Enterprise-Ready Gateway for AI Development Tools
Quick Start | Documentation | Enterprise Features | Community
Demo Videos: Full End-to-End Functionality | OAuth 3-Legged Authentication | Dynamic Tool Discovery
The MCP Gateway & Registry is an enterprise-ready platform that centralizes access to AI development tools using the Model Context Protocol (MCP). Instead of managing hundreds of individual tool configurations across your development teams, provide secure, governed access to curated AI tools through a single platform.
Transform this chaos:
❌ AI agents require separate connections to each MCP server
❌ Each developer configures VS Code, Cursor, Claude Code individually
❌ Developers must install and manage MCP servers locally
❌ No standard authentication flow for enterprise tools
❌ Scattered API keys and credentials across tools
❌ No visibility into what tools teams are using
❌ Security risks from unmanaged tool sprawl
❌ No dynamic tool discovery for autonomous agents
❌ No curated tool catalog for multi-tenant environments
Into this organized approach:
✅ AI agents connect to one gateway, access multiple MCP servers
✅ Single configuration point for VS Code, Cursor, Claude Code
✅ Central IT manages cloud-hosted MCP infrastructure via streamable HTTP
✅ Developers use standard OAuth 2LO/3LO flows for enterprise MCP servers
✅ Centralized credential management with secure vault integration
✅ Complete visibility and audit trail for all tool usage
✅ Enterprise-grade security with governed tool access
✅ Dynamic tool discovery and invocation for autonomous workflows
✅ Registry provides discoverable, curated MCP servers for multi-tenant use
┌─────────────────────────────────────┐ ┌──────────────────────────────────────┐
│ BEFORE: Chaos │ │ AFTER: MCP Gateway │
├─────────────────────────────────────┤ ├──────────────────────────────────────┤
│ │ │ │
│ Developer 1 ──┬──► MCP Server A │ │ Developer 1 ──┐ │
│ ├──► MCP Server B │ │ │ │
│ └──► MCP Server C │ │ Developer 2 ──┼──► MCP Gateway │
│ │ │ │ │ │
│ Developer 2 ──┬──► MCP Server A │ ──► │ AI Agent 1 ───┘ ├──► MCP A │
│ ├──► MCP Server D │ │ ├──► MCP B │
│ └──► MCP Server E │ │ AI Agent 2 ─────────────├──► MCP C │
│ │ │ ├──► MCP D │
│ AI Agent 1 ───┬──► MCP Server B │ │ AI Agent 3 ─────────────├──► MCP E │
│ ├──► MCP Server C │ │ └──► MCP F │
│ └──► MCP Server F │ │ │
│ │ │ Single Connection │
│ ❌ Multiple connections per user │ │ ✅ One gateway for all │
│ ❌ No centralized control │ │ ✅ Dynamic discovery │
│ ❌ Credential sprawl │ │ ✅ Unified governance │
└─────────────────────────────────────┘ └──────────────────────────────────────┘
Experience dynamic tool discovery and intelligent MCP server integration in real-time
Provide both autonomous AI agents and human developers with secure access to approved tools through AI coding assistants (VS Code, Cursor, Claude Code) while maintaining IT oversight and compliance.
Centralized authentication, fine-grained permissions, and comprehensive audit trails for SOX/GDPR compliance pathways across both human and AI agent access patterns.
AI agents can autonomously discover and execute specialized tools beyond their initial capabilities using intelligent semantic search, while developers get guided tool discovery through their coding assistants.
Single gateway supporting both autonomous AI agents (machine-to-machine) and AI coding assistants (human-guided) with consistent authentication and tool access patterns.
The MCP Gateway & Registry provides a unified platform for both autonomous AI agents and AI coding assistants to access enterprise-curated tools through a centralized gateway with comprehensive authentication and governance.
flowchart TB
subgraph Human_Users["Human Users"]
User1["Human User 1"]
User2["Human User 2"]
UserN["Human User N"]
end
subgraph AI_Agents["AI Agents"]
Agent1["AI Agent 1"]
Agent2["AI Agent 2"]
Agent3["AI Agent 3"]
AgentN["AI Agent N"]
end
subgraph EC2_Gateway["<b>MCP Gateway & Registry</b> (Amazon EC2 Instance)"]
subgraph NGINX["NGINX Reverse Proxy"]
RP["Reverse Proxy Router"]
end
subgraph AuthRegistry["Authentication & Registry Services"]
AuthServer["Auth Server<br/>(Dual Auth)"]
Registry["Registry<br/>Web UI"]
RegistryMCP["Registry<br/>MCP Server"]
end
subgraph LocalMCPServers["Local MCP Servers"]
MCP_Local1["MCP Server 1"]
MCP_Local2["MCP Server 2"]
end
end
%% Identity Provider
IdP[Identity Provider<br/>Amazon Cognito]
subgraph EKS_Cluster["Amazon EKS/EC2 Cluster"]
MCP_EKS1["MCP Server 3"]
MCP_EKS2["MCP Server 4"]
end
subgraph APIGW_Lambda["Amazon API Gateway + AWS Lambda"]
API_GW["Amazon API Gateway"]
Lambda1["AWS Lambda Function 1"]
Lambda2["AWS Lambda Function 2"]
end
subgraph External_Systems["External Data Sources & APIs"]
DB1[(Database 1)]
DB2[(Database 2)]
API1["External API 1"]
API2["External API 2"]
API3["External API 3"]
end
%% Connections from Human Users
User1 -->|Web Browser<br>Authentication| IdP
User2 -->|Web Browser<br>Authentication| IdP
UserN -->|Web Browser<br>Authentication| IdP
User1 -->|Web Browser<br>HTTPS| Registry
User2 -->|Web Browser<br>HTTPS| Registry
UserN -->|Web Browser<br>HTTPS| Registry
%% Connections from Agents to Gateway
Agent1 -->|MCP Protocol<br>SSE with Auth| RP
Agent2 -->|MCP Protocol<br>SSE with Auth| RP
Agent3 -->|MCP Protocol<br>Streamable HTTP with Auth| RP
AgentN -->|MCP Protocol<br>Streamable HTTP with Auth| RP
%% Auth flow connections
RP -->|Auth validation| AuthServer
AuthServer -.->|Validate credentials| IdP
Registry -.->|User authentication| IdP
RP -->|Tool discovery| RegistryMCP
RP -->|Web UI access| Registry
%% Connections from Gateway to MCP Servers
RP -->|SSE| MCP_Local1
RP -->|SSE| MCP_Local2
RP -->|SSE| MCP_EKS1
RP -->|SSE| MCP_EKS2
RP -->|Streamable HTTP| API_GW
%% Connections within API GW + Lambda
API_GW --> Lambda1
API_GW --> Lambda2
%% Connections to External Systems
MCP_Local1 -->|Tool Connection| DB1
MCP_Local2 -->|Tool Connection| DB2
MCP_EKS1 -->|Tool Connection| API1
MCP_EKS2 -->|Tool Connection| API2
Lambda1 -->|Tool Connection| API3
%% Style definitions
classDef user fill:#fff9c4,stroke:#f57f17,stroke-width:2px
classDef agent fill:#e1f5fe,stroke:#29b6f6,stroke-width:2px
classDef gateway fill:#e8f5e9,stroke:#66bb6a,stroke-width:2px
classDef nginx fill:#f3e5f5,stroke:#ab47bc,stroke-width:2px
classDef mcpServer fill:#fff3e0,stroke:#ffa726,stroke-width:2px
classDef eks fill:#ede7f6,stroke:#7e57c2,stroke-width:2px
classDef apiGw fill:#fce4ec,stroke:#ec407a,stroke-width:2px
classDef lambda fill:#ffebee,stroke:#ef5350,stroke-width:2px
classDef dataSource fill:#e3f2fd,stroke:#2196f3,stroke-width:2px
%% Apply styles
class User1,User2,UserN user
class Agent1,Agent2,Agent3,AgentN agent
class EC2_Gateway,NGINX gateway
class RP nginx
class AuthServer,Registry,RegistryMCP gateway
class IdP apiGw
class MCP_Local1,MCP_Local2 mcpServer
class EKS_Cluster,MCP_EKS1,MCP_EKS2 eks
class API_GW apiGw
class Lambda1,Lambda2 lambda
class DB1,DB2,API1,API2,API3 dataSource
Key Architectural Benefits:
- Unified Gateway: Single point of access for both AI agents and human developers through coding assistants
- Dual Authentication: Supports both human user authentication and machine-to-machine agent authentication
- Scalable Infrastructure: Nginx reverse proxy with horizontal scaling capabilities
- Multiple Transports: SSE and Streamable HTTP support for different client requirements
- OAuth 2.0/3.0 compliance with IdP integration
- Fine-grained access control at tool and method level
- Zero-trust network architecture
- Complete audit trails and comprehensive analytics for compliance
- Single configuration works across autonomous AI agents and AI coding assistants (VS Code, Cursor, Claude Code, Cline)
- Dynamic tool discovery with natural language queries for both agents and humans
- Instant onboarding for new team members and AI agent deployments
- Unified governance for both AI agents and human developers
- High availability with multi-AZ deployment
- Container-native (Docker/Kubernetes)
- Real-time health monitoring and alerting
- Dual authentication supporting both human and machine authentication
Important: Before proceeding, ensure you have satisfied all prerequisites including Docker, AWS account setup, and Amazon Cognito configuration.
Get up and running in 5 minutes with Docker Compose:
# Clone the repository
git clone https://github.com/agentic-community/mcp-gateway-registry.git
cd mcp-gateway-registry
# Configure environment
cp .env.example .env
# Edit .env with your Cognito credentials
# Generate authentication credentials
./credentials-provider/generate_creds.sh
# Deploy with Docker Compose
./build_and_run.sh
# Access the registry
open http://localhost:7860That's it! Your enterprise MCP gateway is now running.
➡️ Next Steps: Complete Installation Guide | Authentication Setup | AI Assistant Integration
Transform how both autonomous AI agents and development teams access enterprise tools with centralized governance:
Enterprise-curated MCP servers accessible through unified gateway |
AI assistants executing approved enterprise tools with governance |
Multiple Identity Modes:
- Machine-to-Machine (M2M) - For autonomous AI agents and automated systems
- Three-Legged OAuth (3LO) - For external service integration (Atlassian, Google, GitHub)
- Session-Based - For human developers using AI coding assistants and web interface
Supported Identity Providers:
- Amazon Cognito (Primary)
- Any OAuth 2.0 compatible provider
Fine-Grained Permissions:
- Tool-level access control
- Method-level restrictions
- Team-based permissions
- Temporary access grants
Cloud Platforms:
- Amazon EC2 - Single instance or auto-scaling groups
- Amazon EKS - Kubernetes-native microservices deployment
High Availability:
- Multi-AZ deployment with automatic failover
- Health monitoring and alerting
- Rolling updates with zero downtime
- Backup and disaster recovery
- Amazon Bedrock AgentCore Integration - Direct access to AWS services through managed MCP endpoints
- Three-Legged OAuth (3LO) Support - External service integration (Atlassian, Google, GitHub)
- JWT Token Vending Service - Self-service token generation for automation
- Modern React Frontend - Complete UI overhaul with TypeScript and real-time updates
- Dynamic Tool Discovery - AI agents autonomously find and execute specialized tools
- Fine-Grained Access Control - Granular permissions for servers, methods, and individual tools
| Getting Started | Enterprise Setup | Developer & Operations |
|---|---|---|
| Installation Guide Complete setup instructions for EC2 and EKS |
Authentication Guide OAuth and identity provider integration |
AI Coding Assistants Setup VS Code, Cursor, Claude Code integration |
| Quick Start Tutorial Get running in 5 minutes |
Amazon Cognito Setup Step-by-step IdP configuration |
API Reference Programmatic registry management |
| Configuration Reference Environment variables and settings |
Fine-Grained Access Control Permission management and security |
Dynamic Tool Discovery Autonomous agent capabilities |
| Production Deployment Complete setup for production environments |
||
| Troubleshooting Guide Common issues and solutions |
Join the Discussion
- GitHub Discussions - Feature requests and general discussion
- GitHub Issues - Bug reports and feature requests
Resources
- Demo Videos - See the platform in action
Contributing
- Contributing Guide - How to contribute code and documentation
- Code of Conduct - Community guidelines
- Security Policy - Responsible disclosure process
The following GitHub issues represent our current development roadmap and planned features:
Major Features
-
#37 - Multi-Level Registry Support Add support for federated registries that can connect to other registries, enabling hierarchical MCP infrastructure with cross-IdP authentication.
-
#38 - Usage Metrics and Analytics System Implement comprehensive usage tracking across user and agent identities, with metrics emission from auth server, registry, and intelligent tool finder.
-
#39 - Tool Popularity Scoring and Rating System Enhance tool discovery with popularity scores and star ratings based on usage patterns and agent feedback. Depends on #38.
Authentication & Identity
-
#18 - Add Token Vending Capability to Auth Server Extend the auth server to provide token vending capabilities for enhanced authentication workflows.
-
#5 - Add Support for KeyCloak as IdP Provider Add KeyCloak integration as an alternative Identity Provider alongside Amazon Cognito.
For the complete list of open issues, feature requests, and bug reports, visit our GitHub Issues page.
This project is licensed under the Apache-2.0 License - see the LICENSE file for details.
⭐ Star this repository if it helps your organization!
