[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-agentic-community--mcp-gateway-registry":3,"tool-agentic-community--mcp-gateway-registry":62},[4,18,26,36,46,54],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手，旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚，能够直接接入你日常使用的各类通讯渠道，包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息，OpenClaw 都能即时响应，甚至支持在 macOS、iOS 和 Android 设备上进行语音交互，并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地，用户无需依赖云端服务即可享受快速、私密的智能辅助，真正实现了“你的数据，你做主”。其独特的技术亮点在于强大的网关架构，将控制平面与核心助手分离，确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者，以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力（支持 macOS、Linux 及 Windows WSL2），即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[13,14,15,16],"Agent","开发框架","图像","数据工具","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":10,"last_commit_at":24,"category_tags":25,"status":17},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面，旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点，将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师，还是想要深入探索模型潜力的开发者与研究人员，都能从中获益。其核心亮点在于极高的功能丰富度：不仅支持文生图、图生图、局部重绘（Inpainting）和外绘（Outpainting）等基础模式，还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外，它内置了 GFPGAN 和 CodeFormer 等人脸修复工具，支持多种神经网络放大算法，并允许用户通过插件系统无限扩展能力。即使是显存有限的设备，stable-diffusion-webui 也提供了相应的优化选项，让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[14,15,13],{"id":27,"name":28,"github_repo":29,"description_zh":30,"stars":31,"difficulty_score":32,"last_commit_at":33,"category_tags":34,"status":17},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手（如 Claude Code、Codex、Cursor 等）打造的高性能优化系统。它不仅仅是一组配置文件，而是一个经过长期实战打磨的完整框架，旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能，everything-claude-code 能显著提升 AI 在复杂任务中的表现，帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略，使得模型响应更快、成本更低，同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库，还是需要 AI 协助进行安全审计与自动化测试，everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目，它融合了多语言支持与丰富的实战钩子（hooks），让 AI 真正成长为懂上",158594,2,"2026-04-16T23:34:05",[14,13,35],"语言模型",{"id":37,"name":38,"github_repo":39,"description_zh":40,"stars":41,"difficulty_score":42,"last_commit_at":43,"category_tags":44,"status":17},8272,"opencode","anomalyco\u002Fopencode","OpenCode 是一款开源的 AI 编程助手（Coding Agent），旨在像一位智能搭档一样融入您的开发流程。它不仅仅是一个代码补全插件，而是一个能够理解项目上下文、自主规划任务并执行复杂编码操作的智能体。无论是生成全新功能、重构现有代码，还是排查难以定位的 Bug，OpenCode 都能通过自然语言交互高效完成，显著减少开发者在重复性劳动和上下文切换上的时间消耗。\n\n这款工具专为软件开发者、工程师及技术研究人员设计，特别适合希望利用大模型能力来提升编码效率、加速原型开发或处理遗留代码维护的专业人群。其核心亮点在于完全开源的架构，这意味着用户可以审查代码逻辑、自定义行为策略，甚至私有化部署以保障数据安全，彻底打破了传统闭源 AI 助手的“黑盒”限制。\n\n在技术体验上，OpenCode 提供了灵活的终端界面（Terminal UI）和正在测试中的桌面应用程序，支持 macOS、Windows 及 Linux 全平台。它兼容多种包管理工具，安装便捷，并能无缝集成到现有的开发环境中。无论您是追求极致控制权的资深极客，还是渴望提升产出的独立开发者，OpenCode 都提供了一个透明、可信",144296,1,"2026-04-16T14:50:03",[13,45],"插件",{"id":47,"name":48,"github_repo":49,"description_zh":50,"stars":51,"difficulty_score":32,"last_commit_at":52,"category_tags":53,"status":17},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎，专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式，采用直观的节点式流程图界面，让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景，也能自由组合模型、调整参数并实时预览效果，轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性，不仅支持 Windows、macOS 和 Linux 全平台，还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构，并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者，还是追求极致创作自由度的设计师与资深 AI 绘画爱好者，ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能，使其成为当前最灵活、生态最丰富的开源扩散模型工具之一，帮助用户将创意高效转化为现实。",108322,"2026-04-10T11:39:34",[14,15,13],{"id":55,"name":56,"github_repo":57,"description_zh":58,"stars":59,"difficulty_score":32,"last_commit_at":60,"category_tags":61,"status":17},6121,"gemini-cli","google-gemini\u002Fgemini-cli","gemini-cli 是一款由谷歌推出的开源 AI 命令行工具，它将强大的 Gemini 大模型能力直接集成到用户的终端环境中。对于习惯在命令行工作的开发者而言，它提供了一条从输入提示词到获取模型响应的最短路径，无需切换窗口即可享受智能辅助。\n\n这款工具主要解决了开发过程中频繁上下文切换的痛点，让用户能在熟悉的终端界面内直接完成代码理解、生成、调试以及自动化运维任务。无论是查询大型代码库、根据草图生成应用，还是执行复杂的 Git 操作，gemini-cli 都能通过自然语言指令高效处理。\n\n它特别适合广大软件工程师、DevOps 人员及技术研究人员使用。其核心亮点包括支持高达 100 万 token 的超长上下文窗口，具备出色的逻辑推理能力；内置 Google 搜索、文件操作及 Shell 命令执行等实用工具；更独特的是，它支持 MCP（模型上下文协议），允许用户灵活扩展自定义集成，连接如图像生成等外部能力。此外，个人谷歌账号即可享受免费的额度支持，且项目基于 Apache 2.0 协议完全开源，是提升终端工作效率的理想助手。",100752,"2026-04-10T01:20:03",[45,13,15,14],{"id":63,"github_repo":64,"name":65,"description_en":66,"description_zh":67,"ai_summary_zh":67,"readme_en":68,"readme_zh":69,"quickstart_zh":70,"use_case_zh":71,"hero_image_url":72,"owner_login":73,"owner_name":73,"owner_avatar_url":74,"owner_bio":75,"owner_company":76,"owner_location":76,"owner_email":76,"owner_twitter":76,"owner_website":76,"owner_url":77,"languages":78,"stars":117,"forks":118,"last_commit_at":119,"license":120,"difficulty_score":121,"env_os":122,"env_gpu":123,"env_ram":123,"env_deps":124,"category_tags":131,"github_topics":132,"view_count":32,"oss_zip_url":76,"oss_zip_packed_at":76,"status":17,"created_at":152,"updated_at":153,"faqs":154,"releases":183},8172,"agentic-community\u002Fmcp-gateway-registry","mcp-gateway-registry","Enterprise-ready MCP Gateway & Registry that centralizes AI development tools with secure OAuth authentication, dynamic tool discovery, and unified access for both autonomous AI agents and AI coding assistants. Transform scattered MCP server chaos into governed, auditable tool access with Keycloak\u002FEntra integration.","mcp-gateway-registry 是一个专为企业级 AI 开发设计的统一网关与注册中心，旨在集中管理基于模型上下文协议（MCP）的工具服务器和智能体。它充当了连接自主 AI 智能体与编程助手的枢纽，让分散的开发资源得以有序整合。\n\n在复杂的 AI 开发场景中，团队常面临工具配置零散、认证标准不一、密钥管理混乱以及缺乏统一监控等痛点。mcp-gateway-registry 有效解决了这些问题，它将原本杂乱无章的 MCP 服务器连接转化为可治理、可审计的统一访问入口，消除了开发者重复配置本地环境的负担，并杜绝了凭证散落带来的安全风险。\n\n这款工具特别适合企业级 AI 研发团队、DevOps 工程师以及需要协调多个智能体协作的技术管理者使用。其核心技术亮点在于集成了 Keycloak 或 Microsoft Entra 等企业级身份验证系统，提供安全的 OAuth 认证机制；同时支持动态工具发现功能，让智能体能自动感知可用资源。此外，它还原生支持 A2A（智能体对智能体）通信协议，不仅实现了工具的集中管控，更促进了智能体之间的高效协作与编排，是构建规范化 AI 基础设施的理想选择。","\u003Cdiv align=\"center\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_7a96eab3b4e4.png\" alt=\"MCP Gateway & Registry Logo\" width=\"100%\">\n\n**Unified Agent & MCP Server Registry – Gateway for AI Development Tools**\n\n[![GitHub stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat&logo=github)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fstargazers)\n[![GitHub forks](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fforks\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat&logo=github)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fnetwork)\n[![GitHub issues](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat&logo=github)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flicense\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fblob\u002Fmain\u002FLICENSE)\n[![GitHub release](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat&logo=github)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Freleases)\n\n[🚀 Get Running Now](#option-a-pre-built-images-instant-setup) | [macOS Setup Skill](.claude\u002Fskills\u002Fmacos-setup\u002FSKILL.md) | [AWS Workshop Studio](https:\u002F\u002Fcatalog.us-east-1.prod.workshops.aws\u002Fworkshops\u002F0c3265a6-1a4a-467b-ae56-e4d019184b0e\u002Fen-US) | [AWS Deployment](terraform\u002Faws-ecs\u002FREADME.md) | [Quick Start](#quick-start) | [Documentation](docs\u002F) | [Community](#community)\n\n**Demo Videos:** 🎥 [AWS Show & Tell](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=dk0qVukHLGU) | ⭐ [MCP Registry CLI Demo](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F98200866-e8bd-4ac3-bad6-c6d42b261dbe) | [Full End-to-End Functionality](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F5ffd8e81-8885-4412-a4d4-3339bbdba4fb) | [OAuth 3-Legged Authentication](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F3c3a570b-29e6-4dd3-b213-4175884396cc) | [Dynamic Tool Discovery](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fcee25b31-61e4-4089-918c-c3757f84518c) | [Agent Skills](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F5d1f227a-25f8-480d-9ff9-acba2498844b) | [Virtual MCP Servers](https:\u002F\u002Fapp.vidcast.io\u002Fshare\u002F954e6296-f217-4559-8d86-88cec25af763) | [Slide Deck](docs\u002Fslides\u002Fmcp-gateway-registry-presentation.pdf)\n\n\u003C\u002Fdiv>\n\n---\n\n## What is MCP Gateway & Registry?\n\nThe **MCP Gateway & Registry** is a unified platform designed for centralizing access to both MCP Servers and AI Agents using the [Model Context Protocol (MCP)](https:\u002F\u002Fmodelcontextprotocol.io\u002Fintroduction). It serves three core functions:\n\n1. **Unified MCP Server Gateway** – Centralized access point for multiple MCP servers\n2. **MCP Servers Registry** – Register, discover, and manage access to MCP servers with unified governance\n3. **Agent Registry & A2A Communication Hub** – Agent registration, discovery, governance, and direct agent-to-agent communication through the [A2A (Agent-to-Agent) Protocol](https:\u002F\u002Fa2a-protocol.org\u002Flatest\u002Fspecification\u002F)\n\nThe platform integrates with external registries such as Anthropic's MCP Registry (and more to come), providing a single control plane for both tool access, agent orchestration, and agent-to-agent communication patterns.\n\n**Why unified?** Instead of managing hundreds of individual MCP server configurations, agent connections, and separate governance systems across your development teams, this platform provides secure, governed access to curated MCP servers and registered agents through a single, unified control plane.\n\n**Transform this chaos:**\n```\n❌ AI agents require separate connections to each MCP server\n❌ Each developer configures VS Code, Cursor, Claude Code individually\n❌ Developers must install and manage MCP servers locally\n❌ No standard authentication flow for enterprise tools\n❌ Scattered API keys and credentials across tools\n❌ No visibility into what tools teams are using\n❌ Security risks from unmanaged tool sprawl\n❌ No dynamic tool discovery for autonomous agents\n❌ No curated tool catalog for multi-tenant environments\n❌ A2A provides agent cards but no way for agents to discover other agents\n❌ Maintaining separate MCP server and agent registries is a non-starter for governance\n❌ Impossible to maintain unified policies across server and agent access\n```\n\n**Into this organized approach:**\n```\n✅ AI agents connect to one gateway, access multiple MCP servers\n✅ Single configuration point for VS Code, Cursor, Claude Code\n✅ Central IT manages cloud-hosted MCP infrastructure via streamable HTTP\n✅ Developers use standard OAuth 2LO\u002F3LO flows for enterprise MCP servers\n✅ Centralized credential management with secure vault integration\n✅ Complete visibility and audit trail for all tool usage\n✅ Security features with governed tool access\n✅ Dynamic tool discovery and invocation for autonomous workflows\n✅ Registry provides discoverable, curated MCP servers for multi-tenant use\n✅ Agents can discover and communicate with other agents through unified Agent Registry\n✅ Single control plane for both MCP servers and agent governance\n✅ Unified policies and audit trails for both server and agent access\n```\n\n```\n┌─────────────────────────────────────┐     ┌──────────────────────────────────────────────────────┐\n│          BEFORE: Chaos              │     │    AFTER: MCP Gateway & Registry                     │\n├─────────────────────────────────────┤     ├──────────────────────────────────────────────────────┤\n│                                     │     │                                                      │\n│  Developer 1 ──┬──► MCP Server A    │     │  Developer 1 ──┐                  ┌─ MCP Server A    │\n│                ├──► MCP Server B    │     │                │                  ├─ MCP Server B    │\n│                └──► MCP Server C    │     │  Developer 2 ──┼──► MCP Gateway   │                  │\n│                                     │     │                │    & Registry ───┼─ MCP Server C    │\n│  Developer 2 ──┬──► MCP Server A    │ ──► │  AI Agent 1 ───┘         │        │                  │\n│                ├──► MCP Server D    │     │                          │        ├─ AI Agent 1      │\n│                └──► MCP Server E    │     │  AI Agent 2 ──────────────┤        ├─ AI Agent 2     │\n│                                     │     │                          │        │                  │\n│  AI Agent 1 ───┬──► MCP Server B    │     │  AI Agent 3 ──────────────┘        └─ AI Agent 3     │\n│                ├──► MCP Server C    │     │                                                      │\n│                └──► MCP Server F    │     │              Single Connection Point                 │\n│                                     │     │                                                      │\n│  ❌ Multiple connections per user  │     │         ✅ One gateway for all                      │\n│  ❌ No centralized control         │     │         ✅ Unified server & agent access            │\n│  ❌ Credential sprawl              │     │         ✅ Unified governance & audit trails        │\n└─────────────────────────────────────┘     └──────────────────────────────────────────────────────┘\n```\n\n> **Note on Agent-to-Agent Communication:** AI Agents discover other AI Agents through the unified Agent Registry and communicate with them **directly** (peer-to-peer) without routing through the MCP Gateway. The Registry handles discovery, authentication, and access control, while agents maintain direct connections for efficient, low-latency communication.\n\n## Unified Agent & Server Registry\n\nThis platform serves as a comprehensive, unified registry supporting:\n\n- ✅ **MCP Server Registration & Discovery** – Register, discover, and manage access to MCP servers\n- ✅ **AI Agent Registration & Discovery** – Register agents and enable them to discover other agents\n- ✅ **Agent-to-Agent (A2A) Communication** – Direct agent-to-agent communication patterns using the A2A protocol\n- ✅ **Multi-Protocol Support** – Support for various agent communication protocols and patterns\n- ✅ **Unified Governance** – Single policy and access control system for both agents and servers\n- ✅ **Cross-Protocol Agent Discovery** – Agents can discover each other regardless of implementation\n- ✅ **Integrated External Registries** – Connect with Anthropic's MCP Registry and other external sources\n- ✅ **Agent Cards & Metadata** – Rich metadata for agent capabilities, skills, and authentication schemes\n\nKey distinction: **Unlike separate point solutions, this unified registry eliminates the need to maintain separate MCP server and agent systems**, providing a single control plane for agent orchestration, MCP server access, and agent-to-agent communication.\n\n## MCP Servers, Agents and Skills Registry\n\nWatch how MCP Servers, A2A Agents, and External Registries work together for dynamic tool discovery:\n\nhttps:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F97c640db-f78b-4a6c-9662-894f975f66e2\n\n---\n\n## MCP Tools in Action\n\n[View MCP Tools Demo](docs\u002Fimg\u002FMCP_tools.gif)\n\n---\n\n## MCP Registry CLI\n\nInteractive terminal interface for chatting with AI models and discovering MCP tools in natural language. Talk to the registry using a Claude Code-like conversational interface with real-time token status, cost tracking, and AI model selection.\n\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_00dc087c4e4b.png\" alt=\"MCP Registry CLI Screenshot\" width=\"800\"\u002F>\n\u003C\u002Fdiv>\n\n**Quick Start:** `registry --url https:\u002F\u002Fmcpgateway.ddns.net` | [Full Guide](docs\u002Fmcp-registry-cli.md)\n\n---\n\n## What's New\n\n- **AWS Agent Registry Federation** - Federate MCP servers, A2A agents, and agent skills from [AWS Agent Registry](https:\u002F\u002Fdocs.aws.amazon.com\u002Fbedrock-agentcore\u002Flatest\u002Fdevguide\u002Fregistry.html) into MCP Gateway Registry. Add multiple AgentCore registries (same or different AWS accounts\u002Fregions), select which descriptor types to sync (MCP, A2A, CUSTOM, AGENT_SKILLS), and manage everything from the External Registries settings page. Supports cross-account access via IAM role assumption, cascade cleanup on registry removal, and automatic sync on startup. Enable with a single environment variable (`AWS_REGISTRY_FEDERATION_ENABLED=true`) for ECS\u002FTerraform or Helm deployments. [Operations Guide](docs\u002Faws-agent-registry-federation.md) | [Design Document](docs\u002Fdesign\u002Faws-agent-registry-federation.md)\n\n- **Register Any Agent (A2A and Non-A2A)** - The Agent Registry now supports registering any agent, not just A2A protocol agents. A new `supported_protocol` field (`a2a` or `other`) distinguishes agent types. Register through the UI (checkbox for A2A agents, dropdown for protocol selection on edit), the API (`supportedProtocol` field in registration payload), or the CLI (`--supported-protocol` flag). Default `trust_level` updated to `community` and `visibility` to `public` for consistency. A one-time [backfill script](scripts\u002Fbackfill_agent_fields.py) normalizes existing agents in MongoDB. Two new Claude Code skills -- [generate-agent-card](.claude\u002Fskills\u002Fgenerate-agent-card\u002FSKILL.md) and [generate-server-card](.claude\u002Fskills\u002Fgenerate-server-card\u002FSKILL.md) -- analyze source code and generate registration-ready agent or server card JSON files. [Documentation](docs\u002Fsupported-protocol-and-trust-fields.md)\n\n- **Amazon Bedrock AgentCore Bulk Import** - Auto-discover and register all AgentCore Gateways and Agent Runtimes from your AWS account in a single command. The CLI scans for READY resources, registers gateways as MCP Servers and runtimes as MCP Servers or A2A Agents based on protocol, and writes a token refresh manifest for automated credential rotation. Supports multi-account scanning, OIDC-compliant identity providers (Cognito, Auth0, Okta, Entra ID, Keycloak), and overwrite mode for updating existing registrations. [AgentCore Operations Guide](docs\u002Fagentcore.md) | [Design Document](docs\u002Fdesign\u002Fagentcore-scanner-design.md)\n\n- **Anonymous Usage Telemetry** - Privacy-first telemetry to track registry adoption patterns. Sends only non-sensitive deployment metadata (version, OS, storage backend, auth provider) -- no PII, no hostnames, no user data. Opt-out by default (startup ping is ON, set `MCP_TELEMETRY_DISABLED=1` to disable). Opt-in daily heartbeat with aggregate counts (server\u002Fagent\u002Fskill totals). HMAC-signed requests, IP-hashed rate limiting, strict schema validation, and fail-silent design ensure zero impact on registry operation. Admin API to force heartbeat\u002Fstartup events on demand. [Telemetry Documentation](docs\u002FTELEMETRY.md)\n\n- **Agent Name Service (ANS) Integration** - Adds PKI-based trust verification for registered agents and MCP servers through GoDaddy's [Agent Name Service](https:\u002F\u002Fwww.godaddy.com\u002Fans). Agent owners link their ANS Agent ID to their registry entry, and the registry verifies the identity via the ANS API, displaying a clickable trust badge on agent cards and semantic search results. A background scheduler re-verifies all linked identities every 6 hours with circuit breaker protection. Supports verified, expired, and revoked status tracking with admin endpoints for manual sync, metrics, and health checks. [Design and Operations Guide](docs\u002Fdesign\u002Fans-integration.md) | [Demo Video](https:\u002F\u002Fapp.vidcast.io\u002Fshare\u002Fc2240a78-8899-46ad-9375-6fb0cc1345f3?playerMode=vidcast)\n\n- **Registry Card for Federation Discovery** - As registries increasingly need to discover and communicate with each other, we've implemented the Registry Card specification—a standardized discovery document accessible via `\u002F.well-known\u002Fregistry-card`. This provides essential metadata including authentication endpoints, capabilities, and contact information for any registry instance. Enhanced server, agent, and skills cards with richer metadata enable better federation workflows. [Registry Card Configuration Guide](docs\u002Ffederation-operational-guide.md#registry-card-configuration)\n\n- 🔑 **Auth0 Identity Provider Support** - Full enterprise SSO integration with Auth0 as an identity provider. The harmonized IAM API now supports Auth0 alongside Keycloak, Microsoft Entra ID, and Okta, providing a unified interface to create users, groups, and M2M service accounts regardless of your IdP choice. Features include Auth0 Actions for group claims injection, M2M client sync with database-driven groups enrichment for OAuth2 Client Credentials tokens, and complete Docker Compose and Terraform\u002FECS deployment support. Switch identity providers with a single environment variable while using the same management APIs and UI. [Auth0 Setup Guide](docs\u002Fauth0.md)\n\n- 🔑 **Okta Identity Provider Support** - Full enterprise SSO integration with Okta as an identity provider. The existing harmonized IAM API now supports Okta alongside Keycloak and Microsoft Entra ID, providing a unified interface to create users, groups, and M2M service accounts regardless of your IdP choice. Features include custom authorization server support for scalable M2M authentication, database-driven groups enrichment for OAuth2 Client Credentials tokens, and complete Docker Compose and Terraform\u002FECS deployment support. Switch identity providers with a single environment variable while using the same management APIs and UI. [Okta Setup Guide](docs\u002Fokta-setup.md)\n\n- 🔐 **Enterprise Security Posture Documentation** - Comprehensive security architecture documentation covering defense-in-depth across all deployment platforms (ECS, EKS, Docker Compose). Details infrastructure security, encryption at rest\u002Fin-transit with KMS, secrets management with automated rotation, container hardening following CIS benchmarks, application security with automated scanning (Semgrep, Bandit), supply chain security for MCP servers, and compliance with SOC 2\u002FGDPR standards. [Security Posture Guide](docs\u002Fsecurity-posture.md)\n\n- **📊 Direct OTLP Push Export for Metrics** - Push metrics directly to any OTLP-compatible observability platform (Datadog, New Relic, Honeycomb, Grafana Cloud) without requiring an intermediate OTEL Collector. Configure via environment variables (`OTEL_OTLP_ENDPOINT`, `OTEL_EXPORTER_OTLP_HEADERS`) for instant integration with commercial observability platforms. Supports both Docker Compose and Terraform\u002FECS deployments with secure credential handling via AWS Secrets Manager. Works alongside existing Prometheus\u002FGrafana setup for hybrid monitoring. [Metrics Architecture Guide - Direct OTLP Push](docs\u002Fmetrics-architecture.md#direct-otlp-push-export-simplified-setup)\n\n- ⭐ **AWS Workshop Studio: Securing AI Agent Ecosystems with MCP Gateway and Registry** - Hands-on workshop covering deployment, authentication, governance, and security best practices for production AI agent ecosystems. Learn to deploy the MCP Gateway & Registry on AWS, configure enterprise authentication, implement fine-grained access control, and secure AI agent communications. [Start Workshop](https:\u002F\u002Fcatalog.us-east-1.prod.workshops.aws\u002Fworkshops\u002F0c3265a6-1a4a-467b-ae56-e4d019184b0e\u002Fen-US)\n\n- 💻 **One-Command macOS Setup** - The quickest way to get started and experiment with the solution on your MacBook. Simply ask Claude Code or your favorite AI coding assistant to use the [macOS Setup Skill](.claude\u002Fskills\u002Fmacos-setup\u002FSKILL.md) and it will automatically clone the repository, install all dependencies, configure services (MongoDB, Keycloak, registry), register sample servers, and verify the complete stack is running. Perfect for single-developer environments and hands-on exploration. Supports both full setup and complete teardown with a single command. *ECS\u002FEKS deployment skill coming very soon.*\n\n- **AI Registry MCP Server (airegistry-tools)** - Enables AI coding assistants (Claude Code, Roo Code, Cursor, etc.) to discover and query MCP servers, agents, and skills directly from the registry. Provides 5 tools: `list_services`, `list_agents`, `list_skills`, `intelligent_tool_finder` (semantic search), and `healthcheck`. Auto-registered on registry startup with no manual setup required. See [AI Registry Tools documentation](docs\u002Fai-registry-tools.md) for details.\n\n- **Governance & Security Enhancements** - Enhanced audit logging with searchable filters (username, MCP server) and statistics dashboard showing top users, operations, timeline charts, and per-user activity breakdowns. System uptime and health stats now visible in the header with deployment info, registry statistics, and database status. Comprehensive security hardening via Bandit scanning addressed subprocess security (B603\u002FB607), SQL injection prevention (B608), hardcoded credentials detection (B105), and other vulnerability patterns across the codebase. All security findings documented and resolved with proper justifications for necessary exceptions.\n\n- **IAM Settings UI** - Visual interface for managing users, groups, and M2M service accounts directly from the web UI. Create and configure access control groups with fine-grained permissions for servers, tools, agents, and UI features. Manage human users with group assignments, and create M2M service accounts for AI agents with OAuth2 client credentials. Features include searchable server\u002Fagent\u002Ftool selectors, JSON import\u002Fexport for scope configurations, and support for both MCP servers and virtual servers in access rules. Works with both Keycloak and Microsoft Entra ID identity providers. [IAM Settings Guide](docs\u002Fiam-settings-ui.md)\n\n- **System Configuration Viewer** - View and export all registry configuration parameters through the Settings UI. Admin-only panel displays 11 configuration groups (Deployment, Storage, Auth, Embeddings, Health, WebSocket, Security Scanning, Audit, Federation, Discovery) with sensitive value masking. Export configuration in ENV, JSON, TFVARS, or YAML formats for deployment automation. API endpoints provide programmatic access at `\u002Fapi\u002Fconfig\u002Ffull` and `\u002Fapi\u002Fconfig\u002Fexport`. [Configuration Guide](docs\u002Fconfiguration.md#viewing-configuration-via-ui)\n\n- **Virtual MCP Server Support** - Aggregate tools, resources, and prompts from multiple backend MCP servers into a single unified endpoint. Clients connect to one virtual server that presents a curated, access-controlled view of capabilities from any combination of registered backends. Features include tool aliasing (resolve naming conflicts), version pinning (lock to specific backend versions), per-tool scope-based access control, session multiplexing (one client session maps to N backend sessions transparently), and 60-second cached aggregation for `tools\u002Flist`, `resources\u002Flist`, and `prompts\u002Flist`. Supports all MCP JSON-RPC methods including `initialize`, `ping`, `tools\u002Fcall`, `resources\u002Fread`, and `prompts\u002Fget`. [Design Document](docs\u002Fdesign\u002Fvirtual-mcp-server.md) | [Operations Guide](docs\u002Fvirtual-server-operations.md)\n\n- **Registry-Only Deployment Mode** - Run the registry as a standalone catalog\u002Fdiscovery service without nginx gateway integration. In `registry-only` mode, nginx configuration is not updated when servers are registered, and MCP proxy requests return 503 with instructions to use direct connection. The frontend adapts to show `proxy_pass_url` instead of gateway URLs. Combined with `REGISTRY_MODE` settings (`full`, `skills-only`, `mcp-servers-only`, `agents-only`), you can configure the registry for specific use cases. For example, set `REGISTRY_MODE=skills-only` to run a dedicated Skills Registry that only manages Agent Skills (SKILL.md files) without MCP servers or A2A agents - ideal for teams that want a lightweight skill library. The UI automatically adapts to show only relevant features, and API endpoints for disabled features return 503. Invalid combinations like `with-gateway + skills-only` are auto-corrected with warnings. [Registry Deployment Modes Guide](docs\u002Fregistry-deployment-modes.md)\n\n- **Agent Skills Registry** - Register, discover, and manage reusable instruction sets (SKILL.md files) that enhance AI coding assistants with specialized workflows. Skills are hosted on GitHub, GitLab, or Bitbucket and registered in the MCP Gateway Registry for discovery and access control. Features include YAML frontmatter parsing for metadata extraction, health monitoring with URL accessibility checks, visibility controls (public\u002Fprivate\u002Fgroup), star ratings, semantic search integration, tool dependency validation, and a rich UI with SKILL.md content modals. Security includes automatic security scanning during registration using [Cisco AI Defense Skill Scanner](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fcisco-ai-skill-scanner) with YARA pattern matching, LLM analysis, and static code inspection. SSRF protection with redirect validation ensures safe URL handling. [Agent Skills Guide](docs\u002Fagent-skills-operational-guide.md) | [Architecture](docs\u002Fdesign\u002Fagent-skills-architecture.md) | [Security Scanning](docs\u002Fsecurity-scanner.md#agent-skills-security-scanning)\n\n- **📋 Compliance Audit Logging** - Comprehensive audit logging for security monitoring and compliance. Captures all Registry API and MCP Gateway access events with user identity, operation details, and timing. Features include automatic credential masking (tokens, cookies, passwords are never logged), TTL-based log retention (default 7 days, configurable), admin-only audit viewer UI with filtering and export (JSONL\u002FCSV), and non-blocking async design. Supports SOC 2 and GDPR requirements with who\u002Fwhat\u002Fwhen\u002Fwhere\u002Foutcome tracking. [Audit Logging Guide](docs\u002Faudit-logging.md)\n\n- **🌐 Peer-to-Peer Registry Federation** - Connect multiple MCP Gateway Registry instances for bidirectional server and agent synchronization. Central IT teams can aggregate visibility across Line of Business registries, or LOBs can inherit shared tools from a central hub. Features include configurable sync modes (all, whitelist, tag filter), scheduled and on-demand sync, static token authentication for IdP-agnostic deployments, Fernet-encrypted credential storage, generation-based orphan detection, and path namespacing to prevent collisions. Synced items are read-only and display their source registry. A VS Code-style Settings UI provides peer management, sync triggering, and status monitoring. [Architecture Design](docs\u002Fdesign\u002Ffederation-architecture.md) | [Operational Guide](docs\u002Ffederation-operational-guide.md)\n\n- **🔑 Static Token Auth for Registry API** - Access Registry API endpoints (`\u002Fapi\u002F*`, `\u002Fv0.1\u002F*`) using a static API key instead of IdP-based JWT validation. Designed for trusted network environments, CI\u002FCD pipelines, and CLI tooling where configuring a full identity provider may not be practical. MCP Gateway endpoints continue to require full IdP authentication. Includes startup validation that disables the feature if no token is configured. [Static Token Auth Guide](docs\u002Fstatic-token-auth.md)\n\n- **🔀 MCP Server Version Routing** - Run multiple versions of the same MCP server simultaneously behind a single gateway endpoint. Register new versions as inactive, test them with the `X-MCP-Server-Version` header, then promote to active with a single API call or UI click. Features include instant rollback, version pinning for clients, deprecation lifecycle with sunset dates, automatic nginx map-based O(1) routing, cascade deletion of all versions, and post-swap health checks. The dashboard displays both the admin-controlled routing version and the MCP server-reported software version independently. Only the active version appears in search results and health checks. [Design Document](docs\u002Fdesign\u002Fserver-versioning.md) | [Operations Guide](docs\u002Fserver-versioning-operations.md)\n- **👥 Multi-Provider IAM with Harmonized API** - Full Identity and Access Management support for Keycloak, Microsoft Entra ID, Okta, and Auth0. The registry API provides a unified experience for user and group management regardless of which IdP you use. Human users can log in via the UI and generate self-signed JWT tokens (with the same permissions as their session) for CLI tools and AI coding assistants. Service accounts (M2M) enable AI agent identity with OAuth2 Client Credentials flow. Fine-grained access control through scopes defines exactly which MCP servers, methods, tools, and agents each user can access. [Authentication Design](docs\u002Fdesign\u002Fauthentication-design.md) | [IdP Provider Architecture](docs\u002Fdesign\u002Fidp-provider-support.md) | [Scopes Management](docs\u002Fscopes-mgmt.md) | [Entra ID Setup](docs\u002Fentra-id-setup.md) | [Okta Setup](docs\u002Fokta-setup.md) | [Auth0 Setup](docs\u002Fauth0.md)\n- **🏷️ Custom Metadata for Servers & Agents** - Add rich custom metadata to MCP servers and agents for organization, compliance, and integration tracking. Metadata is fully searchable via semantic search, enabling queries like \"team:data-platform\", \"PCI-DSS compliant\", or \"owner:alice@example.com\". Use cases include team ownership, compliance tracking (PCI-DSS, HIPAA), cost center allocation, deployment regions, JIRA tickets, and custom tags. Backward compatible with existing registrations. [Metadata Usage Guide](docs\u002Fcustom-metadata.md)\n- **🔎 Enhanced Hybrid Search** - Improved semantic search combining vector similarity with tokenized keyword matching for servers, tools, and agents. Explicit name references now boost relevance scores, ensuring exact matches appear first. [Hybrid Search Architecture](docs\u002Fdesign\u002Fhybrid-search-architecture.md)\n- **🛡️ Security Scan Results in UI** - Security scan results are now displayed directly on Server and Agent cards with color-coded shield icons (gray\u002Fgreen\u002Fred). Click the shield icon to view detailed scan results and trigger rescans from the UI. [Security Scanner Documentation](docs\u002Fsecurity-scanner.md)\n- **🧪 Comprehensive Test Suite & Updated LLM Documentation** - Full pytest test suite with 701+ passing tests (unit, integration, E2E) running automatically on all PRs via GitHub Actions. 35% minimum coverage (targeting 80%), ~30 second execution with 8 parallel workers. Updated llms.txt provides comprehensive documentation for LLM coding assistants covering storage backend migration (file → DocumentDB\u002FMongoDB), repository patterns, AWS ECS deployment, Microsoft Entra ID integration, dual security scanning, federation architecture, rating system, testing standards, and critical code organization antipatterns. [Testing Guide](docs\u002Ftesting\u002FREADME.md) | [docs\u002Fllms.txt](docs\u002Fllms.txt)\n- **📊 DocumentDB & MongoDB CE Storage Backend** - Distributed storage with MongoDB-compatible backends. DocumentDB provides native HNSW vector search for sub-100ms semantic queries in production deployments, while MongoDB Community Edition 8.2 enables full-featured local development with replica sets. Both backends use the same repository abstraction layer with automatic collection management, optimized indexes, and application-level vector search for MongoDB CE. Switch between MongoDB CE (local testing) and DocumentDB (production) with a single environment variable. Note: File-based storage is deprecated and will be removed in a future release. MongoDB CE is recommended for local development. [Configuration Guide](docs\u002Fconfiguration.md#storage-backend-configuration) | [Storage Architecture](docs\u002Fdesign\u002Fstorage-architecture-mongodb-documentdb.md)\n- **🔒 A2A Agent Security Scanning** - Integrated security scanning for A2A agents using [Cisco AI Defense A2A Scanner](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fa2a-scanner). Automatic security scans during agent registration with YARA pattern matching, A2A specification validation, and heuristic threat detection. Features include automatic tagging of unsafe agents, configurable blocking policies, and detailed scan reports with API endpoints for viewing results and triggering rescans.\n- **🔧 Registry Management API** - New programmatic API for managing servers, groups, and users. Python client (`api\u002Fregistry_client.py`) with type-safe interfaces, RESTful HTTP endpoints (`\u002Fapi\u002Fmanagement\u002F*`), and comprehensive error handling. Replaces shell scripts with modern API approach while maintaining backward compatibility. [API Documentation](api\u002FREADME.md) | [Service Management Guide](docs\u002Fservice-management.md)\n- **⭐ Server & Agent Rating System** - Rate and review agents with an interactive 5-star rating widget. Users can submit ratings via the UI or CLI, view aggregate ratings with individual rating details, and update their existing ratings. Features include a rotating buffer (max 100 ratings per agent), one rating per user, float average calculations, and full OpenAPI documentation. Enables community-driven agent quality assessment and discovery.\n- **🧠 Flexible Embeddings Support** - Choose from three embedding provider options for semantic search: local sentence-transformers, OpenAI, or any LiteLLM-supported provider including Amazon Bedrock Titan, Cohere, and 100+ other models. Switch providers with simple configuration changes. [Embeddings Guide](docs\u002Fembeddings.md)\n- **☁️ AWS ECS Deployment** - Deployment configuration on Amazon ECS Fargate with multi-AZ architecture, Application Load Balancer with HTTPS, auto-scaling, CloudWatch monitoring, and NAT Gateway redundancy. Complete Terraform configuration for deploying the entire stack. [ECS Deployment Guide](terraform\u002Faws-ecs\u002FREADME.md)\n- **📦 Flexible Deployment Modes** - Three deployment options to match your requirements: (1) CloudFront Only for quick setup without custom domains, (2) Custom Domain with Route53\u002FACM for branded URLs, or (3) CloudFront + Custom Domain for production with CDN benefits. [Deployment Modes Guide](docs\u002Fdeployment-modes.md)\n- **🔗 Federated Registry** - MCP Gateway registry now supports federation of servers and agents from other registries. [Federation Guide](docs\u002Ffederation.md)\n- **🔗 Agent-to-Agent (A2A) Protocol Support** - Agents can now register, discover, and communicate with other agents through a secure, centralized registry. Enable autonomous agent ecosystems with Keycloak-based access control and fine-grained permissions. [A2A Guide](docs\u002Fa2a.md)\n- **🏢 Microsoft Entra ID Integration** - Enterprise SSO with Microsoft Entra ID (Azure AD) authentication. Group-based access control, conditional access policies, and seamless integration with existing Microsoft 365 environments. [Entra ID Setup Guide](docs\u002Fentra-id-setup.md)\n- **🤖 Agentic CLI for MCP Registry** - Talk to the Registry in natural language using a Claude Code-like interface. Discover tools, ask questions, and execute MCP commands conversationally. [Learn more](docs\u002Fmcp-registry-cli.md)\n- **🔒 MCP Server Security Scanning** - Integrated vulnerability scanning with [Cisco AI Defense MCP Scanner](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fmcp-scanner). Automatic security scans during server registration, periodic registry-wide scans with detailed markdown reports, and automatic disabling of servers with security issues.\n- **📥 Import Servers from Anthropic MCP Registry** - Import curated MCP servers from Anthropic's registry with a single command. [Import Guide](docs\u002Fanthropic-registry-import.md)\n- **🔌 Anthropic MCP Registry REST API Compatibility** - Full compatibility with Anthropic's MCP Registry REST API specification. [API Documentation](docs\u002Fanthropic_registry_api.md)\n- **🔎 Unified Semantic Search for Servers, Tools & Agents** - Natural-language search across every MCP server, its tools, and registered A2A agents using `POST \u002Fapi\u002Fsearch\u002Fsemantic`. Works from the dashboard UI (session cookie auth) or programmatically with JWT Bearer tokens, returning relevance-scored matches per entity type in a single response.\n- **🚀 Pre-built Images** - Deploy instantly with pre-built Docker images. [Get Started](#option-a-pre-built-images-instant-setup) | [macOS Guide](docs\u002Fmacos-setup-guide.md)\n- **🔐 Keycloak Integration** - Enterprise authentication with AI agent audit trails and group-based authorization. [Learn more](docs\u002Fkeycloak-integration.md)\n- **⚡ Amazon Bedrock AgentCore Integration** - AgentCore Gateway support with dual authentication. [Integration Guide](docs\u002Fagentcore.md)\n\n\n---\n\n## A2A Agents - Example Implementations\n\nThe registry includes two example A2A agents that demonstrate how both human developers and autonomous AI agents can discover, register, and use agents through the unified Agent Registry. Agents can programmatically discover other agents via semantic search and use them through the A2A protocol, enabling dynamic agent composition and autonomous agent orchestration.\n\n### Example Agents\n\n| Agent | Path | Skills |\n|-------|------|--------|\n| **Travel Assistant Agent** | `\u002Ftravel-assistant-agent` | Flight search, pricing checks, recommendations, trip planning |\n| **Flight Booking Agent** | `\u002Fflight-booking-agent` | Availability checks, flight reservations, payments, reservation management |\n\n### Agent Discovery\n\n**View in Registry UI:**\nOpen the registry and navigate to the **A2A Agents** tab to browse registered agents with their full metadata, capabilities, and skills.\n\n**Search via CLI:**\nDevelopers can search for agents by natural language description:\n\n```bash\n# Search for agents that can help book a trip\ncli\u002Fagent_mgmt.sh search \"need an agent to book a trip\"\n```\n\n**Example Output:**\n```\nFound 4 agent(s) matching 'need an agent to book a trip':\n--------------------------------------------------------------------------------------------------------------\nAgent Name                               | Path                      | Score\n--------------------------------------------------------------------------------------------------------------\nTravel Assistant Agent                   | \u002Ftravel-assistant-agent   |  0.8610\nFlight Booking Agent                     | \u002Fflight-booking-agent     |  1.2134\n--------------------------------------------------------------------------------------------------------------\n```\n\n### Agent-to-Agent Discovery API\n\nThe registry provides a **semantic search API** that agents can use as a tool to discover other A2A agents at runtime. This API enables dynamic agent composition where agents find collaborators based on capabilities rather than hardcoded references.\n\n**Discovery API Endpoint:**\n```\nPOST \u002Fapi\u002Fagents\u002Fdiscover\u002Fsemantic?query=\u003Cnatural-language-query>&max_results=5\nAuthorization: Bearer \u003Cjwt-token>\n```\n\n**Response includes:**\n- Agent name, description, and endpoint URL\n- Agent card metadata with skills and capabilities\n- Relevance score for ranking matches\n- Trust level and visibility settings\n\n**How agents use it:**\n1. An agent calls the registry's semantic search API with a natural language query (e.g., \"agent that can book flights\")\n2. The registry returns matching agents with their endpoint URLs and full agent card metadata\n3. The agent uses the agent card to understand capabilities and invokes the discovered agent via A2A protocol\n\n**Example - Travel Assistant discovering and invoking Flight Booking Agent:**\n```\nUser: \"I need to book a flight from NYC to LA\"\n\nTravel Assistant:\n  1. Calls registry API: POST \u002Fapi\u002Fagents\u002Fdiscover\u002Fsemantic?query=\"book flights\"\n  2. Registry returns Flight Booking Agent with endpoint URL and agent card\n  3. Uses agent card to understand capabilities, then sends A2A message to Flight Booking Agent\n  4. Returns booking confirmation to user\n```\n\nThis pattern enables agents to dynamically extend their capabilities by discovering specialized agents for tasks they cannot handle directly.\n\n**Agent Cards:** View the agent card metadata at [agents\u002Fa2a\u002Ftest\u002F](agents\u002Fa2a\u002Ftest\u002F) to see the complete agent definitions including skills, protocols, and capabilities.\n\nFor complete agent deployment and testing documentation, see [agents\u002Fa2a\u002FREADME.md](agents\u002Fa2a\u002FREADME.md).\n\n---\n\n## Core Use Cases\n\n### AI Agent & Coding Assistant Governance\nProvide both autonomous AI agents and human developers with secure access to approved tools through AI coding assistants (VS Code, Cursor, Claude Code) while maintaining IT oversight and compliance.\n\n### Enterprise Security & Compliance  \nCentralized authentication, fine-grained permissions, and comprehensive audit trails for SOX\u002FGDPR compliance pathways across both human and AI agent access patterns.\n\n### Dynamic Tool Discovery\nAI agents can autonomously discover and execute specialized tools beyond their initial capabilities using intelligent semantic search, while developers get guided tool discovery through their coding assistants.\n\n### Unified Access Gateway\nSingle gateway supporting both autonomous AI agents (machine-to-machine) and AI coding assistants (human-guided) with consistent authentication and tool access patterns.\n\n---\n\n## Architecture\n\nThe MCP Gateway & Registry provides a unified platform for both autonomous AI agents and AI coding assistants to access enterprise-curated tools through a centralized gateway with comprehensive authentication and governance.\n\n```mermaid\nflowchart TB\n    subgraph Human_Users[\"Human Users\"]\n        User1[\"Human User 1\"]\n        User2[\"Human User 2\"]\n        UserN[\"Human User N\"]\n    end\n\n    subgraph AI_Agents[\"AI Agents\"]\n        Agent1[\"AI Agent 1\"]\n        Agent2[\"AI Agent 2\"]\n        Agent3[\"AI Agent 3\"]\n        AgentN[\"AI Agent N\"]\n    end\n\n    subgraph EC2_Gateway[\"\u003Cb>MCP Gateway & Registry\u003C\u002Fb> (Amazon EC2 Instance)\"]\n        subgraph NGINX[\"NGINX Reverse Proxy\"]\n            RP[\"Reverse Proxy Router\"]\n        end\n        \n        subgraph AuthRegistry[\"Authentication & Registry Services\"]\n            AuthServer[\"Auth Server\u003Cbr\u002F>(Dual Auth)\"]\n            Registry[\"Registry\u003Cbr\u002F>Web UI\"]\n            RegistryMCP[\"Registry\u003Cbr\u002F>MCP Server\"]\n        end\n        \n        subgraph LocalMCPServers[\"Local MCP Servers\"]\n            MCP_Local1[\"MCP Server 1\"]\n            MCP_Local2[\"MCP Server 2\"]\n        end\n    end\n    \n    %% Identity Provider\n    IdP[Identity Provider\u003Cbr\u002F>Keycloak\u002FCognito]\n    \n    subgraph EKS_Cluster[\"Amazon EKS\u002FEC2 Cluster\"]\n        MCP_EKS1[\"MCP Server 3\"]\n        MCP_EKS2[\"MCP Server 4\"]\n    end\n    \n    subgraph APIGW_Lambda[\"Amazon API Gateway + AWS Lambda\"]\n        API_GW[\"Amazon API Gateway\"]\n        Lambda1[\"AWS Lambda Function 1\"]\n        Lambda2[\"AWS Lambda Function 2\"]\n    end\n    \n    subgraph External_Systems[\"External Data Sources & APIs\"]\n        DB1[(Database 1)]\n        DB2[(Database 2)]\n        API1[\"External API 1\"]\n        API2[\"External API 2\"]\n        API3[\"External API 3\"]\n    end\n    \n    %% Connections from Human Users\n    User1 -->|Web Browser\u003Cbr>Authentication| IdP\n    User2 -->|Web Browser\u003Cbr>Authentication| IdP\n    UserN -->|Web Browser\u003Cbr>Authentication| IdP\n    User1 -->|Web Browser\u003Cbr>HTTPS| Registry\n    User2 -->|Web Browser\u003Cbr>HTTPS| Registry\n    UserN -->|Web Browser\u003Cbr>HTTPS| Registry\n    \n    %% Connections from Agents to Gateway\n    Agent1 -->|MCP Protocol\u003Cbr>SSE with Auth| RP\n    Agent2 -->|MCP Protocol\u003Cbr>SSE with Auth| RP\n    Agent3 -->|MCP Protocol\u003Cbr>Streamable HTTP with Auth| RP\n    AgentN -->|MCP Protocol\u003Cbr>Streamable HTTP with Auth| RP\n    \n    %% Auth flow connections\n    RP -->|Auth validation| AuthServer\n    AuthServer -.->|Validate credentials| IdP\n    Registry -.->|User authentication| IdP\n    RP -->|Tool discovery| RegistryMCP\n    RP -->|Web UI access| Registry\n    \n    %% Connections from Gateway to MCP Servers\n    RP -->|SSE| MCP_Local1\n    RP -->|SSE| MCP_Local2\n    RP -->|SSE| MCP_EKS1\n    RP -->|SSE| MCP_EKS2\n    RP -->|Streamable HTTP| API_GW\n    \n    %% Connections within API GW + Lambda\n    API_GW --> Lambda1\n    API_GW --> Lambda2\n    \n    %% Connections to External Systems\n    MCP_Local1 -->|Tool Connection| DB1\n    MCP_Local2 -->|Tool Connection| DB2\n    MCP_EKS1 -->|Tool Connection| API1\n    MCP_EKS2 -->|Tool Connection| API2\n    Lambda1 -->|Tool Connection| API3\n\n    %% Style definitions\n    classDef user fill:#fff9c4,stroke:#f57f17,stroke-width:2px\n    classDef agent fill:#e1f5fe,stroke:#29b6f6,stroke-width:2px\n    classDef gateway fill:#e8f5e9,stroke:#66bb6a,stroke-width:2px\n    classDef nginx fill:#f3e5f5,stroke:#ab47bc,stroke-width:2px\n    classDef mcpServer fill:#fff3e0,stroke:#ffa726,stroke-width:2px\n    classDef eks fill:#ede7f6,stroke:#7e57c2,stroke-width:2px\n    classDef apiGw fill:#fce4ec,stroke:#ec407a,stroke-width:2px\n    classDef lambda fill:#ffebee,stroke:#ef5350,stroke-width:2px\n    classDef dataSource fill:#e3f2fd,stroke:#2196f3,stroke-width:2px\n    \n    %% Apply styles\n    class User1,User2,UserN user\n    class Agent1,Agent2,Agent3,AgentN agent\n    class EC2_Gateway,NGINX gateway\n    class RP nginx\n    class AuthServer,Registry,RegistryMCP gateway\n    class IdP apiGw\n    class MCP_Local1,MCP_Local2 mcpServer\n    class EKS_Cluster,MCP_EKS1,MCP_EKS2 eks\n    class API_GW apiGw\n    class Lambda1,Lambda2 lambda\n    class DB1,DB2,API1,API2,API3 dataSource\n```\n\n**Key Architectural Benefits:**\n- **Unified Gateway**: Single point of access for both AI agents and human developers through coding assistants\n- **Dual Authentication**: Supports both human user authentication and machine-to-machine agent authentication\n- **Scalable Infrastructure**: Nginx reverse proxy with horizontal scaling capabilities\n- **Multiple Transports**: SSE and Streamable HTTP support for different client requirements\n\n---\n\n## Key Advantages\n\n### **Security Features**\n- OAuth 2.0\u002F3.0 compliance with IdP integration\n- Fine-grained access control at tool and method level\n- Zero-trust network architecture\n- Complete audit trails and comprehensive analytics for compliance\n\n### **AI Agent & Developer Experience**\n- Single configuration works across autonomous AI agents and AI coding assistants (VS Code, Cursor, Claude Code, Cline)\n- Dynamic tool discovery with natural language queries for both agents and humans\n- Instant onboarding for new team members and AI agent deployments\n- Unified governance for both AI agents and human developers\n\n### **Deployment Features**\n- Container-native (Docker\u002FKubernetes)\n- Real-time health monitoring and alerting\n- Dual authentication supporting both human and machine authentication\n\n---\n## Quick Start\n\nThere are 4 options for setting up the MCP Gateway & Registry:\n\n- **Option A: AI-Assisted macOS Setup** — The absolute fastest way to get started on macOS. Ask your AI coding assistant to use the [macOS Setup Skill](.claude\u002Fskills\u002Fmacos-setup\u002FSKILL.md) for fully automated one-command setup. Perfect for experimentation.\n- **Option B: Pre-built Images** — Fast setup using pre-built Docker or Podman containers. Recommended for most users.\n- **Option C: Podman (Rootless)** — Detailed Podman-specific instructions for macOS and rootless Linux environments.\n- **Option D: Build from Source** — Full source build for customization or development.\n\n### Option A: AI-Assisted macOS Setup (Fastest)\n\n**The easiest way to get started on macOS.** Simply ask Claude Code or your AI coding assistant:\n\n> \"Use the macOS setup skill to install and configure the MCP Gateway & Registry\"\n\nThe [macOS Setup Skill](.claude\u002Fskills\u002Fmacos-setup\u002FSKILL.md) will automatically:\n- ✅ Clone the repository and install all dependencies (Homebrew, Python, UV, Docker, Node.js)\n- ✅ Configure and start MongoDB with replica set\n- ✅ Set up and initialize Keycloak with admin user\n- ✅ Start the registry and auth server\n- ✅ Register the Cloudflare MCP docs server\n- ✅ Verify the complete stack is operational\n\n**Perfect for:** Single-developer experimentation, quick demos, hands-on exploration\n\n**What you need:** macOS with an AI coding assistant (Claude Code, Cursor, etc.)\n\n**Clean up:** When done, ask your AI assistant to \"teardown the MCP Gateway setup\" for complete removal.\n\n*Note: ECS\u002FEKS deployment skill coming very soon for production deployments.*\n\n---\n\n### Option B: Pre-built Images (Instant Setup)\n\nGet running with pre-built Docker containers in minutes. This is the recommended approach for most users.\n\n```bash\n# Clone and configure\ngit clone https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry.git\ncd mcp-gateway-registry\ncp .env.example .env\n\n# Edit .env with your passwords (KEYCLOAK_ADMIN_PASSWORD, etc.)\nnano .env\n\n# Deploy with pre-built images\nexport DOCKERHUB_ORG=mcpgateway\n.\u002Fbuild_and_run.sh --prebuilt\n\n# Access the Registry UI\nopen http:\u002F\u002Flocalhost:7860  # macOS\n# xdg-open http:\u002F\u002Flocalhost:7860  # Linux\n```\n\n**[Complete Quick Start Guide](docs\u002Fquickstart.md)** - Full step-by-step instructions including:\n- Prerequisites installation (Docker, Python, UV)\n- Environment configuration\n- MongoDB and Keycloak initialization\n- User and service account setup\n- Server and agent registration\n- Testing the gateway functionality\n\n**Benefits:** No build time | No Node.js required | No frontend compilation | Consistent tested images\n\n---\n\n### Option C: Podman (Rootless Container Deployment)\n\n**Perfect for macOS and rootless Linux environments**\n\nPodman provides rootless container execution without requiring privileged ports, making it ideal for:\n- **macOS** users with Podman Desktop\n- **Linux** users preferring rootless containers\n- **Development** environments where Docker daemon isn't available\n\n**Quick Podman Setup (macOS non-Apple Silicon):**\n\n```bash\n# Install Podman Desktop\nbrew install podman-desktop\n# OR download from: https:\u002F\u002Fpodman-desktop.io\u002F\n```\n\nInside Podman Desktop, go to Preferences > Podman Machine and create a new machine with at least 4 CPUs and 8GB RAM. Alternatively, see more detailed [Podman installation guide](docs\u002Finstallation.md#podman-installation) for instructions on setting this up on CLI.\n\n```bash\n# Initialize Podman machine\npodman machine init\npodman machine start\n\n# Verify installation\npodman --version\npodman compose version\n\n# Configure environment\ncp .env.example .env\n# Edit .env with your credentials\n```\n\n**Deploy with Podman** see full Podman setup instructions (downloading, installing, and initializing a first Podman container, as well as troubleshooting) in our [Installation Guide](docs\u002Finstallation.md#podman-installation).\n\n**Build with Podman:**\n\n```bash\n# Auto-detect (will use Podman if Docker not available)\n.\u002Fbuild_and_run.sh --prebuilt\n\n# Explicit Podman mode (only non-Apple Silicon)\n.\u002Fbuild_and_run.sh --prebuilt --podman\n\n# Access registry at non-privileged ports\n# On macOS:\nopen http:\u002F\u002Flocalhost:8080\n# On Linux: xdg-open http:\u002F\u002Flocalhost:8080\n```\n\n> Note: **Apple Silicon (M1\u002FM2\u002FM3)?** Don't use `--prebuilt` with Podman on ARM64. This will cause a \"proxy already running\" error. See [Podman on Apple Silicon Guide](docs\u002Fpodman-apple-silicon.md).\n\n```bash\n# To run on Apple Silicon Macs:\n.\u002Fbuild_and_run.sh --podman\n```\n\n**Key Differences vs. Docker:**\n- No root\u002Fsudo required\n- Works on macOS without privileged port access\n- HTTP port: `8080` (instead of `80`)\n- HTTPS port: `8443` (instead of `443`)\n- All other service ports unchanged\n\nFor detailed Podman setup instructions, see [Installation Guide](docs\u002Finstallation.md#podman-installation) and [macOS Setup Guide](docs\u002Fmacos-setup-guide.md#podman-deployment).\n\n### Option D: Build from Source\n\n**New to MCP Gateway?** Start with our [Complete Setup Guide](docs\u002Fcomplete-setup-guide.md) for detailed step-by-step instructions from scratch on AWS EC2.\n\n**Running on macOS?** See our [macOS Setup Guide](docs\u002Fmacos-setup-guide.md) for platform-specific instructions and optimizations.\n\n### Testing & Integration Options\n\n**Test Suite:**\nThe project includes comprehensive automated testing with pytest:\n\n```bash\n# Run all tests\nmake test\n\n# Run only unit tests (fast)\nmake test-unit\n\n# Run with coverage report\nmake test-coverage\n\n# Run specific test categories\nuv run pytest -m unit           # Unit tests only\nuv run pytest -m integration    # Integration tests\nuv run pytest -m \"not slow\"     # Skip slow tests\n```\n\n**Test Structure:**\n- **Unit Tests** (`tests\u002Funit\u002F`) - Fast, isolated component tests\n- **Integration Tests** (`tests\u002Fintegration\u002F`) - Component interaction tests\n- **E2E Tests** (`tests\u002Fintegration\u002Ftest_e2e_workflows.py`) - Complete workflow tests\n\n**Python Agent:**\n- `agents\u002Fagent.py` - Full-featured Python agent with advanced AI capabilities\n\n**Testing Documentation:**\n- [Testing Guide](docs\u002Ftesting\u002FREADME.md) - Comprehensive testing documentation\n- [Writing Tests](docs\u002Ftesting\u002FWRITING_TESTS.md) - How to write effective tests\n- [Test Maintenance](docs\u002Ftesting\u002FMAINTENANCE.md) - Maintaining test suite health\n\n**Pre-commit Hooks:**\n```bash\n# Install pre-commit hooks\npip install pre-commit\npre-commit install\n\n# Run hooks manually\npre-commit run --all-files\n```\n\n**Next Steps:** [Complete Installation Guide](docs\u002Finstallation.md) | [Authentication Setup](docs\u002Fauth.md) | [AI Assistant Integration](docs\u002Fai-coding-assistants-setup.md)\n\n---\n\n## Enterprise Features\n\n### AI Agents & Coding Assistants Integration\n\nTransform how both autonomous AI agents and development teams access enterprise tools with centralized governance:\n\n\u003Ctable>\n\u003Ctr>\n\u003Ctd width=\"50%\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_ff68453738b2.png\" alt=\"Roo Code MCP Configuration\" \u002F>\n\u003Cp>\u003Cem>Enterprise-curated MCP servers accessible through unified gateway\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Ftd>\n\u003Ctd width=\"50%\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_ad7317d8a214.png\" alt=\"Roo Code Agent in Action\" \u002F>\n\u003Cp>\u003Cem>AI assistants executing approved enterprise tools with governance\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd colspan=\"2\">\n\n### Observability\n\nComprehensive real-time metrics and monitoring through Grafana dashboards with dual-path storage: SQLite for detailed historical analysis and OpenTelemetry (OTEL) export for integration with Prometheus, CloudWatch, Datadog, and other monitoring platforms. Track authentication events, tool executions, discovery queries, and system performance metrics. [Learn more](docs\u002FOBSERVABILITY.md)\n\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_673095d68432.png\" alt=\"Grafana Metrics Dashboard\" \u002F>\n\u003Cp>\u003Cem>Real-time metrics and observability dashboard tracking server health, tool usage, and authentication events\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftable>\n\n### Anthropic MCP Registry Integration\n\nSeamlessly integrate with Anthropic's official MCP Registry to import and access curated MCP servers through your gateway:\n\n- **Import Servers**: Select and import desired servers from Anthropic's registry with a single command\n- **Unified Access**: Access imported servers through your gateway with centralized authentication and governance\n- **API Compatibility**: Full support for Anthropic's Registry REST API specification - point your Anthropic API clients to this registry to discover available servers\n\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_331a96507448.png\" alt=\"Anthropic Registry Integration\" \u002F>\n\u003Cp>\u003Cem>Import and access curated MCP servers from Anthropic's official registry\u003C\u002Fem>\u003C\u002Fp>\n\n[Import Guide](docs\u002Fanthropic-registry-import.md) | [Registry API Documentation](docs\u002Fanthropic_registry_api.md)\n\n### Federation - External Registry Integration\n\n**Unified Multi-Registry Access:**\n- **Anthropic MCP Registry** - Import curated MCP servers with purple `ANTHROPIC` visual tags\n- **Workday ASOR** - Import AI agents from Agent System of Record with orange `ASOR` visual tags  \n- **Automatic Sync** - Scheduled synchronization with external registries\n- **Visual Identification** - Clear visual tags distinguish federation sources in the UI\n- **Centralized Management** - Single control plane for all federated servers and agents\n\n**Quick Setup:**\n```bash\n# Configure federation sources\necho 'ASOR_ACCESS_TOKEN=your_token' >> .env\n\n# Update federation.json with your sources\n# Restart services\n.\u002Fbuild_and_run.sh\n```\n\n[**📖 Complete Federation Guide**](docs\u002Ffederation.md) - Environment setup, authentication, configuration, and troubleshooting\n\n### Security Scanning\n\n**Integrated Vulnerability Detection:**\n- **Automated Security Scanning** - Integrated vulnerability scanning for MCP servers using [Cisco AI Defence MCP Scanner](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fmcp-scanner), with automatic scans during registration and support for periodic registry-wide scans\n- **Detailed Security Reports** - Comprehensive markdown reports with vulnerability details, severity assessments, and remediation recommendations\n- **Automatic Protection** - Servers with security issues are automatically disabled with security-pending status to protect your infrastructure\n- **Compliance Ready** - Security audit trails and vulnerability tracking for enterprise compliance requirements\n\n### Authentication & Authorization\n\n**Multiple Identity Modes:**\n- **Machine-to-Machine (M2M)** - For autonomous AI agents and automated systems\n- **Three-Legged OAuth (3LO)** - For external service integration (Atlassian, Google, GitHub)\n- **Session-Based** - For human developers using AI coding assistants and web interface\n\n**Supported Identity Providers:** Keycloak, Microsoft Entra ID, Okta, Auth0, Amazon Cognito, and any OAuth 2.0 compatible provider. [Learn more](docs\u002Fauth.md)\n\n**Fine-Grained Permissions:** Tool-level, method-level, team-based, and temporary access controls. [Learn more](docs\u002Fscopes.md)\n\n### Deployment Options\n\n**Cloud Platforms:** Amazon EC2, Amazon EKS\n\n---\n\n## Telemetry\n\nThe registry collects **anonymous, non-sensitive** usage telemetry to help us understand adoption patterns and improve the product. Both tiers are **opt-out** and **on by default**.\n\n**What is sent (Tier 1 -- startup ping):** Registry version, Python version, OS, CPU architecture, cloud provider, storage backend, auth provider, and deployment mode. No IP addresses, hostnames, file paths, user data, or any PII.\n\n**Also sent by default (Tier 2 -- daily heartbeat):** Aggregate counts (number of servers, agents, skills, peers), search backend, embeddings provider, and uptime. Same privacy guarantees as Tier 1. Disable heartbeat only: `MCP_TELEMETRY_OPT_OUT=1`.\n\n> **Behavior change (post v1.0.18):** The daily heartbeat was previously opt-in (`MCP_TELEMETRY_OPT_IN=1`). It is now opt-out and sent by default. Since the heartbeat contains only aggregate counts (no PII), this aligns it with the startup ping behavior.\n\n**To opt out completely:**\n\n```bash\nexport MCP_TELEMETRY_DISABLED=1   # Disables both startup ping and heartbeat\n```\n\n**To disable heartbeat only (startup ping still sent):**\n\n```bash\nexport MCP_TELEMETRY_OPT_OUT=1\n```\n\nAll requests are HMAC-signed, rate-limited, and schema-validated. Telemetry is fail-silent and never impacts registry operation. Full details in the [Telemetry Documentation](docs\u002FTELEMETRY.md).\n\n---\n\n## Deployments\n\n### AWS Elastic Container Service (ECS)\n\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_9623f259ed95.png\" alt=\"MCP Gateway Registry on AWS ECS\" width=\"800\"\u002F>\n\u003C\u002Fdiv>\n\n**Deployment configuration** on Amazon ECS Fargate with comprehensive enterprise features:\n\n- **Multi-AZ Architecture** - Redundancy across multiple availability zones\n- **Application Load Balancer** - HTTPS\u002FSSL termination with automatic certificate management via ACM\n- **Auto-scaling** - Dynamic scaling based on CPU and memory utilization\n- **CloudWatch Integration** - Comprehensive monitoring, logging, and alerting\n- **NAT Gateway HA** - Redundant NAT gateway configuration for secure outbound connectivity\n- **Keycloak Integration** - Enterprise authentication with RDS Aurora PostgreSQL backend\n- **EFS Shared Storage** - Persistent storage for models, logs, and configuration\n- **Service Discovery** - AWS Cloud Map for service-to-service communication\n\n**[Complete ECS Deployment Guide](terraform\u002Faws-ecs\u002FREADME.md)** - Step-by-step instructions for deploying the entire stack with Terraform.\n\n### Amazon EKS (Kubernetes)\n\n**Coming Soon** - Kubernetes deployment on Amazon EKS with Helm charts for container orchestration at scale.\n\n---\n\n## Documentation\n\n| Getting Started | Enterprise Setup | Developer & Operations |\n|------------------|-------------------|------------------------|\n| [Complete Setup Guide](docs\u002Fcomplete-setup-guide.md)\u003Cbr\u002F>**NEW!** Step-by-step from scratch on AWS EC2 | [Authentication Guide](docs\u002Fauth.md)\u003Cbr\u002F>OAuth and identity provider integration | [AI Coding Assistants Setup](docs\u002Fai-coding-assistants-setup.md)\u003Cbr\u002F>VS Code, Cursor, Claude Code integration |\n| [Installation Guide](docs\u002Finstallation.md)\u003Cbr\u002F>Complete setup instructions for EC2 and EKS | [AWS ECS Deployment](terraform\u002Faws-ecs\u002FREADME.md)\u003Cbr\u002F>Deployment guide for AWS ECS Fargate | [API Reference](docs\u002Fregistry_api.md)\u003Cbr\u002F>Programmatic registry management |\n| [Keycloak Integration](docs\u002Fkeycloak-integration.md)\u003Cbr\u002F>Enterprise identity with agent audit trails | [Token Refresh Service](docs\u002Ftoken-refresh-service.md)\u003Cbr\u002F>Automated token refresh and lifecycle management | [MCP Registry CLI](docs\u002Fmcp-registry-cli.md)\u003Cbr\u002F>Command-line client for registry management |\n| [Configuration Reference](docs\u002Fconfiguration.md)\u003Cbr\u002F>Environment variables and settings | [Amazon Cognito Setup](docs\u002Fcognito.md)\u003Cbr\u002F>Step-by-step IdP configuration | [Observability Guide](docs\u002FOBSERVABILITY.md)\u003Cbr\u002F>**NEW!** Metrics, monitoring, and OpenTelemetry setup |\n| [Auth0 Integration](docs\u002Fauth0.md)\u003Cbr\u002F>Auth0 SSO with M2M support | [Okta Setup](docs\u002Fokta-setup.md)\u003Cbr\u002F>Okta IdP configuration | [Entra ID Setup](docs\u002Fentra-id-setup.md)\u003Cbr\u002F>Microsoft Entra ID integration |\n| | [Anthropic Registry Import](docs\u002Fanthropic-registry-import.md)\u003Cbr\u002F>**NEW!** Import servers from Anthropic MCP Registry | [Federation Guide](docs\u002Ffederation.md)\u003Cbr\u002F>External registry integration (Anthropic, ASOR) |\n| | | [P2P Federation Guide](docs\u002Ffederation-operational-guide.md)\u003Cbr\u002F>**NEW!** Peer-to-peer registry federation |\n| | [Service Management](docs\u002Fservice-management.md)\u003Cbr\u002F>Server lifecycle and operations | [Anthropic Registry API](docs\u002Fanthropic_registry_api.md)\u003Cbr\u002F>**NEW!** REST API compatibility |\n| | | [Fine-Grained Access Control](docs\u002Fscopes.md)\u003Cbr\u002F>Permission management and security |\n| | | [Dynamic Tool Discovery](docs\u002Fdynamic-tool-discovery.md)\u003Cbr\u002F>Autonomous agent capabilities |\n| | | [Deployment Guide](docs\u002Finstallation.md)\u003Cbr\u002F>Complete setup for deployment environments |\n| | | [Troubleshooting Guide](docs\u002Ffaq\u002Findex.md)\u003Cbr\u002F>Common issues and solutions |\n\n---\n\n## Community\n\n### Get Involved\n\n**Join the Discussion**\n- [GitHub Discussions](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fdiscussions) - Feature requests and general discussion\n- [GitHub Issues](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues) - Bug reports and feature requests\n\n**Contributing**\n- [Contributing Guide](CONTRIBUTING.md) - How to contribute code and documentation\n- [Code of Conduct](CODE_OF_CONDUCT.md) - Community guidelines\n- [Security Policy](SECURITY.md) - Responsible disclosure process\n\n### Star History\n\n[![Star History Chart](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_d4af326ac3fe.png)](https:\u002F\u002Fstar-history.com\u002F#agentic-community\u002Fmcp-gateway-registry&Date)\n\n### Roadmap\n\nOur development roadmap is organized into weekly milestones with clear deliverables and progress tracking:\n\n| Milestone | Due Date | Progress | Status | Key Issues |\n|-----------|----------|----------|--------|------------|\n| **April 2026 Week 1** | 2026-04-05 | 50% (1\u002F2) | 🚧 In Progress | **Closed:** [#738 - Normalize visibility values](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F738) **Open:** [#739 - Discover tab landing page](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F739) |\n| **April 2026 Week 2** | 2026-04-12 | 50% (1\u002F2) | 🚧 In Progress | **Closed:** [#605 - AgentCore Auto-Registration](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F605) **Open:** [#611 - Network-trusted auth token generation](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F611) |\n| **April 2026 Week 3** | 2026-04-19 | 0% (0\u002F2) | 📅 Planned | **Open:** [#614 - MCP OAuth 2.1 Authorization Spec](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F614), [#500 - Logout path-based routing fix](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F500) |\n| **April 2026 Week 4** | 2026-04-26 | 0% (0\u002F6) | 📅 Planned | **Open:** [#665 - Agent-to-Agent Knowledge Sharing](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F665), [#666 - Context Hub MVP](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F666), [#667 - Demo agent for Context Hub](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F667), [#556 - AI Gateway Rebrand](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F556), [#502 - Federation Protocol Spec](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F502), [#469 - Keycloak Secrets Manager](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F469) |\n| **Parking Lot** | -- | 0% (0\u002F13) | 🗂️ Backlog | 13 open issues awaiting prioritization |\n\n**Status Legend:** 🚧 In Progress • 📅 Planned • 🗂️ Backlog • ✅ Complete\n\n---\n\n#### Major Features\n\nThe following major features span multiple milestones and represent significant architectural improvements:\n\n- **[#739 - Discover Tab Landing Page](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F739)** 🚧 **IN PROGRESS** (April 2026 Week 1)\n  Add a Discover tab as the default landing page with Google-style search experience for finding servers, agents, and skills.\n\n- **[#665 - Agent-to-Agent Knowledge Sharing](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F665)** 📅 **PLANNED** (April 2026 Week 4)\n  Enable agents to share and discover knowledge through the AI Registry, forming a collaborative knowledge network.\n\n- **[#666 - Context Hub MVP](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F666)** 📅 **PLANNED** (April 2026 Week 4)\n  Implement Context Hub with card creation, search, and auto-discovery for agent knowledge management.\n\n- **[#614 - MCP OAuth 2.1 Authorization Spec](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F614)** 📅 **PLANNED** (April 2026 Week 3)\n  Implement RFC 9728 Protected Resource Metadata with native IDE support for MCP OAuth 2.1 authorization.\n\n- **[#556 - AI Gateway & Registry Rebrand](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F556)** 📅 **PLANNED** (April 2026 Week 4)\n  Rename \"MCP Gateway Registry\" to \"AI Gateway & Registry\" to reflect expanded support for agents and tools beyond MCP.\n\n- **[#605 - AgentCore Auto-Registration](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F605)** ✅ **COMPLETED** (April 2026)\n  Automated discovery and registration of Bedrock AgentCore gateways with credential management integration. Full `cli\u002Fagentcore\u002F` module with boto3 discovery, registration, token refresh, and security scheme support.\n\n- **[#641 - Okta Identity Provider](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F641)** ✅ **COMPLETED**\n  Added Okta as an identity provider option alongside Keycloak, Entra ID, Auth0, GitHub, and Google OAuth2.\n\n- **[#557-559 - Observability & Telemetry Suite](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F557)** ✅ **COMPLETED**\n  Comprehensive telemetry infrastructure with server-side collector ([#674](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F674)), client-side instrumentation ([#659](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F659)), and end-to-end enhancements ([#702](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F702)). [Telemetry docs](docs\u002FTELEMETRY.md).\n\n- **[#129 - Virtual MCP Server Support](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F129)** ✅ **COMPLETED**\n  Dynamic tool aggregation and intelligent routing using Lua scripting. Enables logical grouping of tools from multiple backend servers into a single virtual endpoint.\n\n- **[#232 - A2A Curated Registry Discovery](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F232)** ✅ **COMPLETED**\n  Enable agent-to-agent discovery and tool invocation through curated registry patterns.\n\n- **[#260 - Federation Between MCP Registry Instances](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F260)** ✅ **COMPLETED**\n  Federated registry with bi-directional sync, peer management, chain prevention, orphan detection, and security scan propagation across registries.\n\n- **[#297 - Unified UI Registration Flow](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F297)** ✅ **COMPLETED**\n  Streamlined registration experience for both MCP servers and A2A agents through a unified interface.\n\n- **[#295 - Multi-Level Tool Usage Rate Limiting](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F295)** 🗂️ **BACKLOG**\n  Comprehensive rate limiting architecture with detailed implementation guide for tool usage control.\n\n---\n\n#### Recently Completed (February-April 2026)\n\n- **[#738 - Normalize Visibility Values](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F738)** ✅ **COMPLETED** (April 2026)\n  Accept both 'private' and 'internal' visibility values, canonicalize to 'private' across agents, servers, and skills.\n\n- **[#737 - Supported Protocol Field](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F737)** ✅ **COMPLETED** (April 2026)\n  Added `supported_protocol` field to distinguish A2A agents, updated `trust_level`\u002F`visibility` defaults, with backfill script and 31 new unit tests.\n\n- **[#728 - AgentCore Security Schemes](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F728)** ✅ **COMPLETED** (April 2026)\n  Support Bedrock AgentCore `httpAuthSecurityScheme` format, HEAD fallback for auth-protected health checks, and field pass-through for frontend JSON upload.\n\n- **[#650 - Semgrep Security Findings](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F650)** ✅ **COMPLETED** (March 2026)\n  Fixed SQL injection vulnerability with allowlist validation and hardened Docker Compose security (CIS Docker Benchmark 4.6). Added security_opt and cap_drop to all services, reducing findings by 86%.\n\n- **[#603 - Infrastructure as Code Security](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F603)** ✅ **COMPLETED** (March 2026)\n  Terraform, CloudFormation, and Kubernetes security hardening (101 findings resolved).\n\n- **[#602 - Docker & Container Security](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F602)** ✅ **COMPLETED** (March 2026)\n  Root container fixes, HEALTHCHECK additions, and version tag implementations (29 findings resolved).\n\n- **[#601 - Secrets & Credentials Security](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F601)** ✅ **COMPLETED** (March 2026)\n  Hardcoded secrets removal and OAuth2 security improvements (39 findings resolved).\n\n- **[#600 - Application Security](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F600)** ✅ **COMPLETED** (March 2026)\n  CSRF protection, path traversal prevention, and credential logging fixes (30 findings resolved).\n\n- **[#598 - Request Timeout Security](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F598)** ✅ **COMPLETED** (March 2026)\n  Added missing request timeouts across all HTTP operations (B113 findings).\n\n- **[#613 - FAISS Search Fix](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F613)** ✅ **COMPLETED** (March 2026)\n  Fixed FAISS search initialization and entity type handling.\n\n- **[#622 - Agent State Persistence](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F622)** ✅ **COMPLETED** (March 2026)\n  Agent enabled state now properly persisted to repository on toggle operations.\n\n- **[#626 - Helm Chart UI Fix](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F626)** ✅ **COMPLETED** (March 2026)\n  Registry UI now renders correctly when deployed using Helm chart for full stack.\n\n- **[#572 - Audit Log Enhancements](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F572)** ✅ **COMPLETED** (March 2026)\n  Searchable dropdown filters and statistics dashboard for audit logs.\n\n- **[#583 - mcpgw Refactoring](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F583)** ✅ **COMPLETED** (March 2026)\n  Refactored mcpgw MCP server to eliminate technical debt and use registry HTTP APIs.\n\n- **[#543 - OTLP Push Export](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F543)** ✅ **COMPLETED** (March 2026)\n  Enabled OTLP push export for metrics service (Datadog, New Relic, Prometheus remote write support).\n\n- **[#542 - Encrypted Credential Storage](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F542)** ✅ **COMPLETED** (February 2026)\n  Replaced auth_type with auth_scheme and added encrypted credential storage for backend server authentication and health checks.\n\n- **[#547 - ECS Service Connect DNS Fix](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F547)** ✅ **COMPLETED** (February 2026)\n  Fixed dual-stack DNS issues breaking Lua metrics flush and Python health checker in ECS deployments.\n\n- **[#581 - macOS Quick-start Skill](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F581)** ✅ **COMPLETED** (March 2026)\n  Added Claude skill for macOS quickstart installation with interactive setup and teardown.\n\nFor the complete list of all issues, feature requests, and detailed release history, visit:\n- [All GitHub Issues](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues)\n- [All GitHub Milestones](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fmilestones)\n- [Release Notes](release-notes\u002F)\n\n---\n\n## License\n\nThis project is licensed under the Apache-2.0 License - see the [LICENSE](LICENSE) file for details.\n\n---\n\n\u003Cdiv align=\"center\">\n\n**⭐ Star this repository if it helps your organization!**\n\n[Get Started](docs\u002Finstallation.md) | [Documentation](docs\u002F) | [Contribute](CONTRIBUTING.md)\n\n\u003C\u002Fdiv>","\u003Cdiv align=\"center\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_7a96eab3b4e4.png\" alt=\"MCP 网关与注册表标志\" width=\"100%\">\n\n**统一代理与 MCP 服务器注册表——AI 开发工具网关**\n\n[![GitHub 星标](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat&logo=github)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fstargazers)\n[![GitHub 分支](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fforks\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat&logo=github)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fnetwork)\n[![GitHub 问题](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat&logo=github)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues)\n[![许可证](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flicense\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fblob\u002Fmain\u002FLICENSE)\n[![GitHub 发布](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fagentic-community\u002Fmcp-gateway-registry?style=flat&logo=github)](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Freleases)\n\n[🚀 立即开始](#option-a-pre-built-images-instant-setup) | [macOS 设置技能](.claude\u002Fskills\u002Fmacos-setup\u002FSKILL.md) | [AWS Workshop Studio](https:\u002F\u002Fcatalog.us-east-1.prod.workshops.aws\u002Fworkshops\u002F0c3265a6-1a4a-467b-ae56-e4d019184b0e\u002Fen-US) | [AWS 部署](terraform\u002Faws-ecs\u002FREADME.md) | [快速入门](#quick-start) | [文档](docs\u002F) | [社区](#community)\n\n**演示视频：** 🎥 [AWS 展示与讲解](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=dk0qVukHLGU) | ⭐ [MCP 注册表 CLI 演示](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F98200866-e8bd-4ac3-bad6-c6d42b261dbe) | [完整端到端功能](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F5ffd8e81-8885-4412-a4d4-3339bbdba4fb) | [OAuth 三腿认证](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F3c3a570b-29e6-4dd3-b213-4175884396cc) | [动态工具发现](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fcee25b31-61e4-4089-918c-c3757f84518c) | [代理技能](https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F5d1f227a-25f8-480d-9ff9-acba2498844b) | [虚拟 MCP 服务器](https:\u002F\u002Fapp.vidcast.io\u002Fshare\u002F954e6296-f217-4559-8d86-88cec25af763) | [幻灯片演示文稿](docs\u002Fslides\u002Fmcp-gateway-registry-presentation.pdf)\n\n\u003C\u002Fdiv>\n\n---\n\n## 什么是 MCP 网关与注册中心？\n\n**MCP 网关与注册中心**是一个统一的平台，旨在通过 [模型上下文协议 (MCP)](https:\u002F\u002Fmodelcontextprotocol.io\u002Fintroduction) 集中管理对 MCP 服务器和 AI 代理的访问。它提供三大核心功能：\n\n1. **统一的 MCP 服务器网关**——多台 MCP 服务器的集中访问入口  \n2. **MCP 服务器注册中心**——注册、发现并管理对 MCP 服务器的访问，实现统一的治理  \n3. **代理注册中心及 A2A 通信枢纽**——代理注册、发现、治理，以及通过 [A2A（代理间）协议](https:\u002F\u002Fa2a-protocol.org\u002Flatest\u002Fspecification\u002F) 实现代理间的直接通信  \n\n该平台可与 Anthropic 的 MCP 注册中心等外部注册中心集成，为工具访问、代理编排以及代理间通信模式提供单一的控制平面。\n\n**为何需要统一？** 与其让各个开发团队分别管理数百个独立的 MCP 服务器配置、代理连接和分散的治理体系，不如通过这一平台，以安全、受控的方式，通过一个统一的控制平面访问精选的 MCP 服务器和已注册的代理。\n\n**将以下混乱局面转变为：**\n```\n❌ AI 代理需要分别连接到每台 MCP 服务器  \n❌ 每位开发者需单独配置 VS Code、Cursor 和 Claude Code  \n❌ 开发者必须在本地安装和管理 MCP 服务器  \n❌ 企业级工具缺乏标准的身份验证流程  \n❌ API 密钥和凭据散落在各个工具中  \n❌ 无法了解团队正在使用哪些工具  \n❌ 无管控的工具泛滥带来安全风险  \n❌ 自主代理无法动态发现可用工具  \n❌ 多租户环境中缺少精选的工具目录  \n❌ A2A 提供代理卡片，但代理之间无法相互发现  \n❌ 维护独立的 MCP 服务器和代理注册中心在治理上不可行  \n❌ 无法对服务器和代理的访问实施统一的策略  \n```\n\n**转变为以下有序方式：**\n```\n✅ AI 代理只需连接到一个网关，即可访问多台 MCP 服务器  \n✅ VS Code、Cursor 和 Claude Code 只需一次配置  \n✅ 中央 IT 团队通过可流式传输的 HTTP 协议管理云端托管的 MCP 基础设施  \n✅ 开发者使用标准的 OAuth 2LO\u002F3LO 流程访问企业级 MCP 服务器  \n✅ 凭据集中管理，并与安全 vault 集成  \n✅ 全面可见所有工具的使用情况及审计追踪  \n✅ 提供受控的工具访问权限，增强安全性  \n✅ 自主工作流可动态发现并调用工具  \n✅ 注册中心提供可发现的精选 MCP 服务器，适用于多租户环境  \n✅ 代理可通过统一的代理注册中心发现并与其他代理通信  \n✅ MCP 服务器和代理治理共用一个控制平面  \n✅ 对服务器和代理的访问实施统一的策略与审计追踪  \n```\n\n```\n┌─────────────────────────────────────┐     ┌──────────────────────────────────────────────────────┐\n│          之前：混乱              │     │    之后：MCP 网关与注册中心                     │\n├─────────────────────────────────────┤     ├──────────────────────────────────────────────────────┤\n│                                     │     │                                                      │\n│  开发者 1 ──┬──► MCP 服务器 A    │     │  开发者 1 ──┐                  ┌─ MCP 服务器 A    │\n│                ├──► MCP 服务器 B    │     │                │                  ├─ MCP 服务器 B    │\n│                └──► MCP 服务器 C    │     │  开发者 2 ──┼──► MCP 网关   │                  │\n│                                     │     │                │    & 注册中心 ───┼─ MCP 服务器 C    │\n│  开发者 2 ──┬──► MCP 服务器 A    │ ──► │  AI 代理 1 ───┘         │        │                  │\n│                ├──► MCP 服务器 D    │     │                          │        ├─ AI 代理 1      │\n│                └──► MCP 服务器 E    │     │  AI 代理 2 ──────────────┤        ├─ AI 代理 2     │\n│                                     │     │                          │        │                  │\n│  AI 代理 1 ───┬──► MCP 服务器 B    │     │  AI 代理 3 ──────────────┘        └─ AI 代理 3     │\n│                ├──► MCP 服务器 C    │     │                                                      │\n│                └──► MCP 服务器 F    │     │              单一连接点                 │\n│                                     │     │                                                      │\n│  ❌ 每个用户需建立多条连接  │     │         ✅ 所有连接仅需一个网关                      │\n│  ❌ 缺乏集中管控         │     │         ✅ 统一的服务器和代理访问                    │\n│  ❌ 凭据管理混乱        │     │         ✅ 统一的治理与审计追踪                    │\n└─────────────────────────────────────┘     └──────────────────────────────────────────────────────┘\n```\n\n> **关于代理间通信的说明：** AI 代理通过统一的代理注册中心发现其他 AI 代理，并**直接**（点对点）与其通信，无需经由 MCP 网关路由。注册中心负责发现、身份验证和访问控制，而代理之间则保持直接连接，以实现高效、低延迟的通信。\n\n## 统一的代理与服务器注册中心\n\n该平台作为一个全面的统一注册中心，支持以下功能：\n\n- ✅ **MCP 服务器注册与发现**——注册、发现并管理对 MCP 服务器的访问  \n- ✅ **AI 代理注册与发现**——注册代理，并使其能够发现其他代理  \n- ✅ **代理间（A2A）通信**——使用 A2A 协议实现代理间的直接通信  \n- ✅ **多协议支持**——支持多种代理通信协议和模式  \n- ✅ **统一治理**——为代理和服务器提供单一的策略与访问控制系统  \n- ✅ **跨协议代理发现**——无论采用何种实现方式，代理均可相互发现  \n- ✅ **集成外部注册中心**——可与 Anthropic 的 MCP 注册中心及其他外部来源对接  \n- ✅ **代理卡片与元数据**——丰富的元数据，涵盖代理的能力、技能和身份验证机制  \n\n关键区别：**与单独的解决方案不同，这一统一的注册中心消除了维护独立的 MCP 服务器和代理系统的需求**，为代理编排、MCP 服务器访问以及代理间通信提供了一个统一的控制平面。\n\n## MCP 服务器、代理与技能注册中心\n\n观看 MCP 服务器、A2A 代理和外部注册中心如何协同工作，实现动态工具发现：\n\nhttps:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F97c640db-f78b-4a6c-9662-894f975f66e2\n\n---\n\n## MCP 工具实战演示\n\n[查看 MCP 工具演示](docs\u002Fimg\u002FMCP_tools.gif)\n\n---\n\n## MCP 注册表 CLI\n\n用于以自然语言与 AI 模型对话并发现 MCP 工具的交互式终端界面。通过类似 Claude Code 的对话式界面与注册表进行交流，实时显示令牌状态、跟踪费用，并支持选择 AI 模型。\n\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_00dc087c4e4b.png\" alt=\"MCP 注册表 CLI 截图\" width=\"800\"\u002F>\n\u003C\u002Fdiv>\n\n**快速入门：** `registry --url https:\u002F\u002Fmcpgateway.ddns.net` | [完整指南](docs\u002Fmcp-registry-cli.md)\n\n---\n\n## 最新动态\n\n- **AWS 代理注册表联邦化** - 将来自 [AWS 代理注册表](https:\u002F\u002Fdocs.aws.amazon.com\u002Fbedrock-agentcore\u002Flatest\u002Fdevguide\u002Fregistry.html) 的 MCP 服务器、A2A 代理及代理技能联邦到 MCP 网关注册表中。可添加多个 AgentCore 注册表（同一或不同 AWS 账户\u002F区域），选择要同步的描述符类型（MCP、A2A、CUSTOM、AGENT_SKILLS），并通过外部注册表设置页面统一管理。支持通过 IAM 角色扮演实现跨账户访问、在移除注册表时自动清理级联数据，以及启动时自动同步。只需设置一个环境变量 (`AWS_REGISTRY_FEDERATION_ENABLED=true`) 即可为 ECS\u002FTerraform 或 Helm 部署启用。[操作指南](docs\u002Faws-agent-registry-federation.md) | [设计文档](docs\u002Fdesign\u002Faws-agent-registry-federation.md)\n\n- **注册任意代理（A2A 和非 A2A）** - 代理注册表现支持注册任意代理，而不仅限于 A2A 协议代理。新增 `supported_protocol` 字段（`a2a` 或 `other`），用于区分代理类型。可通过 UI（A2A 代理勾选框，编辑时协议选择下拉菜单）、API（注册有效载荷中的 `supportedProtocol` 字段）或 CLI（`--supported-protocol` 标志）进行注册。默认 `trust_level` 更新为 `community`，`visibility` 更新为 `public`，以保持一致性。使用一次性 [回填脚本](scripts\u002Fbackfill_agent_fields.py) 对 MongoDB 中现有代理进行规范化处理。新增两个 Claude Code 技能——[generate-agent-card](.claude\u002Fskills\u002Fgenerate-agent-card\u002FSKILL.md) 和 [generate-server-card](.claude\u002Fskills\u002Fgenerate-server-card\u002FSKILL.md)——可分析源代码并生成可用于注册的代理或服务器卡片 JSON 文件。[文档](docs\u002Fsupported-protocol-and-trust-fields.md)\n\n- **Amazon Bedrock AgentCore 批量导入** - 使用一条命令即可自动发现并注册您 AWS 账户中的所有 AgentCore 网关和代理运行时。CLI 会扫描处于 READY 状态的资源，根据协议将网关注册为 MCP 服务器，将运行时注册为 MCP 服务器或 A2A 代理，并生成用于自动化凭据轮换的令牌刷新清单。支持多账户扫描、符合 OIDC 标准的身份提供商（Cognito、Auth0、Okta、Entra ID、Keycloak），以及覆盖模式以更新现有注册信息。[AgentCore 操作指南](docs\u002Fagentcore.md) | [设计文档](docs\u002Fdesign\u002Fagentcore-scanner-design.md)\n\n- **匿名使用遥测** - 以隐私为先的遥测功能，用于跟踪注册表的采用模式。仅发送非敏感的部署元数据（版本、操作系统、存储后端、身份验证提供商），不包含 PII、主机名或用户数据。默认为禁用状态（启动时 ping 功能开启，设置 `MCP_TELEMETRY_DISABLED=1` 可关闭）。可选择每日心跳报告，提供聚合计数（服务器\u002F代理\u002F技能总数）。采用 HMAC 签名请求、基于 IP 哈希的速率限制、严格的模式验证以及失败静默设计，确保对注册表运行无任何影响。管理员 API 可按需强制触发心跳或启动事件。[遥测文档](docs\u002FTELEMETRY.md)\n\n- **代理名称服务 (ANS) 集成** - 通过 GoDaddy 的 [代理名称服务](https:\u002F\u002Fwww.godaddy.com\u002Fans) 为已注册的代理和 MCP 服务器添加基于 PKI 的信任验证。代理所有者将其 ANS 代理 ID 关联到注册条目，注册表通过 ANS API 验证身份，并在代理卡片和语义搜索结果中显示可点击的信任徽章。后台调度器每 6 小时重新验证所有关联身份，并配备断路器保护机制。支持跟踪已验证、已过期和已被吊销的状态，并提供用于手动同步、指标和健康检查的管理端点。[设计与操作指南](docs\u002Fdesign\u002Fans-integration.md) | [演示视频](https:\u002F\u002Fapp.vidcast.io\u002Fshare\u002Fc2240a78-8899-46ad-9375-6fb0cc1345f3?playerMode=vidcast)\n\n- **联邦发现的注册表卡片** - 随着各注册表之间日益需要相互发现与通信，我们实现了注册表卡片规范——一种可通过 `\u002F.well-known\u002Fregistry-card` 访问的标准化发现文档。该文档提供了包括认证端点、功能能力和联系方式在内的关键元数据，适用于任何注册表实例。增强的服务器、代理和技能卡片包含更丰富的元数据，从而支持更好的联邦工作流。[注册表卡片配置指南](docs\u002Ffederation-operational-guide.md#registry-card-configuration)\n\n- 🔑 **Auth0 身份提供商支持** - 全面的企业级 SSO 集成，将 Auth0 作为身份提供商。统一的 IAM API 现在支持 Auth0 与 Keycloak、Microsoft Entra ID 和 Okta 一起使用，无论您选择哪种 IdP，都能提供统一的接口来创建用户、组和 M2M 服务账户。功能包括 Auth0 Actions 用于注入组声明、M2M 客户端同步结合数据库驱动的组扩充以生成 OAuth2 Client Credentials 令牌，以及完整的 Docker Compose 和 Terraform\u002FECS 部署支持。只需更改一个环境变量即可切换身份提供商，同时继续使用相同的管理 API 和 UI。[Auth0 设置指南](docs\u002Fauth0.md)\n\n- 🔑 **Okta 身份提供商支持** - 全面的企业级 SSO 集成，将 Okta 作为身份提供商。现有的统一 IAM API 现在支持 Okta 与 Keycloak 和 Microsoft Entra ID 一起使用，无论您选择哪种 IdP，都能提供统一的接口来创建用户、组和 M2M 服务账户。功能包括自定义授权服务器支持可扩展的 M2M 认证、基于数据库的组扩充以生成 OAuth2 Client Credentials 令牌，以及完整的 Docker Compose 和 Terraform\u002FECS 部署支持。只需更改一个环境变量即可切换身份提供商，同时继续使用相同的管理 API 和 UI。[Okta 设置指南](docs\u002Fokta-setup.md)\n\n- 🔐 **企业安全态势文档** - 全面的安全架构文档，涵盖所有部署平台（ECS、EKS、Docker Compose）的纵深防御体系。详细介绍了基础设施安全、使用 KMS 实现静态和传输加密、自动化轮转的密钥管理、遵循 CIS 基准的容器加固、使用 Semgrep 和 Bandit 进行自动化扫描的应用程序安全、MCP 服务器的供应链安全，以及对 SOC 2\u002FGDPR 标准的合规性。[安全态势指南](docs\u002Fsecurity-posture.md)\n\n- **📊 指标直接 OTLP 推送导出** - 无需中间 OTEL 收集器，即可将指标直接推送至任何兼容 OTLP 的可观测性平台（如 Datadog、New Relic、Honeycomb、Grafana Cloud）。通过环境变量（`OTEL_OTLP_ENDPOINT`、`OTEL_EXPORTER_OTLP_HEADERS`）进行配置，实现与商业可观测性平台的即时集成。支持 Docker Compose 和 Terraform\u002FECS 部署，并通过 AWS Secrets Manager 安全管理凭证。可与现有 Prometheus\u002FGrafana 环境并行使用，构建混合监控体系。[指标架构指南 — 直接 OTLP 推送](docs\u002Fmetrics-architecture.md#direct-otlp-push-export-simplified-setup)\n\n- ⭐ **AWS Workshop Studio：利用 MCP 网关与注册中心保护 AI 代理生态系统** - 实战工作坊，涵盖生产级 AI 代理生态系统的部署、身份验证、治理及安全最佳实践。学习如何在 AWS 上部署 MCP 网关与注册中心，配置企业级身份验证，实施细粒度访问控制，并确保 AI 代理通信的安全性。[开始工作坊](https:\u002F\u002Fcatalog.us-east-1.prod.workshops.aws\u002Fworkshops\u002F0c3265a6-1a4a-467b-ae56-e4d019184b0e\u002Fen-US)\n\n- 💻 **单命令 macOS 设置** - 在 MacBook 上快速启动并试用该解决方案的最便捷方式。只需请求 Claude Code 或您喜爱的 AI 编程助手使用 [macOS 设置技能](.claude\u002Fskills\u002Fmacos-setup\u002FSKILL.md)，它便会自动克隆仓库、安装所有依赖项、配置服务（MongoDB、Keycloak、注册中心）、注册示例服务器，并验证整个堆栈是否正常运行。非常适合单人开发环境及动手探索。支持通过单条命令完成完整设置或彻底清理。*ECS\u002FEKS 部署技能即将推出。*\n\n- **AI 注册中心 MCP 服务器（airegistry-tools）** - 允许 AI 编程助手（Claude Code、Roo Code、Cursor 等）直接从注册中心发现并查询 MCP 服务器、代理和技能。提供 5 个工具：`list_services`、`list_agents`、`list_skills`、`intelligent_tool_finder`（语义搜索）以及 `healthcheck`。注册中心启动时自动注册，无需手动配置。详情请参阅 [AI 注册中心工具文档](docs\u002Fai-registry-tools.md)。\n\n- **治理与安全增强** - 增强审计日志功能，支持按用户名、MCP 服务器等条件进行搜索过滤；新增统计仪表板，展示热门用户、操作记录、时间线图表以及每位用户的活动细分。系统 uptime 和健康状态现可在页眉中查看，包含部署信息、注册中心统计数据及数据库状态。通过 Bandit 扫描进行全面安全加固，解决了子进程安全问题（B603\u002FB607）、SQL 注入防护（B608）、硬编码凭证检测（B105）等代码库中的各类漏洞模式。所有安全发现均已记录并妥善处理，对必要例外情况也提供了合理解释。\n\n- **IAM 设置 UI** - 提供可视化界面，可直接在 Web UI 中管理用户、组及 M2M 服务账户。创建并配置具有细粒度权限的访问控制组，针对服务器、工具、代理及 UI 功能进行授权。支持为人类用户分配组别，并为 AI 代理创建带有 OAuth2 客户端凭据的 M2M 服务账户。功能包括可搜索的服务器\u002F代理\u002F工具选择器、作用域配置的 JSON 导入导出，以及对 MCP 服务器和虚拟服务器在访问规则中的统一支持。兼容 Keycloak 和 Microsoft Entra ID 身份提供商。[IAM 设置指南](docs\u002Fiam-settings-ui.md)\n\n- **系统配置查看器** - 通过设置 UI 查看并导出所有注册中心配置参数。仅限管理员可见的面板展示了 11 个配置分组（部署、存储、认证、嵌入、健康、WebSocket、安全扫描、审计、联邦、发现），并对敏感值进行遮蔽处理。支持以 ENV、JSON、TFVARS 或 YAML 格式导出配置，便于自动化部署。API 端点 `\u002Fapi\u002Fconfig\u002Ffull` 和 `\u002Fapi\u002Fconfig\u002Fexport` 提供程序化访问接口。[配置指南](docs\u002Fconfiguration.md#viewing-configuration-via-ui)\n\n- **虚拟 MCP 服务器支持** - 将多个后端 MCP 服务器的工具、资源和提示聚合到一个统一的端点。客户端连接到单一虚拟服务器，该服务器会呈现来自任意已注册后端组合的能力视图，并实施精细的访问控制。功能包括工具别名映射（解决命名冲突）、版本锁定（固定到特定后端版本）、基于作用域的工具级访问控制、会话多路复用（一个客户端会话透明地映射到多个后端会话），以及对 `tools\u002Flist`、`resources\u002Flist` 和 `prompts\u002Flist` 的 60 秒缓存聚合。支持所有 MCP JSON-RPC 方法，包括 `initialize`、`ping`、`tools\u002Fcall`、`resources\u002Fread` 和 `prompts\u002Fget`。[设计文档](docs\u002Fdesign\u002Fvirtual-mcp-server.md) | [操作指南](docs\u002Fvirtual-server-operations.md)\n\n- **仅注册中心部署模式** - 可以不集成 Nginx 网关，将注册中心作为独立的目录\u002F发现服务运行。在“仅注册中心”模式下，注册服务器时不会更新 Nginx 配置，MCP 代理请求将返回 503 错误，并提示使用直连方式。前端会自动调整，显示 `proxy_pass_url` 而非网关 URL。结合 `REGISTRY_MODE` 设置（`full`、`skills-only`、`mcp-servers-only`、`agents-only`），您可以根据具体场景配置注册中心。例如，将 `REGISTRY_MODE=skills-only` 设置为专用技能注册中心，仅管理 Agent Skills（SKILL.md 文件），而不涉及 MCP 服务器或 A2A 代理——这非常适合希望拥有轻量级技能库的团队。UI 会自动适应，仅显示相关功能；对于被禁用的功能，API 端点将返回 503 错误。诸如“启用网关 + 技能仅用”之类的无效组合会自动纠正并发出警告。[注册中心部署模式指南](docs\u002Fregistry-deployment-modes.md)\n\n- **代理技能注册中心** - 注册、发现并管理可重用的指令集（SKILL.md 文件），以通过专业工作流增强 AI 编码助手的功能。技能托管在 GitHub、GitLab 或 Bitbucket 上，并注册到 MCP 网关注册中心，以便于发现和访问控制。功能包括：用于元数据提取的 YAML 前置元数据解析、基于 URL 可达性检查的健康监测、可见性控制（公开\u002F私有\u002F组）、星级评分、语义搜索集成、工具依赖性验证，以及带有 SKILL.md 内容模态框的丰富 UI。安全性方面，在注册时会自动使用 [Cisco AI Defense Skill Scanner](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fcisco-ai-skill-scanner) 进行安全扫描，该扫描器结合了 YARA 模式匹配、LLM 分析和静态代码检查。同时，通过重定向验证提供 SSRF 防护，确保 URL 处理的安全性。[代理技能指南](docs\u002Fagent-skills-operational-guide.md) | [架构](docs\u002Fdesign\u002Fagent-skills-architecture.md) | [安全扫描](docs\u002Fsecurity-scanner.md#agent-skills-security-scanning)\n\n- **📋 合规审计日志记录** - 用于安全监控和合规性的全面审计日志记录功能。捕获所有 Registry API 和 MCP 网关的访问事件，包含用户身份、操作详情及时间信息。功能包括：自动凭证脱敏（令牌、Cookie、密码绝不会被记录）、基于 TTL 的日志保留策略（默认 7 天，可配置）、仅管理员可用的审计查看 UI，支持筛选和导出（JSONL\u002FCSV 格式），以及非阻塞的异步设计。支持 SOC 2 和 GDPR 要求，实现“谁、什么、何时、何地、结果”的追踪。[审计日志指南](docs\u002Faudit-logging.md)\n\n- **🌐 点对点注册中心联邦化** - 连接多个 MCP 网关注册中心实例，实现服务器与代理之间的双向同步。中央 IT 团队可以汇总跨业务线注册中心的可见性，而各业务线也可从中央枢纽继承共享工具。功能包括：可配置的同步模式（全部、白名单、标签过滤）、定时与按需同步、适用于不依赖 IdP 部署的静态令牌认证、采用 Fernet 加密的凭证存储、基于版本号的孤儿检测，以及路径命名空间机制以避免冲突。同步后的条目为只读，并显示其来源注册中心。类似 VS Code 风格的设置 UI 提供对对等节点的管理、同步触发及状态监控功能。[架构设计](docs\u002Fdesign\u002Ffederation-architecture.md) | [操作指南](docs\u002Ffederation-operational-guide.md)\n\n- **🔑 注册中心 API 的静态令牌认证** - 使用静态 API 密钥而非基于 IdP 的 JWT 验证来访问 Registry API 端点（`\u002Fapi\u002F*`、`\u002Fv0.1\u002F*`）。此功能专为可信网络环境、CI\u002FCD 流水线以及 CLI 工具设计，因为在这些场景下配置完整的身份提供商可能并不实际。MCP 网关端点仍需进行完整的 IdP 认证。此外，系统会在启动时进行验证，若未配置令牌则会禁用该功能。[静态令牌认证指南](docs\u002Fstatic-token-auth.md)\n\n- **🔀 MCP 服务器版本路由** - 在单个网关端点后同时运行同一 MCP 服务器的多个版本。将新版本注册为非活跃状态，通过 `X-MCP-Server-Version` 头进行测试，然后只需一次 API 调用或 UI 点击即可将其提升为活跃状态。功能包括即时回滚、客户端版本固定、带有日落日期的弃用生命周期、基于 Nginx map 的 O(1) 自动路由、所有版本的级联删除以及交换后的健康检查。仪表板会独立显示管理员控制的路由版本和 MCP 服务器报告的软件版本。只有活跃版本才会出现在搜索结果和健康检查中。[设计文档](docs\u002Fdesign\u002Fserver-versioning.md) | [操作指南](docs\u002Fserver-versioning-operations.md)\n- **👥 多提供商 IAM 与统一 API** - 完整的身份和访问管理支持 Keycloak、Microsoft Entra ID、Okta 和 Auth0。注册表 API 提供统一的用户和组管理体验，无论您使用哪种 IdP。普通用户可以通过 UI 登录，并为 CLI 工具和 AI 编码助手生成自签名 JWT 令牌（具有与其会话相同的权限）。服务账户 (M2M) 可通过 OAuth2 客户端凭证流程启用 AI 代理身份。通过作用域实现细粒度的访问控制，精确定义每个用户可以访问哪些 MCP 服务器、方法、工具和代理。[认证设计](docs\u002Fdesign\u002Fauthentication-design.md) | [IdP 提供商架构](docs\u002Fdesign\u002Fidp-provider-support.md) | [作用域管理](docs\u002Fscopes-mgmt.md) | [Entra ID 设置](docs\u002Fentra-id-setup.md) | [Okta 设置](docs\u002Fokta-setup.md) | [Auth0 设置](docs\u002Fauth0.md)\n- **🏷️ 服务器与代理的自定义元数据** - 为 MCP 服务器和代理添加丰富的自定义元数据，用于组织、合规性和集成跟踪。元数据可通过语义搜索完全索引，支持诸如“team:data-platform”、“PCI-DSS 合规”或“owner:alice@example.com”之类的查询。用例包括团队所有权、合规性跟踪（PCI-DSS、HIPAA）、成本中心分配、部署区域、JIRA 工单以及自定义标签。与现有注册向后兼容。[元数据使用指南](docs\u002Fcustom-metadata.md)\n- **🔎 增强的混合搜索** - 改进的语义搜索，将向量相似度与分词关键词匹配相结合，适用于服务器、工具和代理。显式名称引用现在会提升相关性得分，确保精确匹配优先显示。[混合搜索架构](docs\u002Fdesign\u002Fhybrid-search-architecture.md)\n- **🛡️ 安全扫描结果在 UI 中展示** - 安全扫描结果现在直接显示在服务器和代理卡片上，采用颜色编码的盾牌图标（灰色\u002F绿色\u002F红色）。点击盾牌图标可查看详细扫描结果，并从 UI 触发重新扫描。[安全扫描仪文档](docs\u002Fsecurity-scanner.md)\n- **🧪 全面的测试套件与更新的 LLM 文档** - 完整的 pytest 测试套件，包含 701+ 项通过测试（单元测试、集成测试、端到端测试），通过 GitHub Actions 在所有 PR 上自动运行。覆盖率至少 35%（目标 80%），约 30 秒完成，使用 8 个并行工作进程。更新的 llms.txt 提供了关于 LLM 编码助手的全面文档，涵盖存储后端迁移（文件 → DocumentDB\u002FMongoDB）、代码库模式、AWS ECS 部署、Microsoft Entra ID 集成、双重安全扫描、联邦架构、评分系统、测试标准以及关键代码组织中的反模式。[测试指南](docs\u002Ftesting\u002FREADME.md) | [docs\u002Fllms.txt](docs\u002Fllms.txt)\n- **📊 DocumentDB 和 MongoDB CE 存储后端** - 使用与 MongoDB 兼容的分布式存储后端。DocumentDB 提供原生 HNSW 向量搜索，在生产部署中可实现亚百毫秒的语义查询；而 MongoDB Community Edition 8.2 则支持带有副本集的完整本地开发功能。两个后端使用相同的代码库抽象层，具备自动集合管理、优化索引以及面向应用级别的向量搜索功能。只需一个环境变量即可在 MongoDB CE（本地测试）和 DocumentDB（生产）之间切换。注意：基于文件的存储已被弃用，将在未来版本中移除。建议本地开发使用 MongoDB CE。[配置指南](docs\u002Fconfiguration.md#storage-backend-configuration) | [存储架构](docs\u002Fdesign\u002Fstorage-architecture-mongodb-documentdb.md)\n- **🔒 A2A 代理安全扫描** - 集成 [Cisco AI Defense A2A Scanner](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fa2a-scanner)，对 A2A 代理进行安全扫描。在代理注册时自动执行安全扫描，包括 YARA 模式匹配、A2A 规范验证和启发式威胁检测。功能包括自动标记不安全代理、可配置的阻止策略以及详细的扫描报告，提供 API 端点以查看结果并触发重新扫描。\n- **🔧 注册表管理 API** - 新的程序化 API，用于管理服务器、组和用户。Python 客户端 (`api\u002Fregistry_client.py`) 提供类型安全接口、RESTful HTTP 端点 (`\u002Fapi\u002Fmanagement\u002F*`) 和全面的错误处理。以现代 API 方式取代 Shell 脚本，同时保持向后兼容性。[API 文档](api\u002FREADME.md) | [服务管理指南](docs\u002Fservice-management.md)\n- **⭐ 服务器与代理评分系统** - 使用交互式五星级评分组件对代理进行评分和评论。用户可通过 UI 或 CLI 提交评分，查看汇总评分及个人评分详情，并更新其现有评分。功能包括循环缓冲区（每代理最多 100 条评分）、每位用户仅限一条评分、浮点平均值计算以及完整的 OpenAPI 文档。支持社区驱动的代理质量评估和发现。\n- **🧠 灵活的嵌入支持** - 语义搜索可选择三种嵌入提供商：本地 sentence-transformers、OpenAI，或任何受 LiteLLM 支持的提供商，包括 Amazon Bedrock Titan、Cohere 以及其他 100 多种模型。只需简单配置更改即可切换提供商。[嵌入指南](docs\u002Fembeddings.md)\n- **☁️ AWS ECS 部署** - 在 Amazon ECS Fargate 上进行部署，采用多可用区架构、带 HTTPS 的 Application Load Balancer、自动扩展、CloudWatch 监控以及 NAT Gateway 冗余。完整的 Terraform 配置可用于部署整个堆栈。[ECS 部署指南](terraform\u002Faws-ecs\u002FREADME.md)\n- **📦 灵活的部署模式** - 三种部署选项以满足您的需求：(1) 仅 CloudFront，无需自定义域名即可快速搭建；(2) 自定义域名搭配 Route53\u002FACM，打造品牌化 URL；或 (3) CloudFront + 自定义域名，兼具 CDN 优势的生产环境。[部署模式指南](docs\u002Fdeployment-modes.md)\n- **🔗 联邦注册表** - MCP Gateway 注册表现支持与其他注册表的服务器和代理联邦。[联邦指南](docs\u002Ffederation.md)\n- **🔗 代理间协议 (A2A) 支持** - 代理现在可以通过安全的集中式注册表注册、发现并与其他代理通信。借助 Keycloak 基于组的访问控制和细粒度权限，构建自主代理生态系统。[A2A 指南](docs\u002Fa2a.md)\n- **🏢 Microsoft Entra ID 集成** - 企业级 SSO，采用 Microsoft Entra ID（Azure AD）身份验证。基于组的访问控制、条件访问策略以及与现有 Microsoft 365 环境的无缝集成。[Entra ID 设置指南](docs\u002Fentra-id-setup.md)\n- **🤖 MCP 注册表的对话式 CLI** - 使用类似 Claude Code 的界面，以自然语言与注册表交互。发现工具、提问并以对话方式执行 MCP 命令。[了解详情](docs\u002Fmcp-registry-cli.md)\n- **🔒 MCP 服务器安全扫描** - 集成 [Cisco AI Defense MCP Scanner](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fmcp-scanner) 进行漏洞扫描。在服务器注册时自动执行安全扫描，定期对整个注册表进行全面扫描并生成详细的 Markdown 报告，同时自动禁用存在安全问题的服务器。\n- **📥 从 Anthropic MCP 注册表导入服务器** - 使用一条命令即可从 Anthropic 注册表导入精选的 MCP 服务器。[导入指南](docs\u002Fanthropic-registry-import.md)\n- **🔌 Anthropic MCP 注册表 REST API 兼容性** - 与 Anthropic 的 MCP 注册表 REST API 规范完全兼容。[API 文档](docs\u002Fanthropic_registry_api.md)\n- **🔎 服务器、工具和代理的统一语义搜索** - 使用 `POST \u002Fapi\u002Fsearch\u002Fsemantic` 对所有 MCP 服务器、其工具以及已注册的 A2A 代理进行自然语言搜索。既可通过仪表板 UI（会话 Cookie 认证）使用，也可通过 JWT Bearer 令牌以编程方式调用，一次性返回按实体类型排序的相关性匹配结果。\n- **🚀 预建镜像** - 使用预建的 Docker 镜像即可立即部署。[开始使用](#option-a-pre-built-images-instant-setup) | [macOS 设置指南](docs\u002Fmacos-setup-guide.md)\n- **🔐 Keycloak 集成** - 企业级身份验证，配备 AI 代理审计轨迹和基于组的授权。[了解详情](docs\u002Fkeycloak-integration.md)\n- **⚡ Amazon Bedrock AgentCore 集成** - 支持 AgentCore Gateway，并提供双重身份验证。[集成指南](docs\u002Fagentcore.md)\n\n---\n\n\n\n## A2A 代理——示例实现\n\n该注册表包含两个 A2A 代理示例，展示了人类开发者和自主 AI 代理如何通过统一的代理注册表发现、注册并使用其他代理。代理可以通过语义搜索以编程方式发现其他代理，并借助 A2A 协议调用它们，从而实现动态的代理组合与自主代理编排。\n\n### 示例代理\n\n| 代理名称               | 路径                     | 技能                                       |\n|------------------------|--------------------------|--------------------------------------------|\n| **旅行助理代理**       | `\u002Ftravel-assistant-agent` | 航班搜索、价格查询、推荐、行程规划         |\n| **航班预订代理**       | `\u002Fflight-booking-agent`   | 座位余量查询、航班预订、支付、预订管理     |\n\n### 代理发现\n\n**在注册表 UI 中查看：**\n打开注册表并导航至 **A2A 代理** 选项卡，即可浏览已注册代理的完整元数据、能力与技能。\n\n**通过 CLI 搜索：**\n开发者可使用自然语言描述来搜索代理：\n\n```bash\n# 搜索能够帮助预订行程的代理\ncli\u002Fagent_mgmt.sh search \"need an agent to book a trip\"\n```\n\n**示例输出：**\n```\n找到 4 个匹配“需要一个可以预订行程的代理”的代理：\n--------------------------------------------------------------------------------------------------------------\n代理名称                               | 路径                      | 分数\n--------------------------------------------------------------------------------------------------------------\n旅行助理代理                   | \u002Ftravel-assistant-agent   |  0.8610\n航班预订代理                     | \u002Fflight-booking-agent     |  1.2134\n--------------------------------------------------------------------------------------------------------------\n```\n\n### 代理间发现 API\n\n注册表提供了一个 **语义搜索 API**，供代理在运行时作为工具来发现其他 A2A 代理。此 API 支持动态代理组合，使代理能够根据自身能力而非硬编码引用寻找协作伙伴。\n\n**发现 API 端点：**\n```\nPOST \u002Fapi\u002Fagents\u002Fdiscover\u002Fsemantic?query=\u003C自然语言查询>&max_results=5\nAuthorization: Bearer \u003Cjwt-token>\n```\n\n**响应内容包括：**\n- 代理名称、描述及端点 URL\n- 包含技能与能力的代理卡片元数据\n- 用于对匹配结果排序的相关性分数\n- 信任级别与可见性设置\n\n**代理如何使用：**\n1. 代理调用注册表的语义搜索 API，传入自然语言查询（例如：“可以预订航班的代理”）。\n2. 注册表返回匹配的代理及其端点 URL 和完整的代理卡片元数据。\n3. 代理利用代理卡片了解其能力，并通过 A2A 协议调用所发现的代理。\n4. 最后将预订确认信息返回给用户。\n\n**示例——旅行助理发现并调用航班预订代理：**\n```\n用户：“我需要预订从纽约飞往洛杉矶的航班。”\n\n旅行助理：\n  1. 调用注册表 API：POST \u002Fapi\u002Fagents\u002Fdiscover\u002Fsemantic?query=\"book flights\"\n  2. 注册表返回航班预订代理的端点 URL 和代理卡片。\n  3. 利用代理卡片了解其能力，随后向航班预订代理发送 A2A 消息。\n  4. 将预订确认信息反馈给用户。\n```\n\n这种模式使代理能够通过发现专门处理特定任务的代理来动态扩展自身能力，而无需直接具备这些功能。\n\n**代理卡片：** 请访问 [agents\u002Fa2a\u002Ftest\u002F](agents\u002Fa2a\u002Ftest\u002F) 查看代理卡片元数据，其中包含了技能、协议及能力等完整定义。\n\n有关完整的代理部署与测试文档，请参阅 [agents\u002Fa2a\u002FREADME.md](agents\u002Fa2a\u002FREADME.md)。\n\n---\n\n## 核心应用场景\n\n### AI 代理与代码助手治理\n为自主 AI 代理和人类开发者提供安全通道，使其可通过 AI 代码助手（VS Code、Cursor、Claude Code）访问经批准的工具，同时保持 IT 部门的监督与合规性。\n\n### 企业安全与合规\n针对 SOX\u002FGDPR 合规要求，为人类与 AI 代理的访问模式提供集中式身份验证、细粒度权限控制以及全面的审计追踪。\n\n### 动态工具发现\nAI 代理可借助智能语义搜索自主发现并执行超出其初始能力范围的专业工具；与此同时，开发者则可通过其代码助手获得引导式的工具发现体验。\n\n### 统一访问网关\n单一网关同时支持自主 AI 代理（机器对机器）与 AI 代码助手（人类引导），并确保一致的身份验证与工具访问模式。\n\n---\n\n## 架构\n\nMCP 网关与注册中心为自主 AI 代理和 AI 编程助手提供了一个统一平台，通过集中式网关访问企业精选的工具，并实现全面的身份验证和治理。\n\n```mermaid\nflowchart TB\n    subgraph Human_Users[\"人类用户\"]\n        User1[\"人类用户 1\"]\n        User2[\"人类用户 2\"]\n        UserN[\"人类用户 N\"]\n    end\n\n    subgraph AI_Agents[\"AI 代理\"]\n        Agent1[\"AI 代理 1\"]\n        Agent2[\"AI 代理 2\"]\n        Agent3[\"AI 代理 3\"]\n        AgentN[\"AI 代理 N\"]\n    end\n\n    subgraph EC2_Gateway[\"\u003Cb>MCP 网关与注册中心\u003C\u002Fb>（Amazon EC2 实例）\"]\n        subgraph NGINX[\"NGINX 反向代理\"]\n            RP[\"反向代理路由器\"]\n        end\n        \n        subgraph AuthRegistry[\"身份验证与注册服务\"]\n            AuthServer[\"认证服务器\u003Cbr\u002F>(双重认证)\"]\n            Registry[\"注册中心\u003Cbr\u002F>Web UI\"]\n            RegistryMCP[\"注册中心\u003Cbr\u002F>MCP 服务器\"]\n        end\n        \n        subgraph LocalMCPServers[\"本地 MCP 服务器\"]\n            MCP_Local1[\"MCP 服务器 1\"]\n            MCP_Local2[\"MCP 服务器 2\"]\n        end\n    end\n    \n    %% 身份提供商\n    IdP[身份提供商\u003Cbr\u002F>Keycloak\u002FCognito]\n    \n    subgraph EKS_Cluster[\"Amazon EKS\u002FEC2 集群\"]\n        MCP_EKS1[\"MCP 服务器 3\"]\n        MCP_EKS2[\"MCP 服务器 4\"]\n    end\n    \n    subgraph APIGW_Lambda[\"Amazon API Gateway + AWS Lambda\"]\n        API_GW[\"Amazon API Gateway\"]\n        Lambda1[\"AWS Lambda 函数 1\"]\n        Lambda2[\"AWS Lambda 函数 2\"]\n    end\n    \n    subgraph External_Systems[\"外部数据源与 API\"]\n        DB1[(数据库 1)]\n        DB2[(数据库 2)]\n        API1[\"外部 API 1\"]\n        API2[\"外部 API 2\"]\n        API3[\"外部 API 3\"]\n    end\n    \n    %% 人类用户连接\n    User1 -->|Web 浏览器\u003Cbr>身份验证| IdP\n    User2 -->|Web 浏览器\u003Cbr>身份验证| IdP\n    UserN -->|Web 浏览器\u003Cbr>身份验证| IdP\n    User1 -->|Web 浏览器\u003Cbr>HTTPS| Registry\n    User2 -->|Web 浏览器\u003Cbr>HTTPS| Registry\n    UserN -->|Web 浏览器\u003Cbr>HTTPS| Registry\n    \n    %% 代理到网关的连接\n    Agent1 -->|MCP 协议\u003Cbr>SSE 带认证| RP\n    Agent2 -->|MCP 协议\u003Cbr>SSE 带认证| RP\n    Agent3 -->|MCP 协议\u003Cbr>可流式 HTTP 带认证| RP\n    AgentN -->|MCP 协议\u003Cbr>可流式 HTTP 带认证| RP\n    \n    %% 认证流程连接\n    RP -->|认证验证| AuthServer\n    AuthServer -.->|验证凭证| IdP\n    Registry -.->|用户认证| IdP\n    RP -->|工具发现| RegistryMCP\n    RP -->|Web UI 访问| Registry\n    \n    %% 网关到 MCP 服务器的连接\n    RP -->|SSE| MCP_Local1\n    RP -->|SSE| MCP_Local2\n    RP -->|SSE| MCP_EKS1\n    RP -->|SSE| MCP_EKS2\n    RP -->|可流式 HTTP| API_GW\n    \n    %% API GW + Lambda 内部连接\n    API_GW --> Lambda1\n    API_GW --> Lambda2\n    \n    %% 到外部系统的连接\n    MCP_Local1 -->|工具连接| DB1\n    MCP_Local2 -->|工具连接| DB2\n    MCP_EKS1 -->|工具连接| API1\n    MCP_EKS2 -->|工具连接| API2\n    Lambda1 -->|工具连接| API3\n\n    %% 样式定义\n    classDef user fill:#fff9c4,stroke:#f57f17,stroke-width:2px\n    classDef agent fill:#e1f5fe,stroke:#29b6f6,stroke-width:2px\n    classDef gateway fill:#e8f5e9,stroke:#66bb6a,stroke-width:2px\n    classDef nginx fill:#f3e5f5,stroke:#ab47bc,stroke-width:2px\n    classDef mcpServer fill:#fff3e0,stroke:#ffa726,stroke-width:2px\n    classDef eks fill:#ede7f6,stroke:#7e57c2,stroke-width:2px\n    classDef apiGw fill:#fce4ec,stroke:#ec407a,stroke-width:2px\n    classDef lambda fill:#ffebee,stroke:#ef5350,stroke-width:2px\n    classDef dataSource fill:#e3f2fd,stroke:#2196f3,stroke-width:2px\n    \n    %% 应用样式\n    class User1,User2,UserN user\n    class Agent1,Agent2,Agent3,AgentN agent\n    class EC2_Gateway,NGINX gateway\n    class RP nginx\n    class AuthServer,Registry,RegistryMCP gateway\n    class IdP apiGw\n    class MCP_Local1,MCP_Local2 mcpServer\n    class EKS_Cluster,MCP_EKS1,MCP_EKS2 eks\n    class API_GW apiGw\n    class Lambda1,Lambda2 lambda\n    class DB1,DB2,API1,API2,API3 dataSource\n```\n\n**关键架构优势：**\n- **统一网关**：通过编程助手为 AI 代理和人类开发者提供单一访问入口。\n- **双重认证**：同时支持人类用户认证和机器对机器的代理认证。\n- **可扩展基础设施**：具备水平扩展能力的 Nginx 反向代理。\n- **多种传输方式**：支持 SSE 和可流式 HTTP，以满足不同客户端需求。\n\n---\n\n## 主要优势\n\n### **安全特性**\n- 符合 OAuth 2.0\u002F3.0 标准，并集成身份提供商。\n- 在工具和方法级别实现细粒度访问控制。\n- 零信任网络架构。\n- 完整的审计追踪和全面的合规性分析。\n\n### **AI 代理与开发者体验**\n- 单一配置适用于自主 AI 代理和 AI 编程助手（VS Code、Cursor、Claude Code、Cline）。\n- 支持基于自然语言查询的动态工具发现，适用于代理和人类。\n- 新团队成员和 AI 代理部署可实现即时上手。\n- 为 AI 代理和人类开发者提供统一的治理机制。\n\n### **部署特性**\n- 原生容器化（Docker\u002FKubernetes）。\n- 实时健康监控与告警。\n- 双重认证支持人类和机器身份验证。\n\n---\n## 快速入门\n\n设置 MCP 网关与注册中心有四种方式：\n\n- **选项 A：AI 辅助 macOS 设置** — 在 macOS 上启动的最快方式。请您的 AI 编程助手使用 [macOS 设置技能](.claude\u002Fskills\u002Fmacos-setup\u002FSKILL.md)，即可完成全自动的一键设置。非常适合实验。\n- **选项 B：预构建镜像** — 使用预构建的 Docker 或 Podman 容器快速部署。推荐大多数用户使用。\n- **选项 C：Podman（无 root 权限）** — 针对 macOS 和无 root 权限 Linux 环境的详细 Podman 指南。\n- **选项 D：从源代码构建** — 完整源码构建，适用于自定义或开发场景。\n\n### 选项 A：AI 辅助 macOS 设置（最快）\n\n**在 macOS 上开始使用的最简单方式。** 只需询问 Claude Code 或你的 AI 编程助手：\n\n> “使用 macOS 设置技能来安装和配置 MCP 网关与注册中心”\n\n[macOS 设置技能](.claude\u002Fskills\u002Fmacos-setup\u002FSKILL.md) 将自动：\n- ✅ 克隆仓库并安装所有依赖项（Homebrew、Python、UV、Docker、Node.js）\n- ✅ 配置并启动带有副本集的 MongoDB\n- ✅ 设置并初始化 Keycloak，创建管理员用户\n- ✅ 启动注册中心和认证服务器\n- ✅ 注册 Cloudflare MCP 文档服务器\n- ✅ 验证整个堆栈是否正常运行\n\n**适合人群：** 单人开发者实验、快速演示、动手探索\n\n**所需条件：** 安装了 AI 编程助手（Claude Code、Cursor 等）的 macOS 设备\n\n**清理工作：** 完成后，可让 AI 助手执行“拆除 MCP 网关设置”以彻底移除所有组件。\n\n*注：用于生产部署的 ECS\u002FEKS 部署技能即将推出。*\n\n---\n\n### 选项 B：预构建镜像（即刻部署）\n\n通过预构建的 Docker 容器，几分钟内即可运行起来。这是大多数用户的推荐方式。\n\n```bash\n# 克隆并配置\ngit clone https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry.git\ncd mcp-gateway-registry\ncp .env.example .env\n\n# 使用您的密码编辑 .env 文件（KEYCLOAK_ADMIN_PASSWORD 等）\nnano .env\n\n# 使用预构建镜像部署\nexport DOCKERHUB_ORG=mcpgateway\n.\u002Fbuild_and_run.sh --prebuilt\n\n# 访问注册中心 UI\nopen http:\u002F\u002Flocalhost:7860  # macOS\n# xdg-open http:\u002F\u002Flocalhost:7860  # Linux\n```\n\n**[完整快速入门指南](docs\u002Fquickstart.md)** - 包含完整的逐步说明，包括：\n- 必要软件的安装（Docker、Python、UV）\n- 环境变量配置\n- MongoDB 和 Keycloak 的初始化\n- 用户及服务账户的设置\n- 服务器和代理的注册\n- 网关功能测试\n\n**优势：** 无需构建时间 | 无需 Node.js | 无需前端编译 | 使用经过测试的一致性镜像\n\n---\n\n### 选项 C：Podman（无 root 容器部署）\n\n**非常适合 macOS 和无 root 权限的 Linux 环境**\n\nPodman 提供无 root 权限的容器运行方式，无需特权端口，因此特别适用于：\n- 使用 Podman Desktop 的 **macOS 用户**\n- 倾向于无 root 容器的 **Linux 用户**\n- Docker 守护进程不可用的 **开发环境**\n\n**MacOS 非 Apple Silicon 平台的 Podman 快速设置：**\n\n```bash\n# 安装 Podman Desktop\nbrew install podman-desktop\n# 或从 https:\u002F\u002Fpodman-desktop.io\u002F 下载\n```\n\n在 Podman Desktop 中，进入“偏好设置”>“Podman Machine”，创建一台至少配备 4 核 CPU 和 8GB 内存的新机器。或者，参阅更详细的 [Podman 安装指南](docs\u002Finstallation.md#podman-installation)，了解如何在命令行上进行设置。\n\n```bash\n# 初始化 Podman 机器\npodman machine init\npodman machine start\n\n# 验证安装\npodman --version\npodman compose version\n\n# 配置环境\ncp .env.example .env\n# 编辑 .env 文件以填写您的凭据\n```\n\n**使用 Podman 部署**：请参阅我们的 [安装指南](docs\u002Finstallation.md#podman-installation)，其中包含下载、安装、初始化第一个 Podman 容器以及故障排除的详细步骤。\n\n**使用 Podman 构建：**\n\n```bash\n# 自动检测（如果 Docker 不可用则使用 Podman）\n.\u002Fbuild_and_run.sh --prebuilt\n\n# 显式 Podman 模式（仅适用于非 Apple Silicon 平台）\n.\u002Fbuild_and_run.sh --prebuilt --podman\n\n# 在非特权端口访问注册中心\n# 在 macOS 上：\nopen http:\u002F\u002Flocalhost:8080\n# 在 Linux 上：xdg-open http:\u002F\u002Flocalhost:8080\n```\n\n> 注意：**Apple Silicon（M1\u002FM2\u002FM3）？** 请勿在 ARM64 架构上使用 `--prebuilt` 选项搭配 Podman。这会导致“代理已运行”的错误。请参阅 [Apple Silicon 上的 Podman 指南](docs\u002Fpodman-apple-silicon.md)。\n\n```bash\n# 在 Apple Silicon Mac 上运行：\n.\u002Fbuild_and_run.sh --podman\n```\n\n**与 Docker 的主要区别：**\n- 无需 root 或 sudo 权限\n- 在 macOS 上无需特权端口即可运行\n- HTTP 端口为 `8080`（而非 `80`）\n- HTTPS 端口为 `8443`（而非 `443`）\n- 其他服务端口保持不变\n\n有关 Podman 的详细设置说明，请参阅 [安装指南](docs\u002Finstallation.md#podman-installation) 和 [macOS 设置指南](docs\u002Fmacos-setup-guide.md#podman-deployment)。\n\n### 选项 D：从源码构建\n\n**初次接触 MCP 网关？** 请从我们的 [完整设置指南](docs\u002Fcomplete-setup-guide.md) 开始，该指南提供了从零开始在 AWS EC2 上操作的详细分步说明。\n\n**在 macOS 上运行？** 请参阅我们的 [macOS 设置指南](docs\u002Fmacos-setup-guide.md)，获取平台特定的说明和优化建议。\n\n### 测试与集成选项\n\n**测试套件：**\n该项目包含全面的自动化测试，使用 pytest 实现：\n\n```bash\n# 运行所有测试\nmake test\n\n# 仅运行单元测试（快速）\nmake test-unit\n\n# 带覆盖率报告运行\nmake test-coverage\n\n# 运行特定类别测试\nuv run pytest -m unit           # 仅单元测试\nuv run pytest -m integration    # 集成测试\nuv run pytest -m \"not slow\"     # 跳过耗时测试\n```\n\n**测试结构：**\n- **单元测试** (`tests\u002Funit\u002F`) - 快速、独立的组件测试\n- **集成测试** (`tests\u002Fintegration\u002F`) - 组件交互测试\n- **端到端测试** (`tests\u002Fintegration\u002Ftest_e2e_workflows.py`) - 完整的工作流测试\n\n**Python 代理：**\n- `agents\u002Fagent.py` - 具有先进 AI 能力的全功能 Python 代理\n\n**测试文档：**\n- [测试指南](docs\u002Ftesting\u002FREADME.md) - 全面的测试文档\n- [编写测试](docs\u002Ftesting\u002FWRITING_TESTS.md) - 如何编写有效的测试\n- [测试维护](docs\u002Ftesting\u002FMAINTENANCE.md) - 保持测试套件健康的方法\n\n**Pre-commit 钩子：**\n```bash\n# 安装 pre-commit 钩子\npip install pre-commit\npre-commit install\n\n# 手动运行钩子\npre-commit run --all-files\n```\n\n**下一步：** [完整安装指南](docs\u002Finstallation.md) | [认证设置](docs\u002Fauth.md) | [AI 助手集成](docs\u002Fai-coding-assistants-setup.md)\n\n---\n\n## 企业级特性\n\n### AI 代理与编程助手集成\n\n通过集中式治理，改变自主 AI 代理和开发团队访问企业工具的方式：\n\n\u003Ctable>\n\u003Ctr>\n\u003Ctd width=\"50%\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_ff68453738b2.png\" alt=\"Roo Code MCP 配置\" \u002F>\n\u003Cp>\u003Cem>由企业精选的 MCP 服务器可通过统一网关访问\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Ftd>\n\u003Ctd width=\"50%\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_ad7317d8a214.png\" alt=\"Roo Code 代理运行中\" \u002F>\n\u003Cp>\u003Cem>AI 助手在治理下执行经批准的企业工具\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd colspan=\"2\">\n\n### 可观测性\n\n通过 Grafana 仪表板提供全面的实时指标和监控功能，并采用双路径存储：SQLite 用于详细的历史分析，OpenTelemetry (OTEL) 导出则用于与 Prometheus、CloudWatch、Datadog 等监控平台集成。跟踪身份验证事件、工具执行、发现查询以及系统性能指标。[了解更多](docs\u002FOBSERVABILITY.md)\n\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_673095d68432.png\" alt=\"Grafana 指标仪表板\" \u002F>\n\u003Cp>\u003Cem>实时指标和可观测性仪表板，用于跟踪服务器健康状况、工具使用情况和身份验证事件\u003C\u002Fem>\u003C\u002Fp>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftable>\n\n### Anthropic MCP 注册表集成\n\n无缝集成 Anthropic 官方 MCP 注册表，通过您的网关导入并访问精选的 MCP 服务器：\n\n- **导入服务器**：只需一条命令即可从 Anthropic 注册表中选择并导入所需服务器\n- **统一访问**：通过您的网关以集中式身份验证和治理方式访问已导入的服务器\n- **API 兼容性**：完全支持 Anthropic 注册表 REST API 规范——将您的 Anthropic API 客户端指向此注册表，即可发现可用服务器\n\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_331a96507448.png\" alt=\"Anthropic 注册表集成\" \u002F>\n\u003Cp>\u003Cem>从 Anthropic 官方注册表导入并访问精选的 MCP 服务器\u003C\u002Fem>\u003C\u002Fp>\n\n[导入指南](docs\u002Fanthropic-registry-import.md) | [注册表 API 文档](docs\u002Fanthropic_registry_api.md)\n\n### 联邦 - 外部注册表集成\n\n**统一的多注册表访问：**\n- **Anthropic MCP 注册表**——导入带有紫色 `ANTHROPIC` 视觉标签的精选 MCP 服务器\n- **Workday ASOR**——导入来自记录代理系统的 AI 代理，带有橙色 `ASOR` 视觉标签\n- **自动同步**——定时与外部注册表同步\n- **视觉标识**——清晰的视觉标签可在 UI 中区分联邦来源\n- **集中管理**——所有联邦服务器和代理的单一控制平面\n\n**快速设置：**\n```bash\n# 配置联邦来源\necho 'ASOR_ACCESS_TOKEN=your_token' >> .env\n\n# 使用您的来源更新 federation.json\n# 重启服务\n.\u002Fbuild_and_run.sh\n```\n\n[**📖 完整联邦指南**](docs\u002Ffederation.md)——环境设置、身份验证、配置及故障排除\n\n### 安全扫描\n\n**集成漏洞检测：**\n- **自动化安全扫描**——使用 [Cisco AI Defence MCP Scanner](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fmcp-scanner) 对 MCP 服务器进行集成漏洞扫描，在注册时自动执行扫描，并支持定期的注册表范围扫描\n- **详细安全报告**——包含漏洞详情、严重性评估和修复建议的完整 Markdown 报告\n- **自动保护**——存在安全问题的服务器会自动禁用，并标记为“待处理安全状态”，以保护您的基础设施\n- **合规就绪**——为企业合规要求提供安全审计轨迹和漏洞跟踪\n\n### 身份验证与授权\n\n**多种身份模式：**\n- **机器对机器 (M2M)**——适用于自主 AI 代理和自动化系统\n- **三方 OAuth (3LO)**——适用于外部服务集成（Atlassian、Google、GitHub）\n- **基于会话**——适用于使用 AI 编程助手和 Web 界面的人类开发者\n\n**支持的身份提供商：** Keycloak、Microsoft Entra ID、Okta、Auth0、Amazon Cognito 以及任何兼容 OAuth 2.0 的提供商。[了解更多](docs\u002Fauth.md)\n\n**细粒度权限：** 工具级、方法级、团队级以及临时访问控制。[了解更多](docs\u002Fscopes.md)\n\n### 部署选项\n\n**云平台：** Amazon EC2、Amazon EKS\n\n---\n\n## 遥测\n\n该注册表会收集**匿名且非敏感**的使用遥测数据，以帮助我们了解采用模式并改进产品。这两层均为“默认开启、可选择退出”。\n\n**发送的内容（第 1 层——启动 ping）：** 注册表版本、Python 版本、操作系统、CPU 架构、云提供商、存储后端、身份验证提供商以及部署模式。不包含 IP 地址、主机名、文件路径、用户数据或任何 PII。\n\n**默认还会发送的内容（第 2 层——每日心跳）：** 聚合计数（服务器、代理、技能、对等节点的数量）、搜索后端、嵌入提供商和运行时间。隐私保障与第 1 层相同。仅需关闭心跳：`MCP_TELEMETRY_OPT_OUT=1`。\n\n> **行为变更（v1.0.18 之后）：** 此前每日心跳是可选开启的（`MCP_TELEMETRY_OPT_IN=1`）。现在改为默认开启、可选择退出。由于心跳仅包含聚合计数（无 PII），其行为现已与启动 ping 一致。\n\n**若要完全退出：**\n\n```bash\nexport MCP_TELEMETRY_DISABLED=1   # 关闭启动 ping 和心跳\n```\n\n**若仅关闭心跳（启动 ping 仍发送）：**\n\n```bash\nexport MCP_TELEMETRY_OPT_OUT=1\n```\n\n所有请求均经过 HMAC 签名、速率限制和模式验证。遥测具有失败静默特性，绝不会影响注册表的正常运行。详细信息请参阅[遥测文档](docs\u002FTELEMETRY.md)。\n\n---\n\n## 部署\n\n### AWS 弹性容器服务 (ECS)\n\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_9623f259ed95.png\" alt=\"MCP 网关注册表在 AWS ECS 上\" width=\"800\"\u002F>\n\u003C\u002Fdiv>\n\n**部署配置**在 Amazon ECS Fargate 上，具备完善的企业级功能：\n\n- **多可用区架构**——跨多个可用区实现冗余\n- **应用负载均衡器**——HTTPS\u002FSSL 终止，并通过 ACM 自动管理证书\n- **自动扩展**——根据 CPU 和内存利用率动态调整规模\n- **CloudWatch 集成**——全面的监控、日志记录和警报功能\n- **NAT 网关高可用性**——冗余 NAT 网关配置，确保安全的出站连接\n- **Keycloak 集成**——企业级身份验证，后端使用 RDS Aurora PostgreSQL 数据库\n- **EFS 共享存储**——持久化存储模型、日志和配置\n- **服务发现**——AWS Cloud Map 用于服务间通信\n\n**[完整的 ECS 部署指南](terraform\u002Faws-ecs\u002FREADME.md)**——使用 Terraform 部署整个堆栈的分步说明。\n\n### Amazon EKS（Kubernetes）\n\n**即将推出**——在 Amazon EKS 上部署 Kubernetes，并使用 Helm 图表进行大规模容器编排。\n\n---\n\n## 文档\n\n| 入门指南 | 企业设置 | 开发者与运维 |\n|------------------|-------------------|------------------------|\n| [完整设置指南](docs\u002Fcomplete-setup-guide.md)\u003Cbr\u002F>**全新！** 在 AWS EC2 上从零开始的分步教程 | [身份验证指南](docs\u002Fauth.md)\u003Cbr\u002F>OAuth 和身份提供商集成 | [AI 编程助手设置](docs\u002Fai-coding-assistants-setup.md)\u003Cbr\u002F>VS Code、Cursor、Claude Code 集成 |\n| [安装指南](docs\u002Finstallation.md)\u003Cbr\u002F>EC2 和 EKS 的完整设置说明 | [AWS ECS 部署](terraform\u002Faws-ecs\u002FREADME.md)\u003Cbr\u002F>适用于 AWS ECS Fargate 的部署指南 | [API 参考](docs\u002Fregistry_api.md)\u003Cbr\u002F>通过程序化方式管理注册表 |\n| [Keycloak 集成](docs\u002Fkeycloak-integration.md)\u003Cbr\u002F>企业级身份管理，附带代理审计追踪 | [令牌刷新服务](docs\u002Ftoken-refresh-service.md)\u003Cbr\u002F>自动化的令牌刷新与生命周期管理 | [MCP 注册表 CLI](docs\u002Fmcp-registry-cli.md)\u003Cbr\u002F>用于注册表管理的命令行客户端 |\n| [配置参考](docs\u002Fconfiguration.md)\u003Cbr\u002F>环境变量和设置 | [Amazon Cognito 设置](docs\u002Fcognito.md)\u003Cbr\u002F>分步 IdP 配置 | [可观测性指南](docs\u002FOBSERVABILITY.md)\u003Cbr\u002F>**全新！** 指标、监控以及 OpenTelemetry 的设置 |\n| [Auth0 集成](docs\u002Fauth0.md)\u003Cbr\u002F>支持机器对机器认证的 Auth0 单点登录 | [Okta 设置](docs\u002Fokta-setup.md)\u003Cbr\u002F>Okta IdP 配置 | [Entra ID 设置](docs\u002Fentra-id-setup.md)\u003Cbr\u002F>Microsoft Entra ID 集成 |\n| | [Anthropic 注册表导入](docs\u002Fanthropic-registry-import.md)\u003Cbr\u002F>**全新！** 从 Anthropic MCP 注册表导入服务器 | [联邦指南](docs\u002Ffederation.md)\u003Cbr\u002F>外部注册表集成（Anthropic、ASOR） |\n| | | [P2P 联邦指南](docs\u002Ffederation-operational-guide.md)\u003Cbr\u002F>**全新！** 点对点注册表联邦 |\n| | [服务管理](docs\u002Fservice-management.md)\u003Cbr\u002F>服务器生命周期与运维 | [Anthropic 注册表 API](docs\u002Fanthropic_registry_api.md)\u003Cbr\u002F>**全新！** REST API 兼容性 |\n| | | [细粒度访问控制](docs\u002Fscopes.md)\u003Cbr\u002F>权限管理和安全性 |\n| | | [动态工具发现](docs\u002Fdynamic-tool-discovery.md)\u003Cbr\u002F>自主代理能力 |\n| | | [部署指南](docs\u002Finstallation.md)\u003Cbr\u002F>针对部署环境的完整设置 |\n| | | [故障排除指南](docs\u002Ffaq\u002Findex.md)\u003Cbr\u002F>常见问题及解决方案 |\n\n---\n\n## 社区\n\n### 参与其中\n\n**加入讨论**\n- [GitHub Discussions](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fdiscussions) - 功能请求与通用讨论\n- [GitHub Issues](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues) - 错误报告与功能请求\n\n**贡献**\n- [贡献指南](CONTRIBUTING.md) - 如何贡献代码和文档\n- [行为准则](CODE_OF_CONDUCT.md) - 社区规范\n- [安全策略](SECURITY.md) - 负责任的漏洞披露流程\n\n### 星标历史\n\n[![星标历史图表](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_readme_d4af326ac3fe.png)](https:\u002F\u002Fstar-history.com\u002F#agentic-community\u002Fmcp-gateway-registry&Date)\n\n### 路线图\n\n我们的开发路线图按周划分里程碑，明确交付成果并跟踪进度：\n\n| 里程碑 | 截止日期 | 进度 | 状态 | 关键问题 |\n|-----------|----------|----------|--------|------------|\n| **2026年4月第1周** | 2026-04-05 | 50% (1\u002F2) | 🚧 进行中 | **已关闭：** [#738 - 规范化可见性值](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F738) **未解决：** [#739 - Discover 标签页首页](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F739) |\n| **2026年4月第2周** | 2026-04-12 | 50% (1\u002F2) | 🚧 进行中 | **已关闭：** [#605 - AgentCore 自动注册](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F605) **未解决：** [#611 - 网络可信认证令牌生成](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F611) |\n| **2026年4月第3周** | 2026-04-19 | 0% (0\u002F2) | 📅 计划中 | **未解决：** [#614 - MCP OAuth 2.1 授权规范](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F614), [#500 - 登出路径路由修复](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F500) |\n| **2026年4月第4周** | 2026-04-26 | 0% (0\u002F6) | 📅 计划中 | **未解决：** [#665 - 代理间知识共享](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F665), [#666 - Context Hub MVP](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F666), [#667 - Context Hub 演示代理](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F667), [#556 - AI Gateway 品牌重塑](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F556), [#502 - 联邦协议规范](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F502), [#469 - Keycloak 密钥管理器](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F469) |\n| **待办事项** | -- | 0% (0\u002F13) | 🗂️ 待处理 | 13 个待优先处理的问题 |\n\n**状态说明：** 🚧 进行中 • 📅 计划中 • 🗂️ 待处理 • ✅ 完成\n\n---\n\n#### 主要特性\n\n以下主要特性跨越多个里程碑，代表了重要的架构改进：\n\n- **[#739 - Discover 标签页首页](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F739)** 🚧 **进行中**（2026年4月第1周）\n  添加 Discover 标签页作为默认首页，提供类似 Google 的搜索体验，用于查找服务器、代理和技能。\n\n- **[#665 - 代理间知识共享](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F665)** 📅 **计划中**（2026年4月第4周）\n  使代理能够通过 AI 注册表共享和发现知识，形成协作式知识网络。\n\n- **[#666 - Context Hub MVP](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F666)** 📅 **计划中**（2026年4月第4周）\n  实现 Context Hub，支持卡片创建、搜索和自动发现功能，用于代理的知识管理。\n\n- **[#614 - MCP OAuth 2.1 授权规范](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F614)** 📅 **计划中**（2026年4月第3周）\n  实现 RFC 9728 受保护资源元数据，并为 MCP OAuth 2.1 授权提供原生 IDE 支持。\n\n- **[#556 - AI Gateway & Registry 品牌重塑](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F556)** 📅 **计划中**（2026年4月第4周）\n  将“MCP Gateway Registry”更名为“AI Gateway & Registry”，以反映其对代理和工具的支持范围已超出 MCP。\n\n- **[#605 - AgentCore 自动注册](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F605)** ✅ **已完成**（2026年4月）\n  自动发现并注册 Bedrock AgentCore 网关，同时集成凭据管理功能。完整的 `cli\u002Fagentcore\u002F` 模块支持 boto3 发现、注册、令牌刷新以及安全方案。\n\n- **[#641 - Okta 身份提供商](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F641)** ✅ **已完成**\n  在 Keycloak、Entra ID、Auth0、GitHub 和 Google OAuth2 之外，新增了 Okta 作为身份提供商选项。\n\n- **[#557-559 - 可观测性与遥测套件](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F557)** ✅ **已完成**\n  构建了全面的遥测基础设施，包括服务器端采集器（[#674](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F674)）、客户端埋点（[#659](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F659)）以及端到端增强功能（[#702](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F702)）。[遥测文档](docs\u002FTELEMETRY.md)。\n\n- **[#129 - 虚拟 MCP 服务器支持](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F129)** ✅ **已完成**\n  使用 Lua 脚本实现动态工具聚合与智能路由，可将来自多个后端服务器的工具逻辑分组为一个虚拟端点。\n\n- **[#232 - A2A 精选注册表发现](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F232)** ✅ **已完成**\n  通过精选注册表模式，实现代理间发现与工具调用。\n\n- **[#260 - MCP 注册表实例间的联邦机制](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F260)** ✅ **已完成**\n  实现双向同步、对等节点管理、环路预防、孤立条目检测以及跨注册表的安全扫描传播的联邦注册表。\n\n- **[#297 - 统一 UI 注册流程](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F297)** ✅ **已完成**\n  通过统一界面，简化了 MCP 服务器和 A2A 代理的注册体验。\n\n- **[#295 - 多级工具使用率限流](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F295)** 🗂️ **待办事项**\n  构建全面的限流架构，并提供详细的工具使用控制实施指南。\n\n---\n\n#### 最近完成（2026年2月至4月）\n\n- **[#738 - 规范可见性值](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F738)** ✅ **已完成**（2026年4月）\n  接受 ‘private’ 和 ‘internal’ 两种可见性值，并在代理、服务器和技能中统一规范为 ‘private’。\n\n- **[#737 - 支持协议字段](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F737)** ✅ **已完成**（2026年4月）\n  添加了 `supported_protocol` 字段以区分 A2A 代理，更新了 `trust_level` 和 `visibility` 的默认值，并提供了回填脚本及 31 个新的单元测试。\n\n- **[#728 - AgentCore 安全方案](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F728)** ✅ **已完成**（2026年4月）\n  支持 Bedrock AgentCore 的 `httpAuthSecurityScheme` 格式，为受认证保护的健康检查添加 HEAD 回退机制，并支持前端 JSON 上传的字段透传。\n\n- **[#650 - Semgrep 安全发现](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F650)** ✅ **已完成**（2026年3月）\n  通过白名单验证修复了 SQL 注入漏洞，并强化了 Docker Compose 的安全性（CIS Docker 基准 4.6）。为所有服务添加了 security_opt 和 cap_drop，使安全发现数量减少了 86%。\n\n- **[#603 - 基础设施即代码安全](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F603)** ✅ **已完成**（2026年3月）\n  对 Terraform、CloudFormation 和 Kubernetes 进行了安全加固（共修复 101 处问题）。\n\n- **[#602 - Docker 与容器安全](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F602)** ✅ **已完成**（2026年3月）\n  修复了容器根权限问题，增加了 HEALTHCHECK 检查，并实现了版本标签管理（共修复 29 处问题）。\n\n- **[#601 - 秘密与凭证安全](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F601)** ✅ **已完成**（2026年3月）\n  移除了硬编码的秘密，并改进了 OAuth2 的安全性（共修复 39 处问题）。\n\n- **[#600 - 应用程序安全](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F600)** ✅ **已完成**（2026年3月）\n  实现了 CSRF 防护、路径遍历预防以及凭证日志记录修复（共修复 30 处问题）。\n\n- **[#598 - 请求超时安全](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F598)** ✅ **已完成**（2026年3月）\n  在所有 HTTP 操作中补充了缺失的请求超时设置（B113 发现）。\n\n- **[#613 - FAISS 搜索修复](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F613)** ✅ **已完成**（2026年3月）\n  修复了 FAISS 搜索的初始化及实体类型处理问题。\n\n- **[#622 - 代理状态持久化](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F622)** ✅ **已完成**（2026年3月）\n  现在代理启用状态会在切换操作时正确地持久化到存储库中。\n\n- **[#626 - Helm Chart UI 修复](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F626)** ✅ **已完成**（2026年3月）\n  当使用 Helm Chart 部署完整栈时，注册表 UI 现在能够正确渲染。\n\n- **[#572 - 审计日志增强](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F572)** ✅ **已完成**（2026年3月）\n  为审计日志添加了可搜索的下拉筛选器和统计仪表盘。\n\n- **[#583 - mcpgw 重构](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F583)** ✅ **已完成**（2026年3月）\n  重构了 mcpgw MCP 服务器，以消除技术债务并使用注册表 HTTP API。\n\n- **[#543 - OTLP 推送导出](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F543)** ✅ **已完成**（2026年3月）\n  启用了指标服务的 OTLP 推送导出功能（支持 Datadog、New Relic 和 Prometheus 的远程写入）。\n\n- **[#542 - 加密凭证存储](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F542)** ✅ **已完成**（2026年2月）\n  将 auth_type 替换为 auth_scheme，并为后端服务器的身份验证和健康检查添加了加密凭证存储。\n\n- **[#547 - ECS Service Connect DNS 修复](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F547)** ✅ **已完成**（2026年2月）\n  修复了双栈 DNS 问题，该问题曾导致 ECS 部署中的 Lua 指标刷新和 Python 健康检查无法正常工作。\n\n- **[#581 - macOS 快速入门技能](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F581)** ✅ **已完成**（2026年3月）\n  为 macOS 快速入门安装添加了 Claude 技能，支持交互式安装与卸载。\n\n如需查看完整的议题列表、功能请求及详细发布历史，请访问：\n- [所有 GitHub 议题](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues)\n- [所有 GitHub 里程碑](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fmilestones)\n- [发布说明](release-notes\u002F)\n\n---\n\n## 许可证\n\n本项目采用 Apache-2.0 许可证授权 - 详情请参阅 [LICENSE](LICENSE) 文件。\n\n---\n\n\u003Cdiv align=\"center\">\n\n**⭐ 如果这个仓库对贵组织有帮助，请给它点个星！**\n\n[开始使用](docs\u002Finstallation.md) | [文档](docs\u002F) | [贡献](CONTRIBUTING.md)\n\n\u003C\u002Fdiv>","# MCP Gateway & Registry 快速上手指南\n\n**MCP Gateway & Registry** 是一个统一的平台，旨在集中管理 MCP 服务器（Model Context Protocol）和 AI 智能体（Agents）。它提供了统一的网关入口、服务注册发现机制以及智能体间的通信枢纽（A2A 协议），帮助开发者摆脱分散的配置和凭证管理，实现企业级的工具治理。\n\n## 1. 环境准备\n\n在开始之前，请确保您的开发环境满足以下要求：\n\n*   **操作系统**: macOS, Linux 或 Windows (WSL2 推荐)\n*   **运行时环境**: \n    *   Node.js (v18 或更高版本)\n    *   Python (v3.9+，用于部分脚本和技能)\n*   **容器化支持 (可选但推荐)**: Docker & Docker Compose (用于快速部署预构建镜像)\n*   **数据库**: MongoDB (本地安装或通过 Docker 运行，用于存储注册信息)\n*   **网络访问**: 能够访问 GitHub 以获取源码或镜像；若部署在云端，需确保相关端口开放。\n\n> **提示**: 本项目主要面向云原生和企业级部署，推荐使用 Docker 进行环境隔离。\n\n## 2. 安装步骤\n\n您可以选择使用预构建的 Docker 镜像（最快）或从源码安装。\n\n### 选项 A：使用预构建镜像（推荐，即时启动）\n\n这是最快速的启动方式，适合立即体验核心功能。\n\n1.  **拉取并运行 Docker 容器**\n    执行以下命令启动网关和注册表服务（假设您已配置好 MongoDB 连接或使用默认配置）：\n\n    ```bash\n    docker run -d --name mcp-gateway \\\n      -p 8080:8080 \\\n      -e MONGODB_URI=mongodb:\u002F\u002Flocalhost:27017\u002Fmcp_registry \\\n      ghcr.io\u002Fagentic-community\u002Fmcp-gateway-registry:latest\n    ```\n\n    *注意：请根据实际网络情况替换镜像地址。如果国内访问 GitHub Container Registry 较慢，建议配置 Docker 镜像加速代理。*\n\n2.  **验证服务状态**\n    检查容器是否正常运行：\n\n    ```bash\n    docker ps | grep mcp-gateway\n    ```\n\n### 选项 B：从源码安装（适合开发者）\n\n如果您需要修改代码或使用最新特性：\n\n1.  **克隆仓库**\n\n    ```bash\n    git clone https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry.git\n    cd mcp-gateway-registry\n    ```\n\n2.  **安装依赖**\n\n    ```bash\n    npm install\n    ```\n\n3.  **配置环境变量**\n    复制示例配置文件并根据需要修改（主要是 MongoDB 连接字符串）：\n\n    ```bash\n    cp .env.example .env\n    # 编辑 .env 文件，设置 MONGODB_URI 等参数\n    ```\n\n4.  **启动服务**\n\n    ```bash\n    npm start\n    ```\n\n## 3. 基本使用\n\n安装完成后，您可以通过 CLI 工具或 API 与注册表交互。以下是使用 **MCP Registry CLI** 进行快速交互的示例。\n\n### 启动交互式 CLI\n\n使用提供的 CLI 工具连接到您的网关实例，通过自然语言对话来发现和管理 MCP 工具。\n\n```bash\nnpx @agentic-community\u002Fmcp-registry-cli --url http:\u002F\u002Flocalhost:8080\n```\n\n*   **功能**: 启动后，您将进入一个类似 Claude Code 的交互式终端。\n*   **操作**: 您可以直接输入指令查询已注册的 MCP 服务器、查看智能体卡片（Agent Cards）或测试工具调用。\n*   **特性**: 界面会实时显示 Token 状态、成本追踪及模型选择。\n\n### 注册一个 MCP 服务器\n\n您可以通过 API 将现有的 MCP 服务器注册到网关中，使其对所有连接的智能体可见。\n\n**示例：使用 curl 注册服务器**\n\n```bash\ncurl -X POST http:\u002F\u002Flocalhost:8080\u002Fapi\u002Fservers \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\n    \"name\": \"filesystem-server\",\n    \"description\": \"Local filesystem access tool\",\n    \"transport_type\": \"stdio\",\n    \"command\": \"npx\",\n    \"args\": [\"-y\", \"@modelcontextprotocol\u002Fserver-filesystem\", \"\u002Ftmp\"],\n    \"visibility\": \"public\",\n    \"trust_level\": \"community\"\n  }'\n```\n\n### 连接 AI 智能体\n\n配置您的 AI 开发工具（如 VS Code, Cursor, 或自定义 Agent）连接到统一的网关地址，即可自动发现上述注册的工具，无需单独配置每个 MCP 服务器。\n\n*   **网关地址**: `http:\u002F\u002Flocalhost:8080`\n*   **协议**: 支持 Streamable HTTP 和标准 MCP 传输协议。\n\n---\n*更多高级功能（如 AWS AgentCore 联邦、OAuth 认证配置、多租户管理）请参考官方完整文档。*","某大型金融科技公司的 AI 研发团队正在为内部数十名开发者构建统一的智能编码助手集群，需同时调度多个自定义 MCP 服务器以访问合规数据库和代码库。\n\n### 没有 mcp-gateway-registry 时\n- 每位开发者需在 VS Code、Cursor 等工具中手动配置繁琐且易错的独立 MCP 服务器连接参数。\n- 敏感的企业 API 密钥散落在各开发者的本地配置文件中，缺乏统一鉴权，存在严重的数据泄露隐患。\n- 自主 AI 代理无法动态发现新上线的工具服务，导致新功能发布后代理仍“视而不见”，协作效率低下。\n- 管理层完全看不清团队正在使用哪些外部工具，无法进行安全审计或合规性管控。\n- 不同代理之间缺乏标准通信协议，形成一个个孤立的信息孤岛，难以协同完成复杂任务。\n\n### 使用 mcp-gateway-registry 后\n- 所有团队成员通过单一网关入口自动获取最新工具列表，无需任何本地手动配置即可即时生效。\n- 集成 Keycloak\u002FEntra 实现企业级 OAuth 统一认证，彻底消除本地硬编码凭证，确保访问安全可控。\n- 自主代理可实时动态发现并调用新注册的工具服务，大幅缩短从工具开发到实际应用的周期。\n- 平台提供完整的工具使用审计日志，管理者可清晰监控谁在何时使用了何种能力，满足合规要求。\n- 基于 A2A 协议打通代理间通信壁垒，使多个专用代理能像专家团队一样高效协作处理复杂需求。\n\nmcp-gateway-registry 将原本杂乱无章的 AI 工具生态转化为一个安全、可视且高度协同的企业级智能中枢。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fagentic-community_mcp-gateway-registry_7a96eab3.png","agentic-community","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Fagentic-community_557520bd.png","",null,"https:\u002F\u002Fgithub.com\u002Fagentic-community",[79,83,87,91,95,99,103,107,110,113],{"name":80,"color":81,"percentage":82},"Python","#3572A5",69.6,{"name":84,"color":85,"percentage":86},"TypeScript","#3178c6",14.8,{"name":88,"color":89,"percentage":90},"Shell","#89e051",8.3,{"name":92,"color":93,"percentage":94},"HCL","#844FBA",3.8,{"name":96,"color":97,"percentage":98},"HTML","#e34c26",2.6,{"name":100,"color":101,"percentage":102},"Lua","#000080",0.5,{"name":104,"color":105,"percentage":106},"Makefile","#427819",0.1,{"name":108,"color":109,"percentage":106},"Dockerfile","#384d54",{"name":111,"color":112,"percentage":106},"CSS","#663399",{"name":114,"color":115,"percentage":116},"JavaScript","#f1e05a",0,585,151,"2026-04-16T03:17:21","Apache-2.0",4,"Linux, macOS","未说明",{"notes":125,"python":123,"dependencies":126},"该工具是一个用于 MCP 服务器和 AI 代理注册与网关管理的平台，而非本地运行的深度学习模型，因此无特定 GPU 或显存需求。支持通过预构建的 Docker 镜像快速启动，也提供基于 Terraform 的 AWS ECS 部署方案或 Helm Chart 部署。核心数据存储依赖 MongoDB。支持通过环境变量启用 AWS Agent Registry 联邦功能。",[127,128,129,130],"MongoDB","Docker (预构建镜像)","Terraform (AWS 部署可选)","Helm (K8s 部署可选)",[13,35],[133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151],"agentic-ai","agents","mcp","mcp-gateway","mcp-registry","oauth2","fgac","ecs","ecs-fargate","terraform","documentdb","mongodb","entra-id","a2a","skills","ans","mcp-servers","okta","registry","2026-03-27T02:49:30.150509","2026-04-17T09:55:48.484368",[155,160,165,169,174,179],{"id":156,"question_zh":157,"answer_zh":158,"source_url":159},36562,"为什么更新联邦配置后，旧的 MCP 服务器仍然存在于数据库中？","这是一个已知问题，已在 PR #576 中通过实施“联邦服务器协调（federation server reconciliation）”功能解决。现在系统会在以下情况自动运行协调机制：\n1. 调用 POST\u002FPUT `\u002Fapi\u002Ffederation\u002Fconfig\u002F{id}` 更新配置时；\n2. 调用 POST `\u002Fapi\u002Ffederation\u002Fsync` 手动同步时；\n3. 服务器启动时（如果配置了 `sync_on_startup: true`）。\n\n协调过程会自动删除数据库中标记为 `source=\"anthropic\"` 但不在当前联邦配置中的服务器，并返回详细的删除结果。此外，之前存在的 DELETE 端点处理包含 `\u002F` 字符的服务器名称时报错的问题也已修复。","https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F539",{"id":161,"question_zh":162,"answer_zh":163,"source_url":164},36563,"Gateway 如何处理需要认证的后端 MCP 服务器的健康检查？","目前 Gateway 不会自动将用户的 JWT 令牌交换为后端服务器特定的令牌。为了解决受保护服务器的健康检查失败（401\u002F403）问题，项目引入了加密凭证存储功能：\n1. 使用 `auth_scheme` 字段替代旧的 `auth_type`，支持 `none`, `bearer`, `api_key`。\n2. 新增 `auth_credential` 字段用于存储加密后的 Token 或 API Key（使用 Fernet 加密，基于 `SECRET_KEY`）。\n3. 新增 `auth_header_name` 允许自定义认证头（默认 Bearer 用 `Authorization`，API Key 用 `X-API-Key`）。\n\n健康检查服务会自动解密凭证并添加相应的请求头。用户可以通过 PATCH 端点轮换凭证而无需重新注册服务器。","https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F542",{"id":166,"question_zh":167,"answer_zh":168,"source_url":164},36564,"如何正确传递认证令牌以访问受保护的 MCP 服务器？","需要区分两种令牌的作用：\n1. **Gateway 验证令牌**：通过 `X-Authorization` 头传递，由 Gateway\u002FRegistry 的 `\u002Fvalidate` 端点进行验证。\n2. **后端服务器令牌**：通过 `Authorization` 头传递，Gateway 会将其透明地透传给后端的 MCP 服务器。\n\n如果只传递 `Authorization` 头，Gateway 会将其视为入口令牌进行验证，且不会将其传递给后端 MCP 服务器。因此，调用预配置凭证的服务器时，通常只需提供 Gateway 令牌（放在 `X-Authorization`），Gateway 会使用内部存储的凭证去访问后端；若需用户特定令牌，则需按上述规则分别传递。",{"id":170,"question_zh":171,"answer_zh":172,"source_url":173},36565,"如何在 AWS ACM 中导入现有的 Let's Encrypt 证书以供 Terraform 部署使用？","可以将现有的 Let's Encrypt 证书导入 AWS Certificate Manager (ACM)，步骤如下：\n\n1. 找到证书文件（通常在 `\u002Fetc\u002Fletsencrypt\u002Flive\u002F\u003C你的域名>\u002F` 目录下）：\n   - `fullchain.pem` (证书链)\n   - `privkey.pem` (私钥)\n   - `chain.pem` (中间证书链)\n\n2. 执行 AWS CLI 命令导入：\n```bash\naws acm import-certificate \\\n  --certificate fileb:\u002F\u002F\u002Fetc\u002Fletsencrypt\u002Flive\u002Fmcpgateway.ddns.net\u002Ffullchain.pem \\\n  --certificate-chain fileb:\u002F\u002F\u002Fetc\u002Fletsencrypt\u002Flive\u002Fmcpgateway.ddns.net\u002Fchain.pem \\\n  --private-key fileb:\u002F\u002F\u002Fetc\u002Fletsencrypt\u002Flive\u002Fmcpgateway.ddns.net\u002Fprivkey.pem \\\n  --region us-west-2\n```\n\n3. 命令执行后会返回 `CertificateArn`，将该 ARN 填入 Terraform 变量文件 (`terraform.tfvars`) 中的 `existing_acm_certificate_arn` 字段即可。","https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F203",{"id":175,"question_zh":176,"answer_zh":177,"source_url":178},36566,"如何实现 Agent 到 Agent (A2A) 的动态发现机制？","项目实现了 A2A 协议中定义的“精选注册表（Curated Registries）”模式。该模式允许客户端 Agent 通过查询注册表来动态发现其他 Agent，而无需硬编码 Agent 详情。\n\n具体机制包括：\n1. 注册表作为中介服务，维护一组 Agent Cards（包含技能、标签、提供者名称、能力等元数据）。\n2. 客户端 Agent 可以根据各种条件（如技能、标签等）向注册表发起查询。\n3. 注册表返回匹配的 Agent Cards，使客户端能够将其作为工具调用。\n\n这种基于目录的发现方式特别适合企业环境和市场场景，提供了集中式的治理和基于能力的查询功能。","https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F232",{"id":180,"question_zh":181,"answer_zh":182,"source_url":159},36567,"对于只需要注册表功能的场景，有哪些推荐的部署模式或配置？","对于特定用例，维护者推荐关注以下功能和文档：\n1. **虚拟 MCP 服务器 (Virtual MCP Server)**：允许将多个服务器分组或进行逻辑配置。\n2. **仅注册表模式 (Registry-only mode)**：一种专门的部署模式，适用于不需要完整网关功能的场景。\n3. **静态注册表令牌 (Static Registry Token)**：提供一种简化的认证方式，适用于某些固定场景。\n\n建议查阅项目文档中的 `virtual-mcp-server-explained.md`、`registry-deployment-modes.md` 和 `static-token-auth.md` 获取详细配置指南。",[184,189,194,199,204,209,214,219,224,229,234,239],{"id":185,"version":186,"summary_zh":187,"released_at":188},289343,"v1.0.18","## Auth0 提供者、ANS 信任验证、遥测和联邦元数据\n\n---\n\n## 从 v1.0.17 升级\n\n本节涵盖了从 v1.0.17 升级到 v1.0.18 所需了解的所有内容。\n\n### 破坏性变更\n\n此版本中没有破坏性变更。\n\n### 新环境变量\n\n| 变量 | 默认值 | 描述 |\n|----------|---------|-------------|\n| `AUTH0_DOMAIN` | - | Auth0 租户域（例如：your-tenant.auth0.com） |\n| `AUTH0_CLIENT_ID` | - | Auth0 OAuth2 应用程序客户端 ID |\n| `AUTH0_CLIENT_SECRET` | - | Auth0 OAuth2 应用程序客户端密钥 |\n| `AUTH0_AUDIENCE` | - | 可选：用于 M2M 令牌验证的 API 受众 |\n| `AUTH0_GROUPS_CLAIM` | `https:\u002F\u002Fmcp-gateway\u002Fgroups` | 用于组成员关系的自定义命名空间声明 |\n| `AUTH0_ENABLED` | `false` | 启用 Auth0 作为 OAuth2 提供者 |\n| `AUTH0_M2M_CLIENT_ID` | - | 可选：用于 IAM 管理的 M2M 客户端 ID |\n| `AUTH0_M2M_CLIENT_SECRET` | - | 可选：用于 IAM 管理的 M2M 客户端密钥 |\n| `AUTH0_MANAGEMENT_API_TOKEN` | - | 可选：静态管理 API 令牌（替代 M2M 凭证） |\n| `ANS_INTEGRATION_ENABLED` | `false` | 启用代理名称服务 (ANS) 信任验证 |\n| `ANS_API_ENDPOINT` | `https:\u002F\u002Fapi.godaddy.com` | ANS API 基础 URL |\n| `ANS_API_KEY` | - | GoDaddy API 密钥（启用 ANS 时必需） |\n| `ANS_API_SECRET` | - | GoDaddy API 密钥（启用 ANS 时必需） |\n| `ANS_API_TIMEOUT_SECONDS` | `30` | ANS API 调用的 HTTP 请求超时时间 |\n| `ANS_SYNC_INTERVAL_HOURS` | `6` | 后台重新验证间隔 |\n| `ANS_VERIFICATION_CACHE_TTL_SECONDS` | `3600` | 验证结果的缓存 TTL |\n| `MCP_TELEMETRY_DISABLED` | `false` | 设置为 true 可禁用所有遥测 |\n| `MCP_TELEMETRY_OPT_IN` | `false` | 设置为 true 可启用每日心跳并汇总计数 |\n| `MCP_TELEMETRY_DEBUG` | `false` | 设置为 true 可记录负载而不发送 |\n| `REGISTRY_NAME` | （自动生成） | 用于联邦的人类可读注册表名称 |\n| `REGISTRY_ORGANIZATION_NAME` | `ACME Inc.` | 运营此注册表的组织 |\n| `REGISTRY_DESCRIPTION` | - | 可选：用于联邦的注册表描述 |\n| `REGISTRY_CONTACT_EMAIL` | - | 可选：注册表管理员的联系邮箱 |\n| `REGISTRY_CONTACT_URL` | - | 可选：文档或支持网址 |\n\n### 升级说明\n\n#### Docker Compose\n\n```bash\ncd mcp-gateway-registry\ngit pull origin main\ngit checkout v1.0.18\n\n# 查看 .env.example 中的新环境变量，如有需要请更新您的 .env\n# 然后重新构建并重启：\n.\u002Fbuild_and_run.sh\n```\n\n#### Kubernetes \u002F Helm (EKS)\n\n```bash\ncd mcp-gateway-registry\ngit pull origin main\ngit checkout v1.0.18\n\n# 如有需要，请在 values.yaml 中更新 Auth0\u002FANS\u002F遥测\u002F注册表相关设置\ncd charts\u002Fmcp-gateway-registry-stack\nhelm upgrade mcp-gateway . -f your-values.yaml\n```\n\n#### Terraform \u002F ECS\n\n```bash\ncd mcp-gateway-registry\ngit pull origin main\ngit checkout v1.0.18\n\n# 更新","2026-04-09T04:53:32",{"id":190,"version":191,"summary_zh":192,"released_at":193},289344,"v1.0.17","\r\n\r\n## 从 v1.0.16 升级\r\n\r\n本节涵盖了从 v1.0.16 升级到 v1.0.17 所需了解的所有内容。\n\n### 破坏性变更\n\n**1. 移除本地管理员凭据**\n\n`ADMIN_USER` 和 `ADMIN_PASSWORD` 环境变量已被移除。所有身份验证现在都需要通过身份提供商（Keycloak、Entra ID、Okta 或 AgentCore）进行。\n\n- **需执行操作**：从 `.env` 文件中移除此两项变量\n- **迁移说明**：请使用身份提供商账户进行管理员访问\n\n**2. 注册表容器端口变更（仅限 Helm\u002FKubernetes）**\n\n注册表服务现使用非特权端口：\n- HTTP：`80` → `8080`\n- HTTPS：`443` → `8443`\n\n- **Kubernetes\u002FHelm 需执行操作**：更新任何对外部端口的引用或 Ingress 配置\n- **无需操作**：Docker Compose 和 Terraform\u002FECS 部署会自动映射这些端口\n\n**3. 移除 MongoDB 初始化容器（仅限 Helm\u002FKubernetes）**\n\n`wait-for-mongodb` 初始化容器已从 auth-server 和 registry 部署中移除。MongoDB 的就绪状态现通过应用层重试机制和健康检查来处理。\n\n- **需执行操作**：无——MongoDB 连接重试逻辑已内置于应用程序中\n- **优势**：Pod 启动时间更短，安全面更小\n\n### 新环境变量\n\n| 变量 | 默认值 | 描述 |\n|----------|---------|-------------|\n| `OKTA_DOMAIN` | - | Okta 组织域（例如：dev-123456.okta.com） |\n| `OKTA_CLIENT_ID` | - | Okta OAuth2 应用程序客户端 ID |\n| `OKTA_CLIENT_SECRET` | - | Okta OAuth2 应用程序客户端密钥 |\n| `OKTA_M2M_CLIENT_ID` | （使用 `OKTA_CLIENT_ID`） | 可选：独立的 M2M 客户端 ID |\n| `OKTA_M2M_CLIENT_SECRET` | （使用 `OKTA_CLIENT_SECRET`） | 可选：独立的 M2M 客户端密钥 |\n| `OKTA_API_TOKEN` | - | 可选：用于 IAM 操作的 Okta 管理 API 令牌 |\n| `OKTA_AUTH_SERVER_ID` | （使用默认值） | 可选：自定义授权服务器 ID |\n| `OTEL_OTLP_ENDPOINT` | - | OTLP 端点 URL，用于直接推送指标（例如：https:\u002F\u002Fotlp.datadoghq.com） |\n| `OTEL_EXPORTER_OTLP_HEADERS` | - | OTLP 请求头（例如：dd-api-key=YOUR_KEY） |\n| `OTEL_OTLP_EXPORT_INTERVAL_MS` | `30000` | 指标导出间隔，单位为毫秒 |\n| `OTEL_EXPORTER_OTLP_METRICS_TEMPORALITY_PREFERENCE` | `cumulative` | 指标的累积性：`cumulative` 或 `delta` |\n\n### 升级步骤\n\n#### Docker Compose\n\n```bash\ncd mcp-gateway-registry\ngit pull origin main\ngit checkout v1.0.17\n\n# 查看 .env.example 中的新环境变量，并根据需要更新您的 .env 文件\n# 如果存在 ADMIN_USER 和 ADMIN_PASSWORD，请将其移除\n\n# 重新构建并重启：\n.\u002Fbuild_and_run.sh\n```\n\n#### Kubernetes \u002F Helm (EKS)\n\n```bash\ncd mcp-gateway-registry\ngit pull origin main\ngit checkout v1.0.17\n\n# 如有需要，更新 values.yaml，然后升级：\ncd charts\u002Fmcp-gateway-registry-stack\nhelm upgrade mcp-gateway . -f your-values.yaml\n```\n\n#### Terraform \u002F ECS\n\n```bash\ncd mcp-gateway-registry\ngit pull origin main\ng","2026-03-18T05:16:29",{"id":195,"version":196,"summary_zh":197,"released_at":198},289345,"v1.0.15","**2026年2月**\n\n---\n\n## 从 v1.0.13 升级\n\n本节涵盖了从 v1.0.13 升级到 v1.0.15 所需了解的所有内容。\n\n### 破坏性变更\n\n**移除 Helm Chart 依赖项（仅适用于 EKS\u002FHelm 用户）**\n\n`bitnami\u002Fcommon` Chart 依赖项已从 `registry` 和 `auth-server` 子 Chart 中被**移除**。如果您正在从 v1.0.13 升级 Helm Chart，**必须**在升级前重新构建依赖关系：\n\n```bash\n# 在执行 helm upgrade 之前需要运行\ncd charts\u002Fmcp-gateway-registry-stack\nhelm dependency build\nhelm dependency update\n```\n\n如果没有执行此步骤，`helm upgrade` 将会失败，因为旧的 `Chart.lock` 文件中引用了一个已不存在的依赖项。\n\n**内部服务间认证方式改为 JWT (#533)**\n\n现在，注册中心与认证服务器之间的内部通信使用自签名 JWT，而非 Basic Auth。这一更改是透明的——无需任何配置——但 `SECRET_KEY` 环境变量现同时用于 JWT 令牌签名和内部服务认证。请确保在注册中心和认证服务器容器中一致地设置 `SECRET_KEY`。\n\n### 新环境变量\n\n| 变量 | 默认值 | 描述 |\n|------|--------|------|\n| `DEPLOYMENT_MODE` | `with-gateway` | `with-gateway` 或 `registry-only` |\n| `REGISTRY_MODE` | `full` | `full`、`skills-only`、`mcp-servers-only`、`agents-only` |\n| `OAUTH_STORE_TOKENS_IN_SESSION` | `false` | 将 OAuth 令牌存储在会话 Cookie 中（禁用以支持 Entra ID） |\n| `SKILL_SECURITY_SCAN_ENABLED` | `true` | 在注册时启用技能安全扫描 |\n| `SKILL_SECURITY_ANALYZERS` | `yara,spec,heuristic` | 由逗号分隔的技能分析器列表 |\n\n### 升级说明\n\n#### Docker Compose\n\n```bash\ncd mcp-gateway-registry\ngit pull origin main\ngit checkout v1.0.15\n\n# 审阅 .env.example 中的新环境变量，并根据需要更新您的 .env\n# 然后重新构建并重启：\n.\u002Fbuild_and_run.sh\n```\n\n#### Kubernetes \u002F Helm (EKS)\n\n```bash\ncd mcp-gateway-registry\ngit pull origin main\ngit checkout v1.0.15\n\n# 必需：重新构建依赖关系（bitnami\u002Fcommon 已被移除）\ncd charts\u002Fmcp-gateway-registry-stack\nhelm dependency build\nhelm dependency update\n\n# 如有需要，更新 values.yaml 以适应新功能（部署模式、节点选择器等）\n# 然后执行升级：\nhelm upgrade mcp-gateway . -f your-values.yaml\n```\n\n#### Terraform \u002F ECS\n\n```bash\ncd mcp-gateway-registry\ngit pull origin main\ngit checkout v1.0.15\n\n# 使用您希望配置的任何新变量更新 .tfvars 文件\n# 新可用的 Terraform 变量：deployment_mode、registry_mode、oauth_store_tokens_in_session\ncd terraform\u002Faws-ecs\nterraform plan\nterraform apply\n```\n\n#### DockerHub 镜像\n\n预构建的镜像现已可用：\n\n```bash\ndocker pull mcpgateway\u002Fregistry:v1.0.15\ndocker pull mcpgateway\u002Fauth-server:v1.0.15\ndocker pull mcpgateway\u002Fcurrenttime-server:v1.0.15\ndocker pull mcpgateway\u002Frealserverfaketools-server:v1.0.15\ndocker","2026-02-25T00:59:50",{"id":200,"version":201,"summary_zh":202,"released_at":203},289346,"v1.0.13","\r\n\r\n**2026年2月**\r\n\r\n---\r\n\r\n## 重大特性\r\n\r\n### 联邦注册中心\r\n\r\n\r\n通过双向同步将多个 MCP 网关注册中心连接起来：\r\n\r\n- **对等注册中心管理**：可通过 UI 或 CLI 添加、配置和管理对等注册中心\r\n- **自动同步**：服务器和代理可在注册中心之间进行同步，支持可配置的过滤器（白名单、基于标签）\r\n- **环路预防**：防止 A->B->C 的同步环路，确保联邦拓扑结构清晰\r\n- **孤立条目检测**：在移除对等注册中心时，能够识别并处理孤立条目\r\n- **安全扫描同步**：安全扫描结果会在联邦注册中心间传播\r\n- **可见性控制**：可配置哪些服务器\u002F代理会导出到对等方（公开、内部、私有）\r\n\r\n[PR #422](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F422) | [联邦指南](docs\u002Ffederation.md)\r\n\r\n### 代理技能注册中心\r\n\r\n注册、发现并管理代理技能，同时提供健康监测和评分功能：\r\n\r\n- **技能注册**：可为单个代理技能注册元数据及 SKILL.md 文档\r\n- **健康检查**：对已注册技能进行自动健康监测\r\n- **技能评分**：基于社区的五星评分系统，用于评价技能\r\n- **语义搜索**：技能与服务器、代理一同被索引，支持语义搜索\r\n- **UI 集成**：可在注册中心 UI 中浏览、评分并查看技能文档\r\n\r\n[PR #451](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F451) | 多个与技能相关的提交\r\n\r\n### 审计日志与合规\r\n\r\n![审计日志](..\u002Fdocs\u002Fimg\u002Faudit-log.png)\r\n\r\n针对 API 和 MCP 访问进行全面的审计日志记录：\r\n\r\n- **MongoDB 存储**：所有审计事件均存储在 MongoDB 中，以保证可扩展性\r\n- **API 和 MCP 日志记录**：可追踪 REST API 调用及 MCP 工具调用\r\n- **管理员 UI**：可在“设置”菜单中查看、筛选和排序审计日志\r\n- **符合合规要求**：专为企业合规需求设计\r\n\r\n[PR #449](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F449)\r\n\r\n### MCP 服务器版本路由\r\n\r\n使用 HTTP 头部将请求路由到特定的服务器版本：\r\n\r\n- **基于头部的路由**：利用 `X-MCP-Server-Version` 头部定向至指定版本\r\n- **版本管理**：可注册同一服务器的多个版本\r\n- **无缝升级**：可在不影响生产流量的情况下测试新版本\r\n\r\n[PR #407](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F407)\r\n\r\n---\r\n\r\n## 新增内容\r\n\r\n### 联邦与同步\r\n- 具备对等管理与双向同步功能的联邦注册中心 (#422)\r\n- 带有可见性控制的联邦导出 API (#422)\r\n- 用于跟踪联邦条目的同步元数据 (#422)\r\n- 针对多跳联邦场景的环路预防 (#422)\r\n- 对等方删除时的孤立条目检测与清理 (#422)\r\n- 联邦注册中心间的安全扫描同步 (#422)\r\n\r\n### 代理技能\r\n- 实现了后端功能的代理技能注册中心实体\r\n- 技能健康检查…","2026-02-10T23:37:52",{"id":205,"version":206,"summary_zh":207,"released_at":208},289347,"v1.0.12","# 发布 v1.0.12 - 多提供商 IAM、DocumentDB 存储及 Well-Known 健康状态修复\r\n\r\n**2026年1月**\r\n\r\n---\r\n\r\n## 重大特性\r\n\r\n### Keycloak 和 Microsoft Entra ID 的多提供商 IAM 支持\r\n\r\n通过统一 API 实现对 Keycloak 和 Microsoft Entra ID 的完整 IAM 支持：\r\n\r\n- **统一 API**：无论使用哪个身份提供商，用户和组管理体验完全一致\r\n- **自签名 JWT 令牌**：人类用户可为 CLI 工具和 AI 编程助手生成令牌\r\n- **M2M 服务账户**：采用 OAuth2 客户端凭证流程的 AI 代理身份\r\n- **细粒度访问控制**：通过作用域精确定义每个用户可访问的 MCP 服务器、方法、工具和代理\r\n\r\n[PR #378](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F378)\r\n\r\n### AWS ECS 的 CloudFront HTTPS 支持\r\n\r\n已具备生产就绪条件的 AWS 部署，通过 CloudFront 实现 HTTPS 终止：\r\n\r\n- **CDN 缓存**：全球边缘分发，显著降低延迟\r\n- **三种部署模式**：灵活配置以满足不同需求\r\n- **SSL\u002FTLS 终止**：无需在 ECS 上管理证书即可实现安全连接\r\n\r\n[PR #363](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F363) | [Issue #293](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F293)\r\n\r\n### Well-Known 发现健康状态修复\r\n\r\n`\u002F.well-known\u002Fmcp-servers` 端点现在返回实际健康状态，而非硬编码的“healthy”：\r\n\r\n- **准确的状态报告**：服务器显示真实健康状态（healthy、unhealthy、disabled、unknown）\r\n- **状态归一化**：将“unhealthy: timeout”等详细信息归一化为“unhealthy”，便于客户端使用\r\n- **全面测试**：新增 457 行针对 well-known 路由的测试用例\r\n\r\n[PR #384](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F384) | [Issue #375](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F375)\r\n\r\n---\r\n\r\n## 新增内容\r\n\r\n### 认证与 IAM\r\n- Keycloak 和 Microsoft Entra ID 的多提供商 IAM 支持 (#378)\r\n- JWT 令牌作用域改进 (#383)\r\n\r\n### 基础设施与 Docker\r\n- 添加轻量级 Dockerfile，用于简单的 MCP 服务器 (Dockerfile.mcp-server-light)\r\n- 同步 docker-compose 文件，确保一致性\r\n- 在 docker-compose.prebuilt.yml 中引用官方 mongo8:2 镜像 (#364)\r\n- 更新镜像，并在 MongoDB 部署任务中添加 scope.yml (#360)\r\n\r\n### AWS ECS 部署\r\n- AWS ECS 部署的 CloudFront HTTPS 支持 (#363)\r\n- 部署模式修复及安全组规则限制 (#374)\r\n- AWS ECS 部署改进及脚本加固 (#365)\r\n\r\n### 错误修复\r\n- 修复 well-known 端点返回硬编码健康状态的问题 (#384)\r\n- 快速入门文档、MongoDB 认证及 JWT 令牌作用域相关修复 (#383)\r\n\r\n### 文档\r\n- 将 #232 和 #297 标记为已完成，更新路线图\r\n- 添加 HuggingFace CLI 的说明及安装链接 (#371)\r\n- 将 MCP 服务器描述标记为必填项 (#362)\r\n\r\n---\r\n\r\n## 配置变更\r\n\r\n### 用于简单 MCP 服务器的新 Dockerfile\r\n","2026-01-20T00:09:26",{"id":210,"version":211,"summary_zh":212,"released_at":213},289348,"v1.0.9-patch1","# 发布 v1.0.9-patch1 - MongoDB 认证兼容性\n\n**2026年1月7日**\n\n---\n\n## 概述\n\n此补丁版本解决了 MongoDB 社区版与 AWS DocumentDB 之间的 MongoDB 认证兼容性问题。通过这些更改，MCP 网关注册中心能够无缝地同时支持 MongoDB CE 8.2+（使用 SCRAM-SHA-256）和 AWS DocumentDB v5.0（使用 SCRAM-SHA-1）。\n\n**相关问题：**\n- [#334](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F334) - 将 MongoDB 认证升级至 SCRAM-SHA-256\n- [#336](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F336) - 将 AWS DocumentDB 认证升级至 SCRAM-SHA-256（暂存）\n\n**拉取请求：**\n- [#335](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F335) - 修复 DocumentDB 的 MongoDB 认证兼容性\n\n---\n\n## 修复内容\n\n### MongoDB 认证兼容性\n\n注册中心现在会根据存储后端自动选择正确的认证机制：\n\n- **MongoDB CE 8.2+**：使用 SCRAM-SHA-256（更强大、更现代的认证方式）\n- **AWS DocumentDB v5.0**：使用 SCRAM-SHA-1（这是我们目前能够在 Amazon DocumentDB 上成功运行的唯一机制，尽管官方文档声称 SCRAM-SHA-256 应该可用，相关跟踪请参见 [#336](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fissues\u002F336)）\n\n这一行为由新的 `STORAGE_BACKEND` 环境变量控制：\n\n```bash\n# 对于 MongoDB 社区版\nSTORAGE_BACKEND=mongodb-ce\n\n# 对于 AWS DocumentDB（默认）\nSTORAGE_BACKEND=documentdb\n```\n\n### Pydantic 验证修复\n\n通过为相关性分数添加上界验证，修复了语义搜索 API 模型中的测试失败问题：\n\n```python\n# 修复前：\nrelevance_score: float = Field(0.0, ge=0.0)\n\n# 修复后：\nrelevance_score: float = Field(0.0, ge=0.0, le=1.0)\n```\n\n这确保了相关性分数始终在 0.0 到 1.0 之间，符合预期。\n\n### 联邦命令修复\n\n修复了 `populate-registry.sh` 脚本中联邦命令的语法错误：\n\n```bash\n# 修复前（错误）：\nfederation-rescan --provider anthropic\n\n# 修复后（正确）：\nfederation-sync --source anthropic\n```\n\n### 集成测试改进\n\n为需要 MongoDB 运行的 MongoDB 集成测试添加了跳过标记，以防止在 CI 环境中因 MongoDB 未部署而导致的误报失败。\n\n---\n\n## 更改文件\n\n### 核心认证变更\n- `registry\u002Frepositories\u002Fdocumentdb\u002Fclient.py` - 基于存储后端的条件性 SCRAM 认证\n- `scripts\u002Finit-documentdb-indexes.py` - 添加了 `storage_backend` 参数\n- `scripts\u002Fload-scopes.py` - 条件性 SCRAM 机制选择\n- `scripts\u002Fmanage-documentdb.py` - 条件性 SCRAM 机制选择\n- `scripts\u002Fdebug-scopes.py` - 条件性 SCRAM 机制选择\n- `registry\u002Fscripts\u002Finspect-documentdb.py` - 条件性 SCRAM 机制选择\n\n### 构建与部署\n- `docker\u002FDockerfile.registry` - 添加了 scripts 目录","2026-01-07T22:28:34",{"id":215,"version":216,"summary_zh":217,"released_at":218},289349,"v1.0.9","# 发布 v1.0.9 - 性能与基础设施优化\n\n**2026年1月**\n\n---\n\n## 主要特性\n\n### 多阶段 Docker 构建与镜像优化\n\n显著减小 Docker 镜像大小并提升构建性能：\n\n- **Registry 镜像**：从 4.79GB 减少至 1.64GB（缩减 66%）\n- **mcpgw 服务器**：从 7.78GB 减少至约 1.5GB（缩减 80%）\n- **构建上下文**：从 1.77GB 优化至 \u003C500MB\n- **多阶段架构**：采用三阶段构建（前端 → 后端 → 运行时）\n- **仅 CPU 版 PyTorch**：使用 PyTorch 2.0+ 的 CPU 轮子包，而非 GPU 版本\n- **选择性文件复制**：最终镜像中仅包含必要的应用文件\n\n[PR #333](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F333)\n\n### MongoDB\u002FDocumentDB 存储后端\n\n全面迁移存储方式，从文件系统转向生产就绪的数据库后端：\n\n- **DocumentDB 支持**：AWS DocumentDB 用于生产部署\n- **MongoDB CE 支持**：MongoDB 社区版用于本地开发\n- **仓储模式**：抽象数据访问层以提高灵活性\n- **工厂模式**：通过配置动态选择后端\n- **向后兼容性**：文件存储已弃用但仍支持\n\n[PR #328](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F328)\n\n### 测试套件优化\n\n全面的 pytest 测试套件，性能大幅提升：\n\n- **性能**：测试执行时间从 150 秒缩短至 30 秒（提升 80%）\n- **并行执行**：使用 pytest-xdist 实现 8 个并行工作进程\n- **测试覆盖率**：701+ 项测试（单元测试、集成测试、端到端测试）\n- **GitHub Actions**：所有 PR 均自动运行测试\n- **内存优化**：智能安排测试顺序，避免在 EC2 上出现内存不足问题\n\n[PR #330](https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F330)\n\n---\n\n## 新增内容\n\n### 基础设施与性能\n- 所有镜像均采用多阶段 Docker 构建\n- 优化 `.dockerignore` 文件，排除不必要的文件\n- 安装仅 CPU 版 PyTorch，减少镜像体积\n- 全面的测试套件，最低覆盖率达到 35%\n- 增强测试文档（[测试指南](docs\u002Ftesting\u002FREADME.md)）\n\n### 存储后端\n- 生产环境采用 DocumentDB 作为主存储后端\n- 本地开发支持 MongoDB 社区版\n- 使用仓储模式实现干净的数据访问抽象\n- 基于工厂模式选择后端\n- 移除 OpenSearch 依赖\n\n### 安全与认证\n- 随机生成管理员用户名和密码，提升安全性 (#325)\n- Cookie 安全性增强 (#276)\n- 支持 auth-server 的域名级 Cookie (#258)\n- 迁移至 Bitnami Keycloak OCI 仓库 (#318)\n\n### 开发者体验\n- 更新 `llms.txt` 文件，添加 AI 助手的关键文档 (#331)\n- 移除过时的 `quick-start.md` 文档\n- 增强数据库抽象层文档\n- 支持 Podman 无 root 模式下的 macOS 环境 (#308)\n- 改进 ECS 架构图\n\n### 前端修复\n- 修复前端","2026-01-06T23:22:53",{"id":220,"version":221,"summary_zh":222,"released_at":223},289350,"v1.0.8","## 变更内容\n* @omrishiv 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F278 中添加了 MCP 注册中心网关 Helm 图表\n* @aarora79 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F288 中完成了具有增强功能的管理 API 实现\n* @aarora79 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F289 中完成了服务器和代理评分系统的实现\n* @aarora79 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F290 中修复了服务器评分端点的 AttributeError\n* @aarora79 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F291 中添加了安全扫描 API 端点和 CLI 命令\n* @aarora79 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F292 中添加了 EKS 部署文档和 ai-on-eks 集成\n* @gauravrele87 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F298 中添加了 A2A 扫描器支持\n* @aarora79 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F299 中添加了 OpenAPI 规范 v1.0.8\n\n## 新贡献者\n* @gauravrele87 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F298 中做出了首次贡献\n\n**完整变更日志**: https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fcompare\u002Fv1.0.7...v1.0.8","2025-12-17T23:23:18",{"id":225,"version":226,"summary_zh":227,"released_at":228},289351,"v1.0.6","# 发布 v1.0.6 - A2A 协议、AWS ECS 生产部署与联邦架构\n\n**2025年11月**\n\n---\n\n## 重大特性\n\n### 代理间（A2A）协议支持\n\n全面实现 A2A 协议，用于代理注册、发现和通信：\n\n- **代理注册表 API** - 完整的 REST API，用于代理生命周期管理 (`\u002Fapi\u002Fagents\u002F*`)\n- **语义化代理发现** - 使用自然语言查询查找代理\n- **代理健康检查** - 已注册代理的实时 `\u002Fping` 健康监测\n- **细粒度访问控制** - 三层权限体系（UI 范围、组映射、代理范围）\n- **示例代理** - 使用 Strands 框架构建的旅行助手和航班预订代理\n\n[A2A 指南](docs\u002Fa2a.md) | [代理管理](docs\u002Fa2a-agent-management.md)\n\n### AWS ECS 生产部署\n\n适用于生产环境的 Amazon ECS Fargate 部署：\n\n- **多可用区架构** - 在两个可用区间实现高可用性\n- **自动伸缩** - 根据 CPU\u002F内存利用率动态调整任务数量（2–4 个任务）\n- **Aurora PostgreSQL Serverless v2** - 具有多可用区复制功能的自动伸缩数据库\n- **应用负载均衡器** - 使用 ACM 证书进行 HTTPS\u002FSSL 终止\n- **CloudWatch 集成** - 全面的监控、日志记录和告警功能\n- **EFS 共享存储** - 用于模型、日志和配置的持久化存储\n- **完整的 Terraform 配置** - 整个堆栈的基础设施即代码\n\n[ECS 部署指南](terraform\u002Faws-ecs\u002FREADME.md)\n\n### 联邦注册中心（ASOR 集成）\n\n多注册中心联邦支持：\n\n- **Workday ASOR 集成** - 从 AI 代理记录系统导入代理\n- **可视化标识** - 清晰的视觉标签区分联邦来源（ANTHROPIC、ASOR）\n- **自动同步** - 定期与外部注册中心同步\n- **集中式管理** - 所有联邦服务器和代理的单一控制平面\n\n[联邦指南](docs\u002Ffederation.md)\n\n### Microsoft Entra ID（Azure AD）集成\n\n企业级 SSO 与 Microsoft 身份平台集成：\n\n- **通用 OIDC 支持** - 灵活的身份验证提供商配置\n- **Entra ID 提供商** - 原生 Microsoft Entra ID 集成\n- **基于组的访问控制** - 利用现有 Azure AD 组分配权限\n\n[Entra ID 设置指南](docs\u002Fentra-id-setup.md)\n\n---\n\n## 新增内容\n\n### A2A 代理功能\n- 代理注册、更新、删除及启用\u002F禁用操作\n- 基于语义的代理发现接口 (`\u002Fapi\u002Fagents\u002Fdiscover\u002Fsemantic`)\n- 基于技能的代理发现接口 (`\u002Fapi\u002Fagents\u002Fdiscover`)\n- 实时代理健康检查，通过 `\u002Fping` 端点验证\n- 旅行助手和航班预订示例代理\n\n### AWS ECS 部署\n- 基于 ECS Fargate 的生产级架构\n- 支持跨账户的 ALB 安全组配置\n- 用于 Keycloak 初始化的 Scopes 初始化容器\n- 支持将容器镜像发布到 Docker Hub\n- ECS 部署架构图\n\n###","2025-11-27T14:36:18",{"id":230,"version":231,"summary_zh":232,"released_at":233},289352,"v1.0.5","# 发布 v1.0.5 - 供应链安全与 MCP 注册表 CLI\n\n**2025年10月28日**\n\n---\n\n## 主要特性\n\n### 🛡️ 带有 Cisco AI Defence 的供应链安全\n\nMCP 服务器的自动化安全扫描：\n- **注册时自动扫描**\n- **持续监控**，定期进行审计\n- **双重分析**：YARA 模式检测 + LLM 驱动的威胁分析\n- **自动禁用** 存在安全问题的服务器\n\n[安全扫描器指南](docs\u002Fsecurity-scanner.md) | [Cisco MCP 扫描器](https:\u002F\u002Fgithub.com\u002Fcisco-ai-defense\u002Fmcp-scanner)\n\n### 🤖 交互式 MCP 注册表 CLI\n\n用自然语言与您的 MCP 注册表对话：\n- **自然语言发现** - 用通俗英语提问\n- **实时令牌跟踪** - 认证状态、有效期、费用监控\n- **AI 驱动** - 支持 Claude（Anthropic）和 Amazon Bedrock\n- **全局命令** - `registry --url \u003Cgateway-url>`\n\n[CLI 指南](docs\u002Fmcp-registry-cli.md)\n\n---\n\n## 新增内容\n\n- ✅ 全局 `registry` CLI 命令\n- ✅ 增强的 TokenStatusFooter，新增费用跟踪功能\n- ✅ 改进了应用初始化及错误处理\n- ✅ 更新了 README，增加了 CLI 章节和演示\n- ✅ 当令牌剩余时间少于 10 秒时，自动刷新令牌\n\n---\n\n## 致谢\n\n**Nisha Deborah Philips** [@nisha-deborah-philips](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fnisha-deborah-philips\u002F) - Cisco 扫描器集成、AI 助手、UI\n\n**Kangheng Liu** [@kangheng-liu](https:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fkangheng-liu\u002F) - AI 助手及注册表 UI\n\n\n---\n\n## 快速入门\n\n**安全扫描：**\n```bash\n.\u002Fcli\u002Fservice_mgmt.sh add \u003Cconfig-file> yara,llm\n```\n\n**CLI：**\n```bash\ncd cli && npm install && npm link\nregistry --url https:\u002F\u002Fyour-gateway.com\n```\n\n---\n\n**仓库地址：** https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\n## 变更内容\n* 将 v0 更改为 v0.1，用于 Anthropic 注册表，由 @nishadeborahphilips 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F183 中完成\n* 添加了对 MCP 服务器的安全扫描功能，由 @nishadeborahphilips 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F184 中完成\n* （修复注册表）：将固定的休眠替换为 Nginx 配置检查，由 @yubingjiaocn 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F186 中完成\n* 与 ink CLI 集成，由 @nishadeborahphilips 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F185 中完成\n\n## 新贡献者\n* @yubingjiaocn 在 https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fpull\u002F186 中完成了首次贡献\n\n**完整变更日志**：https:\u002F\u002Fgithub.com\u002Fagentic-community\u002Fmcp-gateway-registry\u002Fcompare\u002Fv1.0.4...v1.0.5","2025-10-29T00:32:15",{"id":235,"version":236,"summary_zh":237,"released_at":238},289353,"v1.0.4","# MCP Gateway & Registry v1.0.4\r\n\r\n**Release Date:** October 14, 2025\r\n\r\nWe're excited to announce v1.0.4 of the MCP Gateway & Registry - featuring major enhancements for Anthropic MCP Registry integration, environment variable management, and improved documentation.\r\n\r\n## What's New\r\n\r\n### Anthropic MCP Registry Integration\r\n\r\nSeamlessly integrate with Anthropic's official MCP Registry to import and access curated MCP servers through your gateway!\r\n\r\n**Import Servers from Anthropic Registry** (#171)\r\n- **One-Command Import** - Import curated MCP servers with a single command\r\n- **Automatic Configuration** - Server metadata, authentication, and tags automatically configured\r\n- **Environment Variable Substitution** - API keys and credentials automatically substituted from `.env` file\r\n- **Bulk Import Support** - Import multiple servers from a list file\r\n- **Unified Access** - Access imported servers through your gateway with centralized authentication\r\n\r\n**Anthropic Registry REST API v0 Compatibility** (#178)\r\n- **Full API Compatibility** - Complete support for Anthropic's Registry REST API v0 specification\r\n- **Server Discovery** - List available servers programmatically with JWT authentication\r\n- **Version Information** - Retrieve server versions and compatibility details\r\n- **Programmatic Access** - Point your Anthropic API clients to this registry\r\n\r\n**Documentation:**\r\n- [Anthropic Registry Import Guide](docs\u002Fanthropic-registry-import.md) - Comprehensive guide for importing servers\r\n- [Registry REST API v0 Documentation](docs\u002Fanthropic_registry_api.md) - API reference and examples\r\n\r\n**Example Usage:**\r\n```bash\r\n# Import a single server\r\n.\u002Fcli\u002Fimport_from_anthropic_registry.sh ai.smithery\u002Fsmithery-ai-github\r\n\r\n# Import from a curated list\r\n.\u002Fcli\u002Fimport_from_anthropic_registry.sh --import-list cli\u002Fimport_server_list.txt\r\n\r\n# List available servers via API\r\ncurl https:\u002F\u002Fyour-gateway\u002Fv0\u002Fservers \\\r\n  -H \"Authorization: Bearer YOUR_TOKEN\"\r\n```\r\n\r\n### Enhanced Authentication & Environment Management\r\n\r\n**Automatic Environment Variable Substitution** (#181)\r\n- **Smart Header Processing** - Authentication headers automatically populated from environment variables\r\n- **Import-Time Substitution** - Environment variables substituted during server import, not at runtime\r\n- **Simplified Configuration** - No need to pass environment variables to Docker containers\r\n- **Auto-Load .env File** - Import script automatically sources `.env` file\r\n\r\n**Before:**\r\n```bash\r\n# Manual environment variable management\r\nsource .env\r\nexport SMITHERY_API_KEY\r\n.\u002Fcli\u002Fimport_from_anthropic_registry.sh server-name\r\n```\r\n\r\n**After:**\r\n```bash\r\n# Automatic - just run the import\r\n.\u002Fcli\u002Fimport_from_anthropic_registry.sh server-name\r\n```\r\n\r\n### Bug Fixes\r\n\r\n**UI Improvements**\r\n- **Fixed proxy_pass_url Display** - UI now correctly shows upstream URLs for imported servers\r\n- **Added Missing Field** - `\u002Fservers` API endpoint now includes `proxy_pass_url` in response\r\n\r\n**Model Download Optimization** (#176)\r\n- **Removed Redundant Download** - Eliminated model download from registry entrypoint\r\n- **Faster Startup** - Registry container starts faster with pre-downloaded models\r\n- **Better User Experience** - Model download now handled by setup scripts\r\n\r\n### Documentation Improvements\r\n\r\n**New Documentation**\r\n- **Anthropic Registry Import Guide** - Complete guide for importing servers from Anthropic's registry\r\n- **REST API v0 Documentation** - Full API reference for Anthropic registry compatibility\r\n- **Enhanced README** - More concise with better organization and navigation\r\n\r\n**README Updates**\r\n- Condensed \"What's New\" section (reduced from 14 to 6 key items)\r\n- Simplified deployment and infrastructure details\r\n- Added Anthropic documentation links to docs table\r\n- Removed verbose sections for better readability\r\n\r\n**macOS Setup Guide Updates** (#177)\r\n- Updated installation instructions for macOS users\r\n- Platform-specific optimizations and troubleshooting\r\n\r\n### Roadmap Updates\r\n\r\n**Completed Features**\r\n- **#171** - Import Servers from Anthropic MCP Registry\r\n- **#37** - Multi-Level Registry Support (via Anthropic integration)\r\n\r\nThese features enable federated registry support and seamless integration with the broader MCP ecosystem.\r\n\r\n## Breaking Changes\r\n\r\nNone - this release is fully backward compatible with v1.0.3.\r\n\r\n## Upgrade Instructions\r\n\r\n### For Existing Installations\r\n\r\n1. **Pull the latest changes:**\r\n```bash\r\ncd mcp-gateway-registry\r\ngit pull origin main\r\n```\r\n\r\n2. **Update environment configuration:**\r\nAdd any new API keys to your `.env` file:\r\n```bash\r\n# Example: Smithery API key for imported servers\r\nSMITHERY_API_KEY=your-api-key-here\r\n```\r\n\r\n3. **Restart services:**\r\n```bash\r\n.\u002Fbuild_and_run.sh\r\n```\r\n\r\n### For Pre-built Image Users\r\n\r\n```bash\r\ncd mcp-gateway-registry\r\ngit pull origin main\r\n.\u002Fbuild_and_run.sh --prebuilt\r\n```\r\n\r\n## Migration Notes\r\n\r\n### Importing Servers\r\n\r\nIf you want to import servers from Anthropic's r","2025-10-14T08:13:36",{"id":240,"version":241,"summary_zh":242,"released_at":243},289354,"v1.0.3","# MCP Gateway & Registry v1.0.3\r\n\r\n**Release Date:** October 8, 2025\r\n\r\nWe're excited to announce v1.0.3 of the MCP Gateway & Registry - the enterprise-ready platform that centralizes access to AI development tools using the Model Context Protocol (MCP).\r\n\r\n## What's New\r\n\r\n### Amazon Bedrock AgentCore Gateway Integration\r\n\r\nSeamlessly integrate Amazon Bedrock AgentCore Gateways with the MCP Gateway Registry! This major enhancement brings enterprise-grade AI assistant capabilities to your MCP infrastructure.\r\n\r\n**Key Features:**\r\n- **Dual Authentication Flow** - Keycloak ingress authentication for gateway access + Cognito egress authentication for AgentCore\r\n- **Passthrough Token Mode** - AgentCore tokens bypass gateway validation for direct authentication with AWS Cognito\r\n- **Complete MCP Protocol Support** - Full session initialization, tool discovery, and tool execution\r\n- **Production-Ready Examples** - Customer support assistant with warranty lookup and customer profile tools\r\n\r\n**Documentation:** [Amazon Bedrock AgentCore Integration Guide](docs\u002Fagentcore.md)\r\n\r\n**Use Cases:**\r\n- Deploy customer support assistants with knowledge base integration\r\n- Access AWS Lambda functions through managed MCP endpoints\r\n- Build AI agents with enterprise authentication and audit trails\r\n\r\n### Pre-built Docker Images - Deploy in Under 10 Minutes\r\n\r\nGet running instantly with our pre-built Docker images! No compilation required - just download and run.\r\n\r\n**Benefits:**\r\n- Instant deployment with `.\u002Fbuild_and_run.sh --prebuilt`\r\n- Faster updates and rollbacks\r\n- Support for both EC2 and macOS deployments\r\n- All components pre-compiled and optimized\r\n\r\n**Documentation:**\r\n- [Quick Start Guide](README.md#option-a-pre-built-images-instant-setup)\r\n- [macOS Setup Guide](docs\u002Fmacos-setup-guide.md)\r\n- [Pre-built Images Documentation](docs\u002Fprebuilt-images.md)\r\n\r\n### Keycloak Identity Provider Integration\r\n\r\nEnterprise-grade authentication with complete audit trails and group-based authorization.\r\n\r\n**Features:**\r\n- Individual AI agent identity management\r\n- Group-based access control with fine-grained permissions\r\n- Service account provisioning for automation\r\n- Production-ready OAuth 2.0 flows (M2M, 2LO, 3LO)\r\n- Complete audit trail for compliance (GDPR, SOX)\r\n\r\n**Documentation:** [Keycloak Integration Guide](docs\u002Fkeycloak-integration.md)\r\n\r\n### Real-Time Metrics & Observability\r\n\r\nComprehensive monitoring and observability platform built on industry-standard tools.\r\n\r\n**Components:**\r\n- **Grafana Dashboards** - Pre-built dashboards for server health, tool usage, and authentication\r\n- **SQLite Storage** - Efficient metrics storage with OTEL integration\r\n- **Real-Time Monitoring** - Track performance, errors, and usage patterns\r\n- **Custom Metrics** - Emit application-specific metrics from any component\r\n\r\n**Access:** http:\u002F\u002Flocalhost:3000 (Grafana) | http:\u002F\u002Flocalhost:7860 (Registry UI)\r\n\r\n**Documentation:** [Observability Guide](docs\u002FOBSERVABILITY.md)\r\n\r\n### Service & User Management Utilities\r\n\r\nComprehensive CLI tools for complete lifecycle management of MCP servers and users.\r\n\r\n**Capabilities:**\r\n- Server registration and health validation\r\n- User provisioning with Keycloak integration\r\n- Group-based access control configuration\r\n- Automated testing and verification\r\n- Complete workflow examples\r\n\r\n**CLI Tools:**\r\n- `service_mgmt.sh` - Server lifecycle management\r\n- User management utilities - Group and scope configuration\r\n- Health check automation\r\n\r\n**Documentation:** [Service Management Guide](docs\u002Fservice-management.md)\r\n\r\n## Enhanced Features\r\n\r\n### Tag-Based Tool Filtering\r\nEnhanced `intelligent_tool_finder` now supports hybrid search:\r\n- Semantic search for natural language queries\r\n- Tag-based filtering for categorical discovery\r\n- Combined search modes for precise tool selection\r\n\r\n### Three-Legged OAuth (3LO) Support\r\nIntegrate external services with user consent flows:\r\n- Atlassian (Jira, Confluence)\r\n- Google Workspace\r\n- GitHub\r\n- Custom OAuth providers\r\n\r\n### JWT Token Vending Service\r\nSelf-service token generation for automation:\r\n- Service account tokens\r\n- Time-limited access tokens\r\n- Automated credential rotation\r\n\r\n### Automated Token Refresh Service\r\nBackground token refresh maintains continuous authentication:\r\n- Automatic token renewal before expiration\r\n- Seamless credential management\r\n- Zero-downtime authentication\r\n\r\n## Improvements\r\n\r\n### Installation & Deployment\r\n- Eliminated sudo requirements - uses `${HOME}` instead of `\u002Fopt`\r\n- Pre-built Docker images for instant deployment\r\n- Improved EC2 and macOS compatibility\r\n- Remote desktop setup guide for easier access\r\n\r\n### Authentication & Security\r\n- Dual authentication support (ingress + egress)\r\n- Passthrough token mode for external IdPs\r\n- Enhanced audit trails and compliance features\r\n- Fine-grained access control (FGAC) at server and tool levels\r\n\r\n### Developer Experience\r\n- Comprehensive documentation with examples\r\n- CLI tools for aut","2025-10-08T01:06:05"]