Open the Registry UI (served by nginx on port 80)

July 9, 2026 · View on GitHub

MCP Gateway & Registry Logo

Unified Agent & MCP Server Registry – Gateway for AI Development Tools

GitHub stars GitHub forks License GitHub release

Get Running Now | Docs | Executive Brief | Slide Deck | Demo Videos | AWS Workshop | Community


The MCP Gateway & Registry is a single, governed control plane for every AI asset in your organization, from MCP servers and AI agents to skills and any custom asset your teams build. It is open source, licensed under Apache 2.0, and runs on Kubernetes (Amazon EKS), fully managed serverless (Amazon ECS), or Docker Compose (Amazon EC2).

It began as a gateway and registry for the Model Context Protocol (MCP): one secure entry point to many MCP servers, with centralized discovery and governance. As teams started registering agents, skills, and other assets alongside their servers, it grew into a general-purpose AI asset registry on the same gateway, access-control, and audit model it started with.

Why we built this

Without a control plane, every team wires its own MCP servers and agents by hand: separate credentials in every dotfile, no shared inventory, no audit trail, and no way to discover or govern what exists. Agents can't find other agents; servers and agents live in separate registries that can't share policy.

This platform replaces that with one governed entry point for every AI asset. Register a server, agent, skill, or custom entity once; discover it by natural-language search; reach it through a single authenticated gateway that enforces access and records every call. One control plane, one access model, one audit trail, across all asset types.

┌─────────────────────────────────────┐     ┌──────────────────────────────────────────────────────┐
│          BEFORE: Chaos              │     │    AFTER: MCP Gateway & Registry                     │
├─────────────────────────────────────┤     ├──────────────────────────────────────────────────────┤
│                                     │     │                                                      │
│  Developer 1 ──┬──► MCP Server A    │     │  Developer 1 ──┐                  ┌─ MCP Server A    │
│                ├──► MCP Server B    │     │                │                  ├─ MCP Server B    │
│                └──► MCP Server C    │     │  Developer 2 ──┼──► MCP Gateway   │                  │
│                                     │     │                │    & Registry ───┼─ MCP Server C    │
│  Developer 2 ──┬──► MCP Server A    │ ──► │  AI Agent 1 ───┘         │        │                  │
│                ├──► MCP Server D    │     │                          │        ├─ AI Agent 1      │
│                └──► MCP Server E    │     │  AI Agent 2 ──────────────┤        ├─ AI Agent 2     │
│                                     │     │                          │        │                  │
│  AI Agent 1 ───┬──► MCP Server B    │     │  AI Agent 3 ──────────────┘        └─ AI Agent 3     │
│                ├──► MCP Server C    │     │                                                      │
│                └──► MCP Server F    │     │              Single Connection Point                 │
│                                     │     │                                                      │
│  ❌ Multiple connections per user  │     │         ✅ One gateway for all                      │
│  ❌ No centralized control         │     │         ✅ Unified server & agent access            │
│  ❌ Credential sprawl              │     │         ✅ Unified governance & audit trails        │
└─────────────────────────────────────┘     └──────────────────────────────────────────────────────┘

Onboard third-party OAuth MCP servers, the enterprise way. Because the gateway provides per-user egress authentication, you can connect OAuth-protected SaaS MCP servers such as Slack, Atlassian, and GitHub without every user setting up network access to those services or storing credentials on their laptop. Each user connects their account once; the gateway runs the OAuth (3LO) flow, vaults the per-user token in a secrets manager, and injects it on egress. That collapses onboarding to a single, auditable choke point, so a team can adopt a new SaaS MCP server across the enterprise without per-laptop plumbing or scattered long-lived tokens.

How it works

The gateway is the data plane (a generic nginx reverse proxy: TLS, auth validation, routing to backends) and the registry is the control plane (a FastAPI service that owns the inventory, access model, and audit trail, and decides what the gateway may route to). An auth server integrates your identity provider (Keycloak, Entra ID, Okta, Auth0, Cognito, PingFederate) for OAuth2/OIDC, and MongoDB / DocumentDB stores configuration, embeddings, sessions, and audit records.

flowchart LR
    Users["Human Users"] -->|HTTPS| GW
    Agents["AI Agents"] -->|MCP / auth| GW
    Assistants["Coding Assistants"] -->|MCP / OAuth| GW
    subgraph GWBOX["MCP Gateway & Registry"]
        GW["nginx reverse proxy<br/>(data plane)"] -->|auth_request| Auth["Auth Server"]
        GW --> Reg["Registry API + UI<br/>(control plane)"]
    end
    Auth -.->|validate| IdP["Identity Provider"]
    GW -->|routes to| Servers["MCP Servers, Agents, Skills<br/>(anywhere: EKS / ECS / Lambda / SaaS)"]

By default, the registry handles A2A discovery, authentication, and access control, and agents then communicate directly (peer-to-peer) rather than routing every call through the gateway. For the full design and its invariants, read the Theory of the System; for layered diagrams, see Architecture Diagrams.

See it in action

Watch how MCP servers, A2A agents, and external registries work together for dynamic tool discovery:

https://github.com/user-attachments/assets/97c640db-f78b-4a6c-9662-894f975f66e2

More walkthroughs are in the demo videos.

Start here if you are a...

You are a...Start here
DeveloperStart with the Complete Setup Guide; you can also try the macOS setup skill to get it running on your MacBook. Then connect your AI coding assistant with the AI Coding Assistant Integration guide. For programmatic access, see the OpenAPI spec plus a Python registration client (registry_client.py) and CLI (registry_management.py).
Platform / security / ops teamSee the deployment guides for Amazon EKS (Helm), Amazon ECS (Terraform), and Docker Compose; the authentication guide; the configuration reference; and access control & scopes.
Decision-maker evaluating adoptionRead the Executive Brief, watch the demo videos, and try the AWS Workshop.

Quick Start

The fastest path is the pre-built Docker images. Clone, set a few secrets, and run:

git clone https://github.com/agentic-community/mcp-gateway-registry.git
cd mcp-gateway-registry
cp .env.example .env

# Edit .env and set the required secrets (e.g. KEYCLOAK_ADMIN_PASSWORD, SECRET_KEY).
# See docs/configuration.md for the full list.
nano .env

# Deploy with pre-built images (pulled from Amazon ECR Public by default)
./build_and_run.sh --prebuilt

# Open the Registry UI (served by nginx on port 80)
open http://localhost        # macOS  (Linux: xdg-open http://localhost)

The Complete Installation Guide has the full walkthrough for Amazon EC2 (prerequisites, MongoDB and Keycloak initialization, first user and service account, registering a server, and testing the gateway).

Deploying somewhere else?

What's in the box

The registry holds four built-in asset types plus admin-defined custom ones, all on one control plane:

  • MCP servers: register, discover, and govern access to MCP servers behind a single authenticated gateway.
  • Agents (A2A): register agents and let them discover each other by capability; by default agent-to-agent traffic runs peer-to-peer.
  • Skills: register, version, and discover reusable SKILL.md skills, with security scanning at registration.
  • Custom entities: admins define their own schema-driven entity types (n8n workflows, policies, prompt templates, model cards, and more); see Custom Entity Types.

Across all of them you get semantic + lexical search, UI, REST, and MCP-native interfaces, and uniform governance. Key features worth calling out:

  • Single authenticated gateway: one entry point; OAuth against your existing IdP (Keycloak, Entra ID, Okta, Auth0, Cognito, PingFederate) with fine-grained scopes.
  • Dynamic tool discovery: agents and coding assistants find tools at runtime by natural-language semantic search, not hard-coded config.
  • Virtual MCP servers: aggregate tools from many backends behind one endpoint, with per-tool access control.
  • Per-user egress auth (3LO): the gateway brokers third-party SaaS credentials so tokens never live on a user's laptop.
  • Security scanning + fail-closed admission gate: every registered server, agent, and skill is scanned; unsafe items are held for review.
  • External-registry federation: pull in Anthropic's MCP Registry, AWS Agent Registry, and peer registries for one unified surface.
  • Audit logging: a full, attributable audit trail of access and admin events, with credential masking, for compliance and incident review.
  • Observability: OpenTelemetry metrics and health monitoring built in.

What's New

  • A2A Reverse-Proxy Mode - Opt in to route agent-to-agent traffic through the gateway the same way MCP servers are proxied: each enabled agent gets authenticated /agent/{path} routes, its real backend stays private (proxy_pass_url), discovery advertises the gateway URL, and every call is gated per-agent with invoke_agent. A2A Guide · Design.
  • Security Hardening Pass (1.26.0) - A broad security-hardening release across the auth, proxy, data, and frontend layers: MongoDB authenticated by default with loopback-bound ports in local Docker Compose, a weak-secret preflight, internal/user token separation, SSRF and CSRF protections, and access-control fixes. See the 1.26.0 release notes.
  • Per-User Egress Auth for Third-Party SaaS MCP Servers (3LO) - Users connect their own GitHub / Slack / Atlassian accounts once; the gateway runs the OAuth flow out of band, vaults the per-user token, and injects it on egress, so third-party tokens never live on the user's laptop. How it works.

Older highlights → Feature & Release Highlights · full per-version detail in the release notes and on the GitHub Releases page.

Roadmap

The roadmap is best tracked on the GitHub Milestones page. At a high level, as of July-August 2026 the big features we're working on are:

  • 3LO, OBO, and CIMD for coding assistants: richer per-user auth flows so coding assistants connect with the least friction across identity providers.
  • Generic routing to any HTTP endpoint: so the gateway can proxy A2A traffic between agents (and skills, and REST endpoints in future) through the same single ingress.
  • Registry Copilot: an embedded agent-builder experience for discovering assets and composing agents from inside the registry.

Have a feature request? Please open a GitHub issue, we build in the open.

Documentation

Full documentation is on the documentation site, and every guide also lives in the docs/ folder. Stuck or have a question? Start with the FAQ / Troubleshooting guide: it covers the most common setup, auth, deployment, and registration issues.

High-traffic pages by audience:

Get started

Platform & security

Architecture & development

Telemetry

The registry collects anonymous, non-sensitive usage telemetry (version, OS, cloud provider, aggregate asset counts) to understand adoption. It is opt-out and on by default; no PII, credentials, endpoints, or model names are ever sent. Disable everything with MCP_TELEMETRY_DISABLED=1. Full schema and privacy guarantees: Telemetry Documentation.

Community

Star History Chart

License

Licensed under the Apache-2.0 License. See LICENSE for details.