ECC
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
npx ecc-install --profile fullThe agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
npx ecc-install --profile fullFair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
npx n8nAn open-source AI agent that brings the power of Gemini directly into your terminal.
npx @google/gemini-cliUnified Agent & MCP Server Registry – Gateway for AI Development Tools
Get Running Now | Docs | Executive Brief | Slide Deck | Demo Videos | AWS Workshop | Community
The MCP Gateway & Registry is a single, governed control plane for every AI asset in your organization, from MCP servers and AI agents to skills and any custom asset your teams build. It is open source, licensed under Apache 2.0, and runs on Kubernetes (Amazon EKS), fully managed serverless (Amazon ECS), or Docker Compose (Amazon EC2).
It began as a gateway and registry for the Model Context Protocol (MCP): one secure entry point to many MCP servers, with centralized discovery and governance. As teams started registering agents, skills, and other assets alongside their servers, it grew into a general-purpose AI asset registry on the same gateway, access-control, and audit model it started with.
Without a control plane, every team wires its own MCP servers and agents by hand: separate credentials in every dotfile, no shared inventory, no audit trail, and no way to discover or govern what exists. Agents can't find other agents; servers and agents live in separate registries that can't share policy.
This platform replaces that with one governed entry point for every AI asset. Register a server, agent, skill, or custom entity once; discover it by natural-language search; reach it through a single authenticated gateway that enforces access and records every call. One control plane, one access model, one audit trail, across all asset types.
┌─────────────────────────────────────┐ ┌──────────────────────────────────────────────────────┐
│ BEFORE: Chaos │ │ AFTER: MCP Gateway & Registry │
├─────────────────────────────────────┤ ├──────────────────────────────────────────────────────┤
│ │ │ │
│ Developer 1 ──┬──► MCP Server A │ │ Developer 1 ──┐ ┌─ MCP Server A │
│ ├──► MCP Server B │ │ │ ├─ MCP Server B │
│ └──► MCP Server C │ │ Developer 2 ──┼──► MCP Gateway │ │
│ │ │ │ & Registry ───┼─ MCP Server C │
│ Developer 2 ──┬──► MCP Server A │ ──► │ AI Agent 1 ───┘ │ │ │
│ ├──► MCP Server D │ │ │ ├─ AI Agent 1 │
│ └──► MCP Server E │ │ AI Agent 2 ──────────────┤ ├─ AI Agent 2 │
│ │ │ │ │ │
│ AI Agent 1 ───┬──► MCP Server B │ │ AI Agent 3 ──────────────┘ └─ AI Agent 3 │
│ ├──► MCP Server C │ │ │
│ └──► MCP Server F │ │ Single Connection Point │
│ │ │ │
│ ❌ Multiple connections per user │ │ ✅ One gateway for all │
│ ❌ No centralized control │ │ ✅ Unified server & agent access │
│ ❌ Credential sprawl │ │ ✅ Unified governance & audit trails │
└─────────────────────────────────────┘ └──────────────────────────────────────────────────────┘
Onboard third-party OAuth MCP servers, the enterprise way. Because the gateway provides per-user egress authentication, you can connect OAuth-protected SaaS MCP servers such as Slack, Atlassian, and GitHub without every user setting up network access to those services or storing credentials on their laptop. Each user connects their account once; the gateway runs the OAuth (3LO) flow, vaults the per-user token in a secrets manager, and injects it on egress. That collapses onboarding to a single, auditable choke point, so a team can adopt a new SaaS MCP server across the enterprise without per-laptop plumbing or scattered long-lived tokens.
The gateway is the data plane (a generic nginx reverse proxy: TLS, auth validation, routing to backends) and the registry is the control plane (a FastAPI service that owns the inventory, access model, and audit trail, and decides what the gateway may route to). An auth server integrates your identity provider (Keycloak, Entra ID, Okta, Auth0, Cognito, PingFederate) for OAuth2/OIDC, and MongoDB / DocumentDB stores configuration, embeddings, sessions, and audit records.
flowchart LR
Users["Human Users"] -->|HTTPS| GW
Agents["AI Agents"] -->|MCP / auth| GW
Assistants["Coding Assistants"] -->|MCP / OAuth| GW
subgraph GWBOX["MCP Gateway & Registry"]
GW["nginx reverse proxy<br/>(data plane)"] -->|auth_request| Auth["Auth Server"]
GW --> Reg["Registry API + UI<br/>(control plane)"]
end
Auth -.->|validate| IdP["Identity Provider"]
GW -->|routes to| Servers["MCP Servers, Agents, Skills<br/>(anywhere: EKS / ECS / Lambda / SaaS)"]
By default, the registry handles A2A discovery, authentication, and access control, and agents then communicate directly (peer-to-peer) rather than routing every call through the gateway. For the full design and its invariants, read the Theory of the System; for layered diagrams, see Architecture Diagrams.
Watch how MCP servers, A2A agents, and external registries work together for dynamic tool discovery:
https://github.com/user-attachments/assets/97c640db-f78b-4a6c-9662-894f975f66e2
More walkthroughs are in the demo videos.
| You are a... | Start here |
|---|---|
| Developer | Start with the Complete Setup Guide; you can also try the macOS setup skill to get it running on your MacBook. Then connect your AI coding assistant with the AI Coding Assistant Integration guide. For programmatic access, see the OpenAPI spec plus a Python registration client (registry_client.py) and CLI (registry_management.py). |
| Platform / security / ops team | See the deployment guides for Amazon EKS (Helm), Amazon ECS (Terraform), and Docker Compose; the ; the ; and . |
The fastest path is the pre-built Docker images. Clone, set a few secrets, and run:
git clone https://github.com/agentic-community/mcp-gateway-registry.git
cd mcp-gateway-registry
cp .env.example .env
# Edit .env and set the required secrets (e.g. KEYCLOAK_ADMIN_PASSWORD, SECRET_KEY).
# See docs/configuration.md for the full list.
nano .env
# Deploy with pre-built images (pulled from Amazon ECR Public by default)
./build_and_run.sh --prebuilt
# Open the Registry UI (served by nginx on port 80)
open http://localhost # macOS (Linux: xdg-open http://localhost)
The Complete Installation Guide has the full walkthrough for Amazon EC2 (prerequisites, MongoDB and Keycloak initialization, first user and service account, registering a server, and testing the gateway).
Deploying somewhere else?
The registry holds four built-in asset types plus admin-defined custom ones, all on one control plane:
SKILL.md skills, with security scanning at registration.Across all of them you get semantic + lexical search, UI, REST, and MCP-native interfaces, and uniform governance. Key features worth calling out:
Older highlights → Feature & Release Highlights · full per-version detail in the release notes and on the GitHub Releases page.
The roadmap is best tracked on the GitHub Milestones page. At a high level, as of July-August 2026 the big features we're working on are:
Have a feature request? Please open a GitHub issue, we build in the open.
Full documentation is on the documentation site, and every guide also lives in the docs/ folder. Stuck or have a question? Start with the FAQ / Troubleshooting guide: it covers the most common setup, auth, deployment, and registration issues.
High-traffic pages by audience:
Get started
Platform & security
Architecture & development
The registry collects anonymous, non-sensitive usage telemetry (version, OS, cloud provider, aggregate asset counts) to understand adoption. It is opt-out and on by default; no PII, credentials, endpoints, or model names are ever sent. Disable everything with MCP_TELEMETRY_DISABLED=1. Full schema and privacy guarantees: Telemetry Documentation.
Licensed under the Apache-2.0 License. See LICENSE for details.
| Decision-maker evaluating adoption | Read the Executive Brief, watch the demo videos, and try the AWS Workshop. |