Enterprise-Ready Gateway for AI Development Tools
π Get Running Now | Quick Start | Documentation | Enterprise Features | Community
Demo Videos: Full End-to-End Functionality | OAuth 3-Legged Authentication | Dynamic Tool Discovery
The MCP Gateway & Registry is an enterprise-ready platform that centralizes access to AI development tools using the Model Context Protocol (MCP). Instead of managing hundreds of individual tool configurations across your development teams, provide secure, governed access to curated AI tools through a single platform.
Transform this chaos:
β AI agents require separate connections to each MCP server
β Each developer configures VS Code, Cursor, Claude Code individually
β Developers must install and manage MCP servers locally
β No standard authentication flow for enterprise tools
β Scattered API keys and credentials across tools
β No visibility into what tools teams are using
β Security risks from unmanaged tool sprawl
β No dynamic tool discovery for autonomous agents
β No curated tool catalog for multi-tenant environments
Into this organized approach:
β
AI agents connect to one gateway, access multiple MCP servers
β
Single configuration point for VS Code, Cursor, Claude Code
β
Central IT manages cloud-hosted MCP infrastructure via streamable HTTP
β
Developers use standard OAuth 2LO/3LO flows for enterprise MCP servers
β
Centralized credential management with secure vault integration
β
Complete visibility and audit trail for all tool usage
β
Enterprise-grade security with governed tool access
β
Dynamic tool discovery and invocation for autonomous workflows
β
Registry provides discoverable, curated MCP servers for multi-tenant use
βββββββββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββ
β BEFORE: Chaos β β AFTER: MCP Gateway β
βββββββββββββββββββββββββββββββββββββββ€ ββββββββββββββββββββββββββββββββββββββββ€
β β β β
β Developer 1 βββ¬βββΊ MCP Server A β β Developer 1 βββ β
β ββββΊ MCP Server B β β β β
β ββββΊ MCP Server C β β Developer 2 βββΌβββΊ MCP Gateway β
β β β β β β
β Developer 2 βββ¬βββΊ MCP Server A β βββΊ β AI Agent 1 ββββ ββββΊ MCP A β
β ββββΊ MCP Server D β β ββββΊ MCP B β
β ββββΊ MCP Server E β β AI Agent 2 βββββββββββββββββΊ MCP C β
β β β ββββΊ MCP D β
β AI Agent 1 ββββ¬βββΊ MCP Server B β β AI Agent 3 βββββββββββββββββΊ MCP E β
β ββββΊ MCP Server C β β ββββΊ MCP F β
β ββββΊ MCP Server F β β β
β β β Single Connection β
β β Multiple connections per user β β β
One gateway for all β
β β No centralized control β β β
Dynamic discovery β
β β Credential sprawl β β β
Unified governance β
βββββββββββββββββββββββββββββββββββββββ ββββββββββββββββββββββββββββββββββββββββ
Experience dynamic tool discovery and intelligent MCP server integration in real-time
Provide both autonomous AI agents and human developers with secure access to approved tools through AI coding assistants (VS Code, Cursor, Claude Code) while maintaining IT oversight and compliance.
Centralized authentication, fine-grained permissions, and comprehensive audit trails for SOX/GDPR compliance pathways across both human and AI agent access patterns.
AI agents can autonomously discover and execute specialized tools beyond their initial capabilities using intelligent semantic search, while developers get guided tool discovery through their coding assistants.
Single gateway supporting both autonomous AI agents (machine-to-machine) and AI coding assistants (human-guided) with consistent authentication and tool access patterns.
The MCP Gateway & Registry provides a unified platform for both autonomous AI agents and AI coding assistants to access enterprise-curated tools through a centralized gateway with comprehensive authentication and governance.
flowchart TB
subgraph Human_Users["Human Users"]
User1["Human User 1"]
User2["Human User 2"]
UserN["Human User N"]
end
subgraph AI_Agents["AI Agents"]
Agent1["AI Agent 1"]
Agent2["AI Agent 2"]
Agent3["AI Agent 3"]
AgentN["AI Agent N"]
end
subgraph EC2_Gateway["<b>MCP Gateway & Registry</b> (Amazon EC2 Instance)"]
subgraph NGINX["NGINX Reverse Proxy"]
RP["Reverse Proxy Router"]
end
subgraph AuthRegistry["Authentication & Registry Services"]
AuthServer["Auth Server<br/>(Dual Auth)"]
Registry["Registry<br/>Web UI"]
RegistryMCP["Registry<br/>MCP Server"]
end
subgraph LocalMCPServers["Local MCP Servers"]
MCP_Local1["MCP Server 1"]
MCP_Local2["MCP Server 2"]
end
end
%% Identity Provider
IdP[Identity Provider<br/>Keycloak/Cognito]
subgraph EKS_Cluster["Amazon EKS/EC2 Cluster"]
MCP_EKS1["MCP Server 3"]
MCP_EKS2["MCP Server 4"]
end
subgraph APIGW_Lambda["Amazon API Gateway + AWS Lambda"]
API_GW["Amazon API Gateway"]
Lambda1["AWS Lambda Function 1"]
Lambda2["AWS Lambda Function 2"]
end
subgraph External_Systems["External Data Sources & APIs"]
DB1[(Database 1)]
DB2[(Database 2)]
API1["External API 1"]
API2["External API 2"]
API3["External API 3"]
end
%% Connections from Human Users
User1 -->|Web Browser<br>Authentication| IdP
User2 -->|Web Browser<br>Authentication| IdP
UserN -->|Web Browser<br>Authentication| IdP
User1 -->|Web Browser<br>HTTPS| Registry
User2 -->|Web Browser<br>HTTPS| Registry
UserN -->|Web Browser<br>HTTPS| Registry
%% Connections from Agents to Gateway
Agent1 -->|MCP Protocol<br>SSE with Auth| RP
Agent2 -->|MCP Protocol<br>SSE with Auth| RP
Agent3 -->|MCP Protocol<br>Streamable HTTP with Auth| RP
AgentN -->|MCP Protocol<br>Streamable HTTP with Auth| RP
%% Auth flow connections
RP -->|Auth validation| AuthServer
AuthServer -.->|Validate credentials| IdP
Registry -.->|User authentication| IdP
RP -->|Tool discovery| RegistryMCP
RP -->|Web UI access| Registry
%% Connections from Gateway to MCP Servers
RP -->|SSE| MCP_Local1
RP -->|SSE| MCP_Local2
RP -->|SSE| MCP_EKS1
RP -->|SSE| MCP_EKS2
RP -->|Streamable HTTP| API_GW
%% Connections within API GW + Lambda
API_GW --> Lambda1
API_GW --> Lambda2
%% Connections to External Systems
MCP_Local1 -->|Tool Connection| DB1
MCP_Local2 -->|Tool Connection| DB2
MCP_EKS1 -->|Tool Connection| API1
MCP_EKS2 -->|Tool Connection| API2
Lambda1 -->|Tool Connection| API3
%% Style definitions
classDef user fill:#fff9c4,stroke:#f57f17,stroke-width:2px
classDef agent fill:#e1f5fe,stroke:#29b6f6,stroke-width:2px
classDef gateway fill:#e8f5e9,stroke:#66bb6a,stroke-width:2px
classDef nginx fill:#f3e5f5,stroke:#ab47bc,stroke-width:2px
classDef mcpServer fill:#fff3e0,stroke:#ffa726,stroke-width:2px
classDef eks fill:#ede7f6,stroke:#7e57c2,stroke-width:2px
classDef apiGw fill:#fce4ec,stroke:#ec407a,stroke-width:2px
classDef lambda fill:#ffebee,stroke:#ef5350,stroke-width:2px
classDef dataSource fill:#e3f2fd,stroke:#2196f3,stroke-width:2px
%% Apply styles
class User1,User2,UserN user
class Agent1,Agent2,Agent3,AgentN agent
class EC2_Gateway,NGINX gateway
class RP nginx
class AuthServer,Registry,RegistryMCP gateway
class IdP apiGw
class MCP_Local1,MCP_Local2 mcpServer
class EKS_Cluster,MCP_EKS1,MCP_EKS2 eks
class API_GW apiGw
class Lambda1,Lambda2 lambda
class DB1,DB2,API1,API2,API3 dataSource
Key Architectural Benefits:
- Unified Gateway: Single point of access for both AI agents and human developers through coding assistants
- Dual Authentication: Supports both human user authentication and machine-to-machine agent authentication
- Scalable Infrastructure: Nginx reverse proxy with horizontal scaling capabilities
- Multiple Transports: SSE and Streamable HTTP support for different client requirements
- OAuth 2.0/3.0 compliance with IdP integration
- Fine-grained access control at tool and method level
- Zero-trust network architecture
- Complete audit trails and comprehensive analytics for compliance
- Single configuration works across autonomous AI agents and AI coding assistants (VS Code, Cursor, Claude Code, Cline)
- Dynamic tool discovery with natural language queries for both agents and humans
- Instant onboarding for new team members and AI agent deployments
- Unified governance for both AI agents and human developers
- High availability with multi-AZ deployment
- Container-native (Docker/Kubernetes)
- Real-time health monitoring and alerting
- Dual authentication supporting both human and machine authentication
Get running in under 2 minutes with pre-built containers:
Step 1: Clone and setup
git clone https://github.com/agentic-community/mcp-gateway-registry.git
cd mcp-gateway-registry
cp .env.example .envStep 2: Configure environment Complete: Initial Environment Configuration - Configure domains, passwords, and authentication
export DOCKERHUB_ORG=mcpgatewayStep 3: Deploy with pre-built images
./build_and_run.sh --prebuiltStep 4: Initialize Keycloak Complete: Initialize Keycloak Configuration - Set up identity provider and security policies
Step 5: Access the registry
open http://localhost:7860Step 6: Create your first agent Complete: Create Your First AI Agent Account - Create agent credentials for testing
Step 7: Restart auth server to apply new credentials
docker-compose down auth-server && docker-compose rm -f auth-server && docker-compose up -d auth-serverStep 8: Test the setup Complete: Testing with mcp_client.py and agent.py - Validate your setup works correctly
Benefits: No build time β’ No Node.js required β’ No frontend compilation β’ Consistent tested images
New to MCP Gateway? Start with our Complete Setup Guide for detailed step-by-step instructions from scratch on AWS EC2.
Python Scripts:
./mcp_client.py- Core MCP operations (ping, list tools, call tools)./tests/mcp_cmds.sh- Shell-based MCP testing operations
Python Agent:
agents/agent.py- Full-featured Python agent with advanced AI capabilities
Next Steps: Testing Guide | Complete Installation Guide | Authentication Setup | AI Assistant Integration
Transform how both autonomous AI agents and development teams access enterprise tools with centralized governance:
Enterprise-curated MCP servers accessible through unified gateway |
AI assistants executing approved enterprise tools with governance |
Multiple Identity Modes:
- Machine-to-Machine (M2M) - For autonomous AI agents and automated systems
- Three-Legged OAuth (3LO) - For external service integration (Atlassian, Google, GitHub)
- Session-Based - For human developers using AI coding assistants and web interface
Supported Identity Providers:
- Keycloak - Enterprise-grade open-source identity and access management with individual agent audit trails
- Amazon Cognito - Amazon managed identity service
- Any OAuth 2.0 compatible provider
Fine-Grained Permissions:
- Tool-level access control
- Method-level restrictions
- Team-based permissions
- Temporary access grants
Cloud Platforms:
- Amazon EC2 - Single instance or auto-scaling groups
- Amazon EKS - Kubernetes-native microservices deployment
High Availability:
- Multi-AZ deployment with automatic failover
- Health monitoring and alerting
- Rolling updates with zero downtime
- Backup and disaster recovery
- Tag-Based Tool Filtering - Enhanced intelligent_tool_finder now supports filtering tools by server tags for precise categorical discovery alongside semantic search
- π Keycloak Identity Provider Integration - Enterprise-grade authentication with individual AI agent audit trails, group-based authorization, and production-ready service account management. Learn more
- Amazon Bedrock AgentCore Integration - Direct access to AWS services through managed MCP endpoints
- Three-Legged OAuth (3LO) Support - External service integration (Atlassian, Google, GitHub)
- JWT Token Vending Service - Self-service token generation for automation
- Automated Token Refresh Service - Background token refresh to maintain continuous authentication
- Modern React Frontend - Complete UI overhaul with TypeScript and real-time updates
- Dynamic Tool Discovery - AI agents autonomously find and execute specialized tools
- Fine-Grained Access Control - Granular permissions for servers, methods, and individual tools
| Getting Started | Enterprise Setup | Developer & Operations |
|---|---|---|
| Complete Setup Guide NEW! Step-by-step from scratch on AWS EC2 |
Authentication Guide OAuth and identity provider integration |
AI Coding Assistants Setup VS Code, Cursor, Claude Code integration |
| Installation Guide Complete setup instructions for EC2 and EKS |
Keycloak Integration Enterprise identity with agent audit trails |
API Reference Programmatic registry management |
| Quick Start Tutorial Get running in 5 minutes |
Amazon Cognito Setup Step-by-step IdP configuration |
Token Refresh Service Automated token refresh and lifecycle management |
| Configuration Reference Environment variables and settings |
||
| Fine-Grained Access Control Permission management and security |
Dynamic Tool Discovery Autonomous agent capabilities |
|
| Production Deployment Complete setup for production environments |
||
| Troubleshooting Guide Common issues and solutions |
Join the Discussion
- GitHub Discussions - Feature requests and general discussion
- GitHub Issues - Bug reports and feature requests
Resources
- Demo Videos - See the platform in action
Contributing
- Contributing Guide - How to contribute code and documentation
- Code of Conduct - Community guidelines
- Security Policy - Responsible disclosure process
The following GitHub issues represent our current development roadmap and planned features:
Major Features
-
#120 - CLI Tool for MCP Server Registration and Health Validation π§ IN PROGRESS Command-line interface for automated server registration, health checks, and registry management. Streamlines DevOps workflows and CI/CD integration.
-
#38 - Usage Metrics and Analytics System π§ IN PROGRESS Implement comprehensive usage tracking across user and agent identities, with metrics emission from auth server, registry, and intelligent tool finder.
-
#129 - Virtual MCP Server Support - Dynamic Tool Aggregation and Intelligent Routing Enable logical grouping of tools from multiple backend servers with intelligent routing using Lua/JavaScript scripting. Provides purpose-built virtual servers that abstract away backend complexity.
-
#121 - Migrate to OpenSearch for Server Storage and Vector Search Replace current storage with OpenSearch to provide advanced vector search capabilities and improved scalability for large server registries.
-
#119 - Implement Well-Known URL for MCP Server Discovery Standardized discovery mechanism using /.well-known/mcp-servers endpoint for automatic server detection and federation across organizations.
-
#118 - Agent-as-Tool Integration: Dynamic MCP Server Generation Convert existing AI agents into MCP servers dynamically, enabling legacy agent ecosystems to participate in the MCP protocol without code rewrites.
-
#37 - Multi-Level Registry Support Add support for federated registries that can connect to other registries, enabling hierarchical MCP infrastructure with cross-IdP authentication.
-
#39 - Tool Popularity Scoring and Rating System Enhance tool discovery with popularity scores and star ratings based on usage patterns and agent feedback. Depends on #38.
Authentication & Identity
-
#128 - Add Microsoft Entra ID (Azure AD) Authentication Provider π§ IN PROGRESS Extend authentication support beyond Keycloak to include Microsoft Entra ID integration. Enables enterprise SSO for organizations using Azure Active Directory.
-
#18 - Add Token Vending Capability to Auth Server β COMPLETED Auth server token vending capabilities implemented for enhanced authentication workflows with OAuth token management and service account provisioning.
-
#5 - Add Support for KeyCloak as IdP Provider β COMPLETED KeyCloak integration implemented with individual agent audit trails, group-based authorization, and production-ready service account management. Documentation
For the complete list of open issues, feature requests, and bug reports, visit our GitHub Issues page.
This project is licensed under the Apache-2.0 License - see the LICENSE file for details.
β Star this repository if it helps your organization!
![@github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=64&v=4){kind=small}