    classDef apiGw fill:#fce4ec,stroke:#ec407a,stroke-width:2px    classDef lambda fill:#ffebee,stroke:#ef5350,stroke-width:2px    classDef dataSource fill:#e3f2fd,stroke:#2196f3,stroke-width:2px        %% Apply styles    class User1,User2,UserN user    class Agent1,Agent2,Agent3,AgentN agent    class EC2_Gateway,NGINX gateway    class RP nginx    class AuthServer,Registry,RegistryMCP gateway    class IdP apiGw    class MCP_Local1,MCP_Local2 mcpServer    class EKS_Cluster,MCP_EKS1,MCP_EKS2 eks    class API_GW apiGw    class Lambda1,Lambda2 lambda    class DB1,DB2,API1,API2,API3 dataSource

Key Architectural Benefits:

• Unified Gateway: Single point of access for both AI agents and human developers through coding assistants
• Dual Authentication: Supports both human user authentication and machine-to-machine agent authentication
• Scalable Infrastructure: Nginx reverse proxy with horizontal scaling capabilities
• Multiple Transports: SSE and Streamable HTTP support for different client requirements

• OAuth 2.0/3.0 compliance with IdP integration
• Fine-grained access control at tool and method level
• Zero-trust network architecture
• Complete audit trails and comprehensive analytics for compliance

• Single configuration works across autonomous AI agents and AI coding assistants (VS Code, Cursor, Claude Code, Cline)
• Dynamic tool discovery with natural language queries for both agents and humans
• Instant onboarding for new team members and AI agent deployments
• Unified governance for both AI agents and human developers

• Container-native (Docker/Kubernetes)
• Real-time health monitoring and alerting
• Dual authentication supporting both human and machine authentication

📱 Running on macOS? See ourmacOS Setup Guide for platform-specific instructions and optimizations.

Get running in under 2 minutes with pre-built containers:

Step 1: Clone and setup

git clone https://github.com/agentic-community/mcp-gateway-registry.gitcd mcp-gateway-registrycp .env.example .env

Step 2: Download embeddings modelDownload the required sentence-transformers model to the shared models directory:

hf download sentence-transformers/all-MiniLM-L6-v2 --local-dir${HOME}/mcp-gateway/models/all-MiniLM-L6-v2

Step 3: Configure environmentComplete:Initial Environment Configuration - Configure domains, passwords, and authentication

export DOCKERHUB_ORG=mcpgateway

Step 4: Deploy with pre-built images

./build_and_run.sh --prebuilt

For detailed information about all Docker images used with--prebuilt, seePre-built Images Documentation.

Step 5: Initialize KeycloakComplete:Initialize Keycloak Configuration - Set up identity provider and security policies

Step 6: Access the registry

open http://localhost:7860

Step 7: Create your first agentComplete:Create Your First AI Agent Account - Create agent credentials for testing

Step 8: Restart auth server to apply new credentials

docker-compose down auth-server&& docker-compose rm -f auth-server&& docker-compose up -d auth-server

Step 9: Test the setupComplete:Testing with mcp_client.py and agent.py - Validate your setup works correctly

Benefits: No build time • No Node.js required • No frontend compilation • Consistent tested images

New to MCP Gateway? Start with ourComplete Setup Guide for detailed step-by-step instructions from scratch on AWS EC2.

Python Scripts:

• ./cli/mcp_client.py - Core MCP operations (ping, list tools, call tools)
• ./tests/mcp_cmds.sh - Shell-based MCP testing operations

Python Agent:

• agents/agent.py - Full-featured Python agent with advanced AI capabilities

Next Steps:Testing Guide |Complete Installation Guide |Authentication Setup |AI Assistant Integration

Transform how both autonomous AI agents and development teams access enterprise tools with centralized governance:

Enterprise-curated MCP servers accessible through unified gateway

AI assistants executing approved enterprise tools with governance

Observability Comprehensive real-time metrics and monitoring through Grafana dashboards with dual-path storage: SQLite for detailed historical analysis and OpenTelemetry (OTEL) export for integration with Prometheus, CloudWatch, Datadog, and other monitoring platforms. Track authentication events, tool executions, discovery queries, and system performance metrics.Learn more Real-time metrics and observability dashboard tracking server health, tool usage, and authentication events

Seamlessly integrate with Anthropic's official MCP Registry to import and access curated MCP servers through your gateway:

• Import Servers: Select and import desired servers from Anthropic's registry with a single command
• Unified Access: Access imported servers through your gateway with centralized authentication and governance
• API Compatibility: Full support for Anthropic's Registry REST API specification - point your Anthropic API clients to this registry to discover available servers

Import and access curated MCP servers from Anthropic's official registry

Import Guide |Registry API Documentation

Integrated Vulnerability Detection:

• Automated Security Scanning - Integrated vulnerability scanning for MCP servers usingCisco AI Defence MCP Scanner, with automatic scans during registration and support for periodic registry-wide scans
• Detailed Security Reports - Comprehensive markdown reports with vulnerability details, severity assessments, and remediation recommendations
• Automatic Protection - Servers with security issues are automatically disabled with security-pending status to protect your infrastructure
• Compliance Ready - Security audit trails and vulnerability tracking for enterprise compliance requirements

Multiple Identity Modes:

• Machine-to-Machine (M2M) - For autonomous AI agents and automated systems
• Three-Legged OAuth (3LO) - For external service integration (Atlassian, Google, GitHub)
• Session-Based - For human developers using AI coding assistants and web interface

Supported Identity Providers: Keycloak, Amazon Cognito, and any OAuth 2.0 compatible provider.Learn more

Fine-Grained Permissions: Tool-level, method-level, team-based, and temporary access controls.Learn more

Cloud Platforms: Amazon EC2, Amazon EKS

Join the Discussion

• GitHub Discussions - Feature requests and general discussion
• GitHub Issues - Bug reports and feature requests

Contributing

• Contributing Guide - How to contribute code and documentation
• Code of Conduct - Community guidelines
• Security Policy - Responsible disclosure process

The following GitHub issues represent our current development roadmap and planned features:

Major Features

• #203 - Deploy MCP Gateway Registry on AWS ECS Fargate 🚧IN PROGRESSComprehensive production-ready ECS deployment guide with multi-AZ architecture, auto-scaling, HTTPS/SSL, CloudWatch monitoring, and NAT Gateway HA. Complete Terraform configuration templates for deploying the entire stack on AWS.

• #195 - Add A2A (Agent-to-Agent) Protocol Support to Registry 🚧IN PROGRESSEnable the registry to serve as a curated discovery service for A2A agents, allowing agents to discover and communicate with other agents. Registry-only design with P2P agent communication and Keycloak-based access control.

• #128 - Add Microsoft Entra ID (Azure AD) Authentication Provider 🚧IN PROGRESSExtend authentication support beyond Keycloak to include Microsoft Entra ID integration. Enables enterprise SSO for organizations using Azure Active Directory.

• #170 - Architectural Proposal: Separate Gateway and Registry Containers 🚧IN PROGRESSArchitectural enhancement to separate gateway and registry functionality into independent containers for improved scalability, maintainability, and deployment flexibility.

• #129 - Virtual MCP Server Support - Dynamic Tool Aggregation and Intelligent Routing 🚧IN PROGRESSEnable logical grouping of tools from multiple backend servers with intelligent routing using Lua/JavaScript scripting. Provides purpose-built virtual servers that abstract away backend complexity.

• #118 - Agent-as-Tool Integration: Dynamic MCP Server GenerationConvert existing AI agents into MCP servers dynamically, enabling legacy agent ecosystems to participate in the MCP protocol without code rewrites.

• #121 - Migrate to OpenSearch for Server Storage and Vector SearchReplace current storage with OpenSearch to provide advanced vector search capabilities and improved scalability for large server registries.

• #98 - Complete GDPR and SOX Compliance ImplementationFull compliance implementation for GDPR and SOX requirements, including data retention policies, audit trails, and privacy controls.

• #39 - Tool Popularity Scoring and Rating SystemEnhance tool discovery with popularity scores and star ratings based on usage patterns and agent feedback.

DevOps & Operations

• #48 - Update EKS Helm Chart for Multi-Container ArchitectureUpdate Helm charts to support the new multi-container Docker Compose architecture for Kubernetes deployments.

• #70 - Docker Build & Runtime Performance OptimizationOptimize Docker build times and runtime performance for faster development and deployment cycles.

Completed

• #132 - Registry UI: Add MCP Configuration Generator ✅COMPLETEDCopy-paste MCP configuration generator added to Registry UI for seamless integration with AI coding assistants (VS Code, Cursor, Claude Code).

• #171 - Feature: Import Servers from Anthropic MCP Registry ✅COMPLETEDAnthropic MCP Registry import functionality implemented. Import curated servers with a single command and access through the gateway with full REST API compatibility.Import Guide |API Documentation

• #37 - Multi-Level Registry Support ✅COMPLETED (Closed via #179, #181)Registry-to-registry integration now supported through Anthropic MCP Registry import, enabling federated server discovery and access across different registries.

• #159 - Add scope management: create/delete Keycloak groups with scope configuration ✅COMPLETEDDynamic scope management functionality implemented with create-group, delete-group, list-groups, and server-to-group assignment commands through service management CLI. Includes comprehensive user management with group-based access control.Service Management Guide

• #160 - Documentation: Add Amazon Bedrock AgentCore Gateway integration example ✅COMPLETEDComprehensive documentation and examples for integrating Amazon Bedrock AgentCore Gateway with dual authentication (Keycloak ingress + Cognito egress), passthrough token mode, and complete MCP protocol flow.Integration Guide

• #158 - Replace /opt/mcp-gateway with ${HOME}/mcp-gateway to eliminate sudo requirements ✅COMPLETEDInstallation experience improved by using user home directory instead of /opt, removing the need for sudo privileges during setup.

• #111 - Standalone Metrics Collection Service ✅COMPLETEDDedicated metrics collection service implemented for comprehensive monitoring and analytics across all MCP Gateway components.Documentation

• #38 - Usage Metrics and Analytics System ✅COMPLETEDComprehensive usage tracking implemented across user and agent identities, with metrics emission from auth server, registry, and intelligent tool finder.Documentation

• #120 - CLI Tool for MCP Server Registration and Health Validation ✅COMPLETEDCommand-line interface for automated server registration, health checks, and registry management. Streamlines DevOps workflows and CI/CD integration.Documentation

• #119 - Implement Well-Known URL for MCP Server Discovery ✅COMPLETEDStandardized discovery mechanism using /.well-known/mcp-servers endpoint for automatic server detection and federation across organizations.

• #18 - Add Token Vending Capability to Auth Server ✅COMPLETEDAuth server token vending capabilities implemented for enhanced authentication workflows with OAuth token management and service account provisioning.

• #5 - Add Support for KeyCloak as IdP Provider ✅COMPLETEDKeyCloak integration implemented with individual agent audit trails, group-based authorization, and production-ready service account management.Documentation

For the complete list of open issues, feature requests, and bug reports, visit ourGitHub Issues page.

This project is licensed under the Apache-2.0 License - see theLICENSE file for details.