freshcrate
Home > MCP Servers > toolhive

toolhive

ToolHive is an enterprise-grade platform for running and managing Model Context Protocol (MCP) servers.

aiai-securityaicodeassistantgogolangkubernetesmcpmcp-securitymcp-servers

Description

ToolHive is an enterprise-grade platform for running and managing Model Context Protocol (MCP) servers.

README

Run any Model Context Protocol (MCP) server: securely, instantly, anywhere.

ToolHive includes everything you need to use MCP servers in production. Rather than build or combine components yourself, use ToolHive's Registry Server, Runtime, Gateway, and Portal to get up and running quickly and safely.

ToolHive keeps you in control of your MCP estate. Integrate with popular clients in seconds and deploy pre-vetted MCP servers in locked-down containers with a single click or command. ToolHive is available as a desktop app, web app, CLI, and Kubernetes operator.

ToolHive diagram

Why ToolHive?

  • Instant deployment: Start any MCP server with one click or command, using Docker or Kubernetes.
  • Secure by default: Every server runs in an isolated container with only the permissions it needs. Secrets are managed securely, never in plaintext.
  • Works everywhere: Use the UI and CLI for local development, or the Kubernetes Operator for production and scale.
  • Seamless integration: ToolHive auto-configures popular clients like GitHub Copilot, Cursor, VS Code Server, and more.

 ToolHive sources diagram

Quick links

Core capabilities

ToolHive architecture: Gateway, Registry Server, Runtime, and Portal

ToolHive is built on a modular architecture to streamline secure MCP server management and integration. Here's how the main components work.

🔌 Gateway

Define dedicated endpoints from which your teams can securely and efficiently access tools.

  • Orchestrate multiple tools into a virtual MCP with a deterministic workflow engine
  • Define access policies and network endpoints
  • Centralize control of security policy, authentication, authorization, auditing, etc.
  • Integrate with your IdP for SSO (OIDC/OAuth compatible)
  • Customize and filter tools and descriptions to improve performance and reduce token usage
  • Connect with local clients like Claude Desktop, Cursor, VS Code, and VS Code Server

📦 Registry Server

Curate a catalog of trusted servers your teams can quickly discover and deploy.

  • Integrate with the official MCP registry
  • Add custom MCP servers
  • Group servers based on role or use case
  • Manage your registry with an API-driven interface (or embed in existing workflows for seamless integration and governance)
  • Verify provenance and sign servers with built-in security controls
  • Preset configurations and permissions for a frictionless user experience

⚙️ Runtime

Deploy, run, and manage MCP servers locally or in a Kubernetes cluster with security guardrails.

  • Deploy MCP servers in the cloud via Kubernetes for enterprise scalability
  • Run MCP servers locally via Docker or Podman
  • Proxy remote MCP servers securely for unified management
  • Kubernetes Operator for fleet and resource management
  • Leverage OpenTelemetry and Prometheus for monitoring and audit logging

💻 Portal

Simplify MCP adoption for developers and knowledge workers across your enterprise

  • Cross-platform desktop app and browser-based cloud UI
  • Make it easy for admins to curate MCP servers and tools
  • Automate server discovery
  • Install MCP servers with a single click
  • Compatible with hundreds of AI clients

How it works together

  1. Admins curate and organize MCP servers in the Registry, configuring access and policies.
  2. Users discover and request MCP servers from the Portal, and ToolHive orchestrates installation and access.
  3. Runtime securely deploys and manages MCP servers across local and cloud environments, integrating seamlessly with existing SDLC workflows, exporting analytics, and enforcing fine-grained access control.
  4. Gateway handles all inbound traffic, secures context and credentials, optimizes tool selection, and applies organizational policies.

Flexible deployment

Desktop experience

Individual developers can get started in minutes with the desktop UI or CLI, then apply the same concepts in enterprise environments.

Key features:

  • Run any MCP server from a container image, or build one dynamically from common package managers
  • Manage encrypted secrets and control network isolation with simple, local tooling
  • Test and validate MCP servers using built-in tools like the official MCP Inspector
  • Optimize token usage and tool execution with the MCP Optimizer

Get started with the UI: Quickstart, How-to guides
Get started with the CLI: Quickstart, How-to guides, Command reference

MCP guides: learn how to run common MCP servers with ToolHive

Kubernetes Operator

Teams and organizations manage MCP servers and registries centrally using familiar Kubernetes workflows.

Key features:

  • Custom Resource Definitions for MCP servers, registries, and other ToolHive components
  • Secure execution with container-based isolation and multi-namespace support
  • Automated service creation and discovery, with ingress integration for secure access
  • Enterprise-grade security and observability: OIDC/OAuth SSO, secure token exchange, audit logging, OpenTelemetry, and Prometheus metrics
  • Hybrid registry server: curate from upstream registries, dynamically register local MCP servers, or proxy trusted remote services

Get started: Quickstart, How-to guides, CRD reference, Example manifests

Hybrid

ToolHive's complete solution for teams and enterprises supports MCP servers across all environments: on developer machines, inside your Kubernetes clusters, or hosted externally by trusted SaaS providers.

End users access approved MCP servers through a secure, browser-based cloud UI. Developers can also connect using the ToolHive CLI or desktop UI for advanced integration and testing workflows.

Enterprise teams can also leverage ToolHive to integrate MCP servers into custom internal tools, agentic workflows, or chat-based interfaces, using the same runtime and access controls.

ToolHive platform diagram

Contributing

We welcome contributions and feedback from the community!

If you have ideas, suggestions, or want to get involved, check out our contributing guide or open an issue. Join us in making ToolHive even better!

Contribute to the CLI, API, and Kubernetes Operator (this repo):

Contribute to the UI, registry, and docs:

 ToolHive mascot

License

This project is licensed under the Apache 2.0 License.

Release History

VersionChangesUrgencyDate
v0.21.0# 🚀 **ToolHive v0.21.0 is live!** This release removes deprecated CRD fields ahead of v1beta1 API promotion, adds Cedar role-based authorization support, introduces new registry API endpoints, and fixes several bugs including OTLP endpoint path encoding and operator reconcile loops. ## ⚠️ Breaking Changes - **Inline `telemetry` field removed from MCPServer and MCPRemoteProxy** — manifests using `spec.telemetry` must migrate to `telemetryConfigRef` with an MCPTelemetryConfig resource ([High4/16/2026
v0.20.0# ToolHive v0.20.0 Release Notes **Released**: 2026-04-14 **Full Changelog**: [v0.19.0...v0.20.0](https://github.com/stacklok/toolhive/compare/v0.19.0...v0.20.0) --- ## Breaking Changes ### 1. GroupRef changed from bare string to typed struct ([#4809](https://github.com/stacklok/toolhive/pull/4809)) **Impact**: All users deploying `MCPServer`, `MCPRemoteProxy`, `MCPServerEntry`, or `VirtualMCPServer` CRDs with a `groupRef` field. The `groupRef` field on all four CRD types chanHigh4/14/2026
v0.19.0<!-- Release-Triggered-By: reyortiz3 --> ## Breaking Changes > **Action required before upgrading.** Review each item and apply the migration steps. ### [Operator] Remove `enforceServers` and image validation from `MCPRegistry` (#4776) The `enforceServers` feature and its image validation logic have been removed from the `MCPRegistry` CRD. This feature was silently non-functional since PR #2568 removed the backing data sources — the registry-storage ConfigMap it depended on was never pHigh4/13/2026
v0.18.0<!-- Release-Triggered-By: jerm-dro --> ## What's Changed * Add per-user rate limit types and limiter support by @jerm-dro in https://github.com/stacklok/toolhive/pull/4692 * Route MCP sessions to the originating backend pod using httptrace by @yrobla in https://github.com/stacklok/toolhive/pull/4673 * Fix health-check close failing auth in vMCP BackendClient by @yrobla in https://github.com/stacklok/toolhive/pull/4613 * Add LRU capacity to ValidatingCache, remove sentinel pattern, add storage High4/10/2026
v0.16.0<!-- Release-Triggered-By: reyortiz3 --> # v0.16.0 - CRD API stabilization, token-bucket rate limiting, MCPServerEntry, and Redis HA session improvements This release continues the operator API stabilization track — hardening CRD field types, merge semantics, and condition naming before the v1beta1 promotion — while shipping the first pieces of rate limiting and MCPServerEntry as zero-infrastructure remote server references. Redis-backed session storage gains cross-pod restore and expiry coHigh4/8/2026

Dependencies & License Audit

Loading dependencies...

Similar Packages

toolhive-registry-serverAn API server that implements the official MCP Registry API, providing standardised access to MCP servers from multiple backends, including file-based and other API-compliant registries.v1.2.0
tekmetric-mcp🔍 Ask questions about your shop data in natural language and get instant answers about appointments, customers, and repair orders with Tekmetric MCP.main@2026-04-21
openclaw-codex-agentImplement a contract-first dev workflow that plans, runs, verifies, and fixes code tasks for reproducible, auditable, and verifiable development.main@2026-04-21
mcp-devtoolsA modular MCP server that provides commonly used developer tools for AI coding agentsv0.59.53
olbHigh-performance zero-dependency L4/L7 load balancer written in Go. Single binary with Web UI, clustering, MCP/AI integration. 8.5K RPS, 39 E2E tests.v1.0.0