toolsdk-mcp-registry
An open-source “MCP Registry & Gateway” that lets clients discover and execute Model Context Protocol (MCP) servers through a unified HTTP API. It supports bridging STDIO-based local MCP servers and remote Streamable HTTP servers, includes a sandboxed execution model, and provides an OAuth 2.1 proxy. It also exposes a publicly hosted registry dataset/index via JSON for programmatic discovery (data-only usage).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Provides sandboxed execution and an OAuth 2.1 proxy, suggesting attention to isolating third-party tools and supporting authenticated flows. However, the provided content does not specify TLS requirements, auth scope granularity, secure secret-handling practices (e.g., logging/redaction), or detailed security headers/rate limiting behavior.
⚡ Reliability
Best When
You want a centralized, self-hosted gateway/registry to execute many MCP tools securely (with sandboxing) and to integrate discovery/execution into agent systems via HTTP.
Avoid When
You cannot operate a Dockerized service (and related dependencies like search) or you need a lightweight local-only MCP client with no registry/gateway overhead.
Use Cases
- • Self-host an MCP tool gateway for LLM/agent applications
- • Remote execution of MCP tools via a single REST-style HTTP endpoint
- • Expose STDIO-only MCP servers to clients that only speak Streamable HTTP
- • Federated search/discovery across registered MCP packages/servers
- • Sandboxed execution of untrusted third-party MCP servers in production
Not For
- • Direct ad-hoc tool execution without running/staging the gateway
- • Environments that require strong guarantees about third-party tool safety beyond sandboxing
- • Use cases that need a pure MCP-native client with no HTTP translation layer
Interface
Authentication
README indicates built-in OAuth 2.1 support and a proxy. Specific auth headers/parameter names and granular scopes are not shown in the provided content.
Pricing
The repo/package appears open-source and self-hosted; no pricing tiers are stated in the provided README content.
Agent Metadata
Known Gotchas
- ⚠ Tool execution is mediated by the gateway; session-based MCP over Streamable HTTP requires reusing the provided mcp-session-id header (expires after ~30 minutes).
- ⚠ Environment-variable passthrough for MCP tools uses x-mcp-env-* headers; agents must avoid leaking secrets into logs.
- ⚠ Sandbox can be disabled via configuration (MCP_SANDBOX_PROVIDER=LOCAL) which may be unsafe for untrusted tools.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for toolsdk-mcp-registry.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.