Mcp Gateway Registry

Mcp Gateway Registry Overview

What is Mcp Gateway Registry about?

Mcp Gateway Registry offers a single entry point for AI agents and developers to access a curated catalog of MCP‑compatible tools. It removes the need for multiple individual MCP server connections, consolidates credential management, and delivers audit‑ready governance across the organization.

How to use Mcp Gateway Registry?

Clone the repository and copy the example environment file.

git clone https://github.com/agentic-community/mcp-gateway-registry.git
cd mcp-gateway-registry
cp .env.example .env

Download the required embeddings model (used for semantic tool search).

hf download sentence-transformers/all-MiniLM-L6-v2 --local-dir ${HOME}/mcp-gateway/models/all-MiniLM-L6-v2

Deploy the pre‑built Docker images (recommended for quick start).
```
./build_and_run.sh --prebuilt
```
Initialize Keycloak (or another IdP) following the guide in docs/keycloak-integration.md.
Access the UI at http://localhost:7860, register MCP servers via the registry UI, and create agent/service accounts.
Agents connect to the gateway using the reverse‑proxy endpoint, authenticating with OAuth 2LO/3LO tokens.

Key Features

Unified Gateway – one URL for all MCP servers.
OAuth 2LO & 3LO – supports machine‑to‑machine and three‑legged flows.
Keycloak / Cognito Integration – enterprise identity providers.
Dynamic Tool Discovery – semantic search and tag‑based filtering.
Fine‑Grained Access Control – tool‑level, method‑level, and group‑based permissions.
Observability Stack – Grafana dashboards, SQLite metrics, OpenTelemetry and Prometheus exporters.
CLI Management – scripts for server registration, health checks, and user/group provisioning.
Docker & Helm Deployments – ready‑to‑run containers and Kubernetes charts.
Virtual MCP Server – logical aggregation of tools across back‑end servers.

Use Cases

Enterprise AI Agent Governance – enforce compliance while agents invoke any registered tool.
Developer Tooling Centralization – VS Code, Cursor, Claude Code use a single configuration.
Compliance & Auditing – SOX/GDPR‑ready logs of tool usage and authentication events.
Multi‑Tenant Catalog – teams discover and request access to curated MCP services.
Hybrid Cloud Deployments – bridge on‑prem MCP servers with cloud‑native services via the gateway.

FAQ

Q: Do I need to build Docker images myself? A: No. The --prebuilt flag runs official images directly.
Q: Which identity providers are supported? A: Keycloak, Amazon Cognito, and any OAuth 2.0‑compatible IdP (Azure AD support is in progress).
Q: How do I add a new MCP server to the registry? A: Use the Registry UI or the CLI ./cli/mcp_client.py register --url <server-url> --tags <comma‑separated>.
Q: Can I use the gateway with existing agents that already know MCP endpoints? A: Yes. Agents simply point to the reverse‑proxy URL; the gateway forwards requests.
Q: Where are metrics stored? A: Real‑time metrics are persisted in SQLite and exported via OTEL to Prometheus, CloudWatch, etc.
Q: Is there a way to automate token refreshing for agents? A: The built‑in token vending service provides automatic refresh for service accounts.

Mcp Gateway Registry's README

Enterprise-Ready Gateway for AI Development Tools

🚀 Get Running Now | Quick Start | Documentation | Enterprise Features | Community

Demo Videos: Full End-to-End Functionality | OAuth 3-Legged Authentication | Dynamic Tool Discovery

What is MCP Gateway & Registry?

The MCP Gateway & Registry is an enterprise-ready platform that centralizes access to AI development tools using the Model Context Protocol (MCP). Instead of managing hundreds of individual tool configurations across your development teams, provide secure, governed access to curated AI tools through a single platform.

Transform this chaos:

❌ AI agents require separate connections to each MCP server
❌ Each developer configures VS Code, Cursor, Claude Code individually
❌ Developers must install and manage MCP servers locally
❌ No standard authentication flow for enterprise tools
❌ Scattered API keys and credentials across tools  
❌ No visibility into what tools teams are using
❌ Security risks from unmanaged tool sprawl
❌ No dynamic tool discovery for autonomous agents
❌ No curated tool catalog for multi-tenant environments

Into this organized approach:

✅ AI agents connect to one gateway, access multiple MCP servers
✅ Single configuration point for VS Code, Cursor, Claude Code
✅ Central IT manages cloud-hosted MCP infrastructure via streamable HTTP
✅ Developers use standard OAuth 2LO/3LO flows for enterprise MCP servers
✅ Centralized credential management with secure vault integration
✅ Complete visibility and audit trail for all tool usage
✅ Enterprise-grade security with governed tool access
✅ Dynamic tool discovery and invocation for autonomous workflows
✅ Registry provides discoverable, curated MCP servers for multi-tenant use

┌─────────────────────────────────────┐     ┌──────────────────────────────────────┐
│          BEFORE: Chaos              │     │       AFTER: MCP Gateway             │
├─────────────────────────────────────┤     ├──────────────────────────────────────┤
│                                     │     │                                      │
│  Developer 1 ──┬──► MCP Server A    │     │  Developer 1 ──┐                     │
│                ├──► MCP Server B    │     │                │                     │
│                └──► MCP Server C    │     │  Developer 2 ──┼──► MCP Gateway      │
│                                     │     │                │         │           │
│  Developer 2 ──┬──► MCP Server A    │ ──► │  AI Agent 1 ───┘         ├──► MCP A  │
│                ├──► MCP Server D    │     │                          ├──► MCP B  │
│                └──► MCP Server E    │     │  AI Agent 2 ─────────────├──► MCP C  │
│                                     │     │                          ├──► MCP D  │
│  AI Agent 1 ───┬──► MCP Server B    │     │  AI Agent 3 ─────────────├──► MCP E  │
│                ├──► MCP Server C    │     │                          └──► MCP F  │
│                └──► MCP Server F    │     │                                      │
│                                     │     │          Single Connection           │
│  ❌ Multiple connections per user  │      │         ✅ One gateway for all      │
│  ❌ No centralized control         │     │          ✅ Dynamic discovery        │
│  ❌ Credential sprawl               │     │         ✅ Unified governance       │
└─────────────────────────────────────┘     └──────────────────────────────────────┘

MCP Tools in Action

Experience dynamic tool discovery and intelligent MCP server integration in real-time

What's New

🚀 Pre-built Images - Get Running in Under 10 Minutes - Deploy the complete MCP Gateway solution instantly with pre-built Docker images. No compilation required - just download and run! Get Started Now | macOS Setup Guide | Pre-built Images Documentation
🔐 Keycloak Identity Provider Integration - Enterprise-grade authentication with individual AI agent audit trails, group-based authorization, and production-ready service account management. Learn more
Amazon Bedrock AgentCore Gateway Integration - Seamlessly integrate Amazon Bedrock AgentCore Gateways with dual authentication (Keycloak ingress + Cognito egress), passthrough token mode, and complete MCP protocol support. Deploy customer support assistants and other AgentCore services through the registry. Integration Guide
Real-Time Metrics & Observability - Comprehensive monitoring via Grafana dashboards with metrics stored in SQLite and exposed through OpenTelemetry (OTEL). Track server health, tool usage, authentication events, and performance metrics in real-time for complete visibility into your MCP infrastructure. Observability Guide
Service & User Management Utilities - Comprehensive CLI scripts for complete lifecycle management: server registration, health validation, user provisioning, and group-based access control with automated verification and testing. Learn more
Tag-Based Tool Filtering - Enhanced intelligent_tool_finder now supports filtering tools by server tags for precise categorical discovery alongside semantic search
Three-Legged OAuth (3LO) Support - External service integration (Atlassian, Google, GitHub)
JWT Token Vending Service - Self-service token generation for automation
Automated Token Refresh Service - Background token refresh to maintain continuous authentication
Modern React Frontend - Complete UI overhaul with TypeScript and real-time updates
Dynamic Tool Discovery - AI agents autonomously find and execute specialized tools
Fine-Grained Access Control - Granular permissions for servers, methods, and individual tools

Core Use Cases

AI Agent & Coding Assistant Governance

Provide both autonomous AI agents and human developers with secure access to approved tools through AI coding assistants (VS Code, Cursor, Claude Code) while maintaining IT oversight and compliance.

Enterprise Security & Compliance

Centralized authentication, fine-grained permissions, and comprehensive audit trails for SOX/GDPR compliance pathways across both human and AI agent access patterns.

Dynamic Tool Discovery

AI agents can autonomously discover and execute specialized tools beyond their initial capabilities using intelligent semantic search, while developers get guided tool discovery through their coding assistants.

Unified Access Gateway

Single gateway supporting both autonomous AI agents (machine-to-machine) and AI coding assistants (human-guided) with consistent authentication and tool access patterns.

Architecture

The MCP Gateway & Registry provides a unified platform for both autonomous AI agents and AI coding assistants to access enterprise-curated tools through a centralized gateway with comprehensive authentication and governance.

flowchart TB subgraph Human_Users["Human Users"] User1["Human User 1"] User2["Human User 2"] UserN["Human User N"] end subgraph AI_Agents["AI Agents"] Agent1["AI Agent 1"] Agent2["AI Agent 2"] Agent3["AI Agent 3"] AgentN["AI Agent N"] end subgraph EC2_Gateway["MCP Gateway & Registry (Amazon EC2 Instance)"] subgraph NGINX["NGINX Reverse Proxy"] RP["Reverse Proxy Router"] end subgraph AuthRegistry["Authentication & Registry Services"] AuthServer["Auth Server (Dual Auth)"] Registry["Registry Web UI"] RegistryMCP["Registry MCP Server"] end subgraph LocalMCPServers["Local MCP Servers"] MCP_Local1["MCP Server 1"] MCP_Local2["MCP Server 2"] end end %% Identity Provider IdP[Identity Provider Keycloak/Cognito] subgraph EKS_Cluster["Amazon EKS/EC2 Cluster"] MCP_EKS1["MCP Server 3"] MCP_EKS2["MCP Server 4"] end subgraph APIGW_Lambda["Amazon API Gateway + AWS Lambda"] API_GW["Amazon API Gateway"] Lambda1["AWS Lambda Function 1"] Lambda2["AWS Lambda Function 2"] end subgraph External_Systems["External Data Sources & APIs"] DB1[(Database 1)] DB2[(Database 2)] API1["External API 1"] API2["External API 2"] API3["External API 3"] end %% Connections from Human Users User1 -->|Web Browser Authentication| IdP User2 -->|Web Browser Authentication| IdP UserN -->|Web Browser Authentication| IdP User1 -->|Web Browser HTTPS| Registry User2 -->|Web Browser HTTPS| Registry UserN -->|Web Browser HTTPS| Registry %% Connections from Agents to Gateway Agent1 -->|MCP Protocol SSE with Auth| RP Agent2 -->|MCP Protocol SSE with Auth| RP Agent3 -->|MCP Protocol Streamable HTTP with Auth| RP AgentN -->|MCP Protocol Streamable HTTP with Auth| RP %% Auth flow connections RP -->|Auth validation| AuthServer AuthServer -.->|Validate credentials| IdP Registry -.->|User authentication| IdP RP -->|Tool discovery| RegistryMCP RP -->|Web UI access| Registry %% Connections from Gateway to MCP Servers RP -->|SSE| MCP_Local1 RP -->|SSE| MCP_Local2 RP -->|SSE| MCP_EKS1 RP -->|SSE| MCP_EKS2 RP -->|Streamable HTTP| API_GW %% Connections within API GW + Lambda API_GW --> Lambda1 API_GW --> Lambda2 %% Connections to External Systems MCP_Local1 -->|Tool Connection| DB1 MCP_Local2 -->|Tool Connection| DB2 MCP_EKS1 -->|Tool Connection| API1 MCP_EKS2 -->|Tool Connection| API2 Lambda1 -->|Tool Connection| API3 %% Style definitions classDef user fill:#fff9c4,stroke:#f57f17,stroke-width:2px classDef agent fill:#e1f5fe,stroke:#29b6f6,stroke-width:2px classDef gateway fill:#e8f5e9,stroke:#66bb6a,stroke-width:2px classDef nginx fill:#f3e5f5,stroke:#ab47bc,stroke-width:2px classDef mcpServer fill:#fff3e0,stroke:#ffa726,stroke-width:2px classDef eks fill:#ede7f6,stroke:#7e57c2,stroke-width:2px classDef apiGw fill:#fce4ec,stroke:#ec407a,stroke-width:2px classDef lambda fill:#ffebee,stroke:#ef5350,stroke-width:2px classDef dataSource fill:#e3f2fd,stroke:#2196f3,stroke-width:2px %% Apply styles class User1,User2,UserN user class Agent1,Agent2,Agent3,AgentN agent class EC2_Gateway,NGINX gateway class RP nginx class AuthServer,Registry,RegistryMCP gateway class IdP apiGw class MCP_Local1,MCP_Local2 mcpServer class EKS_Cluster,MCP_EKS1,MCP_EKS2 eks class API_GW apiGw class Lambda1,Lambda2 lambda class DB1,DB2,API1,API2,API3 dataSource

Key Architectural Benefits:

Unified Gateway: Single point of access for both AI agents and human developers through coding assistants
Dual Authentication: Supports both human user authentication and machine-to-machine agent authentication
Scalable Infrastructure: Nginx reverse proxy with horizontal scaling capabilities
Multiple Transports: SSE and Streamable HTTP support for different client requirements

Key Advantages

Enterprise-Grade Security

OAuth 2.0/3.0 compliance with IdP integration
Fine-grained access control at tool and method level
Zero-trust network architecture
Complete audit trails and comprehensive analytics for compliance

AI Agent & Developer Experience

Single configuration works across autonomous AI agents and AI coding assistants (VS Code, Cursor, Claude Code, Cline)
Dynamic tool discovery with natural language queries for both agents and humans
Instant onboarding for new team members and AI agent deployments
Unified governance for both AI agents and human developers

Production Ready

High availability with multi-AZ deployment
Container-native (Docker/Kubernetes)
Real-time health monitoring and alerting
Dual authentication supporting both human and machine authentication

Quick Start

📱 Running on macOS? See our macOS Setup Guide for platform-specific instructions and optimizations.

Option A: Pre-built Images (Instant Setup)

Get running in under 2 minutes with pre-built containers:

Step 1: Clone and setup

git clone https://github.com/agentic-community/mcp-gateway-registry.git
cd mcp-gateway-registry
cp .env.example .env

Step 2: Download embeddings model Download the required sentence-transformers model to the shared models directory:

hf download sentence-transformers/all-MiniLM-L6-v2 --local-dir ${HOME}/mcp-gateway/models/all-MiniLM-L6-v2

Step 3: Configure environment Complete: Initial Environment Configuration - Configure domains, passwords, and authentication

export DOCKERHUB_ORG=mcpgateway

Step 4: Deploy with pre-built images

./build_and_run.sh --prebuilt

For detailed information about all Docker images used with --prebuilt, see Pre-built Images Documentation.

Step 5: Initialize Keycloak Complete: Initialize Keycloak Configuration - Set up identity provider and security policies

Step 6: Access the registry

open http://localhost:7860

Step 7: Create your first agent Complete: Create Your First AI Agent Account - Create agent credentials for testing

Step 8: Restart auth server to apply new credentials

docker-compose down auth-server && docker-compose rm -f auth-server && docker-compose up -d auth-server

Step 9: Test the setup Complete: Testing with mcp_client.py and agent.py - Validate your setup works correctly

Benefits: No build time • No Node.js required • No frontend compilation • Consistent tested images

Option B: Build from Source

New to MCP Gateway? Start with our Complete Setup Guide for detailed step-by-step instructions from scratch on AWS EC2.

Testing & Integration Options

Python Scripts:

./cli/mcp_client.py - Core MCP operations (ping, list tools, call tools)
./tests/mcp_cmds.sh - Shell-based MCP testing operations

Python Agent:

agents/agent.py - Full-featured Python agent with advanced AI capabilities

Next Steps: Testing Guide | Complete Installation Guide | Authentication Setup | AI Assistant Integration

Enterprise Features

AI Agents & Coding Assistants Integration

Transform how both autonomous AI agents and development teams access enterprise tools with centralized governance:

Observability

Comprehensive real-time metrics and monitoring through Grafana dashboards with dual-path storage: SQLite for detailed historical analysis and OpenTelemetry (OTEL) export for integration with Prometheus, CloudWatch, Datadog, and other monitoring platforms. Track authentication events, tool executions, discovery queries, and system performance metrics. Learn more

Authentication & Authorization

Multiple Identity Modes:

Machine-to-Machine (M2M) - For autonomous AI agents and automated systems
Three-Legged OAuth (3LO) - For external service integration (Atlassian, Google, GitHub)
Session-Based - For human developers using AI coding assistants and web interface

Supported Identity Providers:

Keycloak - Enterprise-grade open-source identity and access management with individual agent audit trails
Amazon Cognito - Amazon managed identity service
Any OAuth 2.0 compatible provider

Fine-Grained Permissions:

Tool-level access control
Method-level restrictions
Team-based permissions
Temporary access grants

Production Deployment

Cloud Platforms:

Amazon EC2 - Single instance or auto-scaling groups
Amazon EKS - Kubernetes-native microservices deployment

High Availability:

Multi-AZ deployment with automatic failover
Health monitoring and alerting
Rolling updates with zero downtime
Backup and disaster recovery

Documentation

Getting Started	Enterprise Setup	Developer & Operations
Complete Setup GuideNEW! Step-by-step from scratch on AWS EC2	Authentication GuideOAuth and identity provider integration	AI Coding Assistants SetupVS Code, Cursor, Claude Code integration
Installation GuideComplete setup instructions for EC2 and EKS	Keycloak IntegrationEnterprise identity with agent audit trails	API ReferenceProgrammatic registry management
Quick Start TutorialGet running in 5 minutes	Amazon Cognito SetupStep-by-step IdP configuration	Token Refresh ServiceAutomated token refresh and lifecycle management
Configuration ReferenceEnvironment variables and settings		Observability GuideNEW! Metrics, monitoring, and OpenTelemetry setup
	Fine-Grained Access ControlPermission management and security	Dynamic Tool DiscoveryAutonomous agent capabilities
	Service ManagementServer lifecycle and operations
		Production DeploymentComplete setup for production environments
		Troubleshooting GuideCommon issues and solutions

Community

Get Involved

Join the Discussion

GitHub Discussions - Feature requests and general discussion
GitHub Issues - Bug reports and feature requests

Resources

Demo Videos - See the platform in action

Contributing

Contributing Guide - How to contribute code and documentation
Code of Conduct - Community guidelines
Security Policy - Responsible disclosure process

Star History

Roadmap

The following GitHub issues represent our current development roadmap and planned features:

Major Features

#171 - Feature: Import Servers from Anthropic MCP Registry 🚧 IN PROGRESS Add functionality to import and synchronize MCP servers from the Anthropic MCP Registry, enabling seamless integration with the broader MCP ecosystem.
#170 - Architectural Proposal: Separate Gateway and Registry Containers 🚧 IN PROGRESS Architectural enhancement to separate gateway and registry functionality into independent containers for improved scalability, maintainability, and deployment flexibility.
#37 - Multi-Level Registry Support 🚧 IN PROGRESS Add support for federated registries that can connect to other registries, enabling hierarchical MCP infrastructure with cross-IdP authentication.
#132 - Registry UI: Add MCP Configuration Generator 🚧 IN PROGRESS Add copy-paste MCP configuration generator to Registry UI for seamless integration with AI coding assistants (VS Code, Cursor, Claude Code).
#129 - Virtual MCP Server Support - Dynamic Tool Aggregation and Intelligent Routing 🚧 IN PROGRESS Enable logical grouping of tools from multiple backend servers with intelligent routing using Lua/JavaScript scripting. Provides purpose-built virtual servers that abstract away backend complexity.
#121 - Migrate to OpenSearch for Server Storage and Vector Search Replace current storage with OpenSearch to provide advanced vector search capabilities and improved scalability for large server registries.
#118 - Agent-as-Tool Integration: Dynamic MCP Server Generation Convert existing AI agents into MCP servers dynamically, enabling legacy agent ecosystems to participate in the MCP protocol without code rewrites.
#98 - Complete GDPR and SOX Compliance Implementation Full compliance implementation for GDPR and SOX requirements, including data retention policies, audit trails, and privacy controls.
#39 - Tool Popularity Scoring and Rating System Enhance tool discovery with popularity scores and star ratings based on usage patterns and agent feedback.

Authentication & Identity

#128 - Add Microsoft Entra ID (Azure AD) Authentication Provider 🚧 IN PROGRESS Extend authentication support beyond Keycloak to include Microsoft Entra ID integration. Enables enterprise SSO for organizations using Azure Active Directory.

DevOps & Operations

#48 - Update EKS Helm Chart for Multi-Container Architecture Update Helm charts to support the new multi-container Docker Compose architecture for Kubernetes deployments.
#70 - Docker Build & Runtime Performance Optimization Optimize Docker build times and runtime performance for faster development and deployment cycles.

Completed

#159 - Add scope management: create/delete Keycloak groups with scope configuration ✅ COMPLETED Dynamic scope management functionality implemented with create-group, delete-group, list-groups, and server-to-group assignment commands through service management CLI. Includes comprehensive user management with group-based access control. Service Management Guide
#160 - Documentation: Add Amazon Bedrock AgentCore Gateway integration example ✅ COMPLETED Comprehensive documentation and examples for integrating Amazon Bedrock AgentCore Gateway with dual authentication (Keycloak ingress + Cognito egress), passthrough token mode, and complete MCP protocol flow. Integration Guide
#158 - Replace /opt/mcp-gateway with ${HOME}/mcp-gateway to eliminate sudo requirements ✅ COMPLETED Installation experience improved by using user home directory instead of /opt, removing the need for sudo privileges during setup.
#111 - Standalone Metrics Collection Service ✅ COMPLETED Dedicated metrics collection service implemented for comprehensive monitoring and analytics across all MCP Gateway components. Documentation
#38 - Usage Metrics and Analytics System ✅ COMPLETED Comprehensive usage tracking implemented across user and agent identities, with metrics emission from auth server, registry, and intelligent tool finder. Documentation
#120 - CLI Tool for MCP Server Registration and Health Validation ✅ COMPLETED Command-line interface for automated server registration, health checks, and registry management. Streamlines DevOps workflows and CI/CD integration. Documentation
#119 - Implement Well-Known URL for MCP Server Discovery ✅ COMPLETED Standardized discovery mechanism using /.well-known/mcp-servers endpoint for automatic server detection and federation across organizations.
#18 - Add Token Vending Capability to Auth Server ✅ COMPLETED Auth server token vending capabilities implemented for enhanced authentication workflows with OAuth token management and service account provisioning.
#5 - Add Support for KeyCloak as IdP Provider ✅ COMPLETED KeyCloak integration implemented with individual agent audit trails, group-based authorization, and production-ready service account management. Documentation

For the complete list of open issues, feature requests, and bug reports, visit our GitHub Issues page.

License

This project is licensed under the Apache-2.0 License - see the LICENSE file for details.