# MCP Gateway & Registry — Team Tool Control > MCP Gateway & Registry centralizes MCP servers and agent tools with auth, search, and audit, so teams can manage integrations and scan servers before use. ## Install Merge the JSON below into your `.mcp.json`: ## Quick Use ```bash git clone https://github.com/agentic-community/mcp-gateway-registry.git cd mcp-gateway-registry cp .env.example .env export DOCKERHUB_ORG=mcpgateway ./build_and_run.sh --prebuilt ``` Open `http://localhost:7860` (Registry UI). ## Intro MCP Gateway & Registry centralizes MCP servers and agent tools with auth, search, and audit, so teams can manage integrations and scan servers before use. - **Best for:** teams that want a governed registry for MCP servers with auth, scanning, and audit trails - **Works with:** Docker/Podman; registry UI + APIs; integrates with AI coding assistants and MCP clients (per README) - **Setup time:** 20–60 minutes ## Practical Notes - Per README: semantic search endpoint `POST /api/search/semantic` returns relevance-scored matches across servers, tools, and agents. - Per README: supports telemetry with opt-out via `MCP_TELEMETRY_DISABLED=1` (privacy-first, no PII per doc). - Use it as a policy point: enforce auth, rate limits, and security scans before agents can use a server. ## Main A pragmatic governance model: 1. **Inventory everything.** Register MCP servers with owners, environments, and trust levels. 2. **Make “approved” explicit.** Don’t let agents discover arbitrary remote servers; gate by policy. 3. **Scan + monitor.** Run scheduled scans and health checks; disable servers that regress. 4. **Keep audit trails.** When an incident happens, you need to know which agent used which tool, when, and with what auth. If you already run Keycloak/SSO, align identities so human and machine auth are consistent across the registry and your internal services. ### FAQ **Q: Do I need Kubernetes?** A: No—README includes quick start with prebuilt images (Docker/Podman). Kubernetes is optional for production scaling. **Q: What should I store as metadata?** A: Owner, environment, data sensitivity, allowed tools, and any compliance flags (HIPAA/PCI) you care about. **Q: How do I prevent tool sprawl?** A: Centralize discovery in the registry, require ownership, and periodically prune unused or risky servers. ## Source & Thanks > Source: https://github.com/agentic-community/mcp-gateway-registry > License: Apache-2.0 > GitHub stars: 644 · forks: 166 --- ## 快速使用 ```bash git clone https://github.com/agentic-community/mcp-gateway-registry.git cd mcp-gateway-registry cp .env.example .env export DOCKERHUB_ORG=mcpgateway ./build_and_run.sh --prebuilt ``` 打开 `http://localhost:7860`(Registry UI)。 ## 简介 MCP Gateway & Registry 用统一注册表管理 MCP servers 与 agent 工具:提供认证、语义搜索、审计与健康监控,还能在注册时做安全扫描,适合团队治理与合规。 - **适合谁:** 需要对 MCP servers 做统一治理(认证、扫描、审计)的团队 - **可搭配:** Docker/Podman;注册表 UI + APIs;可与 AI coding assistants / MCP clients 集成(见 README) - **准备时间:** 20–60 分钟 ## 实战建议 - README:语义搜索 `POST /api/search/semantic` 可跨 server/tool/agent 返回相关性结果。 - README:提供匿名遥测;可用 `MCP_TELEMETRY_DISABLED=1` 关闭(文档称不发 PII)。 - 把它当策略入口:在 agent 使用前统一做认证、限流与安全扫描。 ## 主要内容 更务实的治理方式: 1. **先做资产盘点。** 给每个 MCP server 标注 owner、环境、信任等级。 2. **把“已批准”显式化。** 不要让 agent 随机发现远程 server;用策略做准入。 3. **扫描 + 监控。** 定时扫描与健康检查;出现回归就禁用或降级。 4. **保留审计链路。** 发生事故时,你需要知道哪个 agent 在什么时间用什么权限调用了什么工具。 如果你已有 Keycloak/SSO,建议统一身份体系,让人和机器的认证策略在注册表与内网服务一致。 ### FAQ **必须上 Kubernetes 吗?** 答:不必须。README 的 quick start 用 prebuilt images(Docker/Podman);K8s 可选用于生产扩展。 **元数据应该记录什么?** 答:owner、环境、数据敏感级别、允许的工具集合,以及你关心的合规标记。 **怎么避免工具泛滥?** 答:把发现入口集中到注册表,强制 owner 责任,并周期性清理长期不用或高风险 server。 ## 来源与感谢 > Source: https://github.com/agentic-community/mcp-gateway-registry > License: Apache-2.0 > GitHub stars: 644 · forks: 166 --- Source: https://tokrepo.com/en/workflows/mcp-gateway-registry-team-tool-control Author: MCP Hub