MCP Runtime is an open-source, Kubernetes-native control plane for deploying, governing, and brokering MCP servers. It packages server deployment, registry workflows, gateway routing, access policy, audit evidence, and observability into one operating surface for platform, security, and compliance teams.
Unlike public MCP directories or client-specific catalogs, MCP Runtime is not just a place to discover servers, and it is not a marketplace for MCP listings. The platform control surface is the front door to a deployable runtime: Kubernetes reconciliation, registry workflow, brokered tool calls, access grants, consented sessions, audit, compliance evidence, and operational visibility. The hosted platform shows what that experience looks like; companies can run the same model inside their own clusters for agents, IDEs, and direct human workflows.
Vendor-neutral MCP infrastructure for platform teams
Build and publish MCP server images, reconcile them with Kubernetes CRDs, expose them through governed gateway routes, and keep policy decisions, consented sessions, audit trails, and telemetry attached to every agent call.
- Operator and
MCPServer,MCPAccessGrant, andMCPAgentSessionCRDs - Registry-backed image build, push, and deploy flow
- Sentinel gateway policy, grants, consented sessions, audit, and analytics
- Governance controls for tool access, trust levels, session revocation, and policy versioning
- Compliance-oriented event records for who called what, when, against which server, and whether it was allowed or denied
- Ingress routing for path-based MCP endpoints
- CLI for setup, status, registry, access, Sentinel, and servers
mcp-runtime setup installs the CRDs, runtime namespaces, an operator, registry
integration, ingress wiring, and the bundled Sentinel stack. Sentinel includes
the gateway request path, grant/session policy materialization, analytics
ingest and processing, dashboard/API services, and observability components.
Top MCP directories and catalogs such as Glama, Smithery, Docker MCP Catalog, PulseMCP, mcp.so, and client-specific catalogs are useful for public discovery, metadata, install snippets, or client onboarding. MCP Runtime is different: it is an open-source control plane for operating governed MCP servers inside a company environment.
| Others usually provide | MCP Runtime provides |
|---|---|
| Public discovery and categories | Deployable runtime plus an internal server view when teams need one |
| Install snippets and connection docs | Kubernetes MCPServer reconciliation and routes |
| Popularity or metadata signals | Trust, grants, sessions, policy decisions, audit, and compliance evidence |
| Hosted directory or client-specific UX | Self-hosted, vendor-neutral Kubernetes control plane |
As of April 2026, we have not found another open-source MCP product that combines a deployable Kubernetes operator, registry workflow, brokered request path, access/session model, audit pipeline, and operational control surface in one system.
MCP Runtime keeps governance on the live request path instead of leaving it as
out-of-band documentation. The gateway evaluates MCPAccessGrant and
MCPAgentSession policy before tool calls reach a server, including tool-level
allow/deny rules, trust requirements, consented trust, expiry, and revocation.
Each decision can emit audit and analytics events with the server, namespace, human ID, agent ID, session ID, tool name, policy version, decision, reason, and trust context. That gives platform and security teams a queryable record for reviewing access, investigating denied calls, and preparing compliance evidence for governed agent workflows.
MCP Runtime expects an already-running Kubernetes cluster and a workstation with the CLI prerequisites installed. The setup flow applies the runtime manifests, installs the operator and Sentinel services, and wires ingress and registry resources for the selected environment.
For provider-specific prerequisites such as container runtime registry trust, DNS, ingress, TLS, and k3s configuration, start with Cluster readiness.
MCPServer, access grants, sessions, gateway headers, and HTTP APIs.
Contribute
Read the internals
If you are here to contribute, start with the internal docs for codebase structure, package tours, and implementation details.
| Workflow | Start here |
|---|---|
| Evaluate MCP Runtime for a private MCP platform | Getting started, then Architecture |
| Run MCP Runtime on a real cluster | Cluster readiness, then Runtime |
| Govern tools and sessions | Sentinel, then API reference |
| Integrate from automation | CLI, then API reference |
| Work on the codebase | Internals |
MCP Runtime is alpha. The architecture is stable enough to evaluate as governed MCP infrastructure, but API and UX details are still evolving. Treat the v1alpha1 types as the source of truth.