Archestra — Secure AI Platform (MCP Governance)

Main

• Use the Docker quickstart to validate the core loop first: platform UI up, then register 1 MCP server and prove it runs outside individual laptops.

• Treat governance as the product: define which MCP tools can access which credentials and data paths, and require reviews before adding new servers to the registry.

• Plan for observability from day one: record token/tool usage and keep an audit trail for high-risk MCP tools and prompt-injection scenarios (README links to observability + guardrails docs).

Source-backed notes

• README provides a Docker quickstart with ARCHESTRA_QUICKSTART=true and binds ports 9000 and 3000.
• README positions the platform as a private MCP registry + Kubernetes-native orchestrator for running MCP servers and managing state/API keys/OAuth.
• README lists production readiness notes, including a latency benchmark callout ("45ms at 95p") and references Helm/Terraform deployment docs.

FAQ

• Is this an MCP server or a platform?: A platform: it hosts/governs MCP servers and exposes a user-friendly toolbox around them.
• Do I need Kubernetes on day one?: No — README’s Docker quickstart is the easiest first validation; Kubernetes comes when you scale.
• How do I evaluate security claims?: Start with the guardrails docs linked in README and test with a safe prompt-injection lab before production.