Context
In production, MCP_PLATFORM_DOMAIN=mcpruntime.org currently derives:
- Registry:
registry.mcpruntime.org
- MCP traffic:
mcp.mcpruntime.org
We should also expose the dashboard/admin UI on a dedicated platform host:
- Platform UI:
platform.mcpruntime.org
This should be the primary user/admin entrypoint for managing MCP Runtime resources, access grants, sessions,
observability links, and platform status.
Proposal
When MCP_PLATFORM_DOMAIN=<domain> is set, derive:
MCP_REGISTRY_INGRESS_HOST=registry.<domain>MCP_MCP_INGRESS_HOST=mcp.<domain>MCP_PLATFORM_INGRESS_HOST=platform.<domain>
Then configure the bundled mcp-sentinel UI ingress to serve from:
https://platform.<domain>/
For example:
https://platform.mcpruntime.org/
## Requirements
- Add config/env support for MCP_PLATFORM_INGRESS_HOST.
- Default it to platform.<MCP_PLATFORM_DOMAIN> when MCP_PLATFORM_DOMAIN is set.
- Update TLS certificate generation to include platform.<domain> as a SAN.
- Update mcp-sentinel UI ingress to use host-based routing for platform.<domain>.
- Keep existing local/dev path-based behavior working.
- Document required DNS records:
- registry.<domain>
- mcp.<domain>
- platform.<domain>
- Update setup output to print the platform UI URL.
- Update AGENTS.md debugging notes for platform UI DNS/TLS/ingress checks.
## Validation
With:
export MCP_PLATFORM_DOMAIN=mcpruntime.org
mcp-runtime setup --with-tls --acme-email <email> --ingress-manifest config/ingress/overlays/prod
The following should work:
https://registry.mcpruntime.org/v2/
https://mcp.mcpruntime.org/<server-name>/mcp
https://platform.mcpruntime.org/
kubectl get certificate registry-cert -n registry -o wide should show the cert Ready, and the issued cert should
include SANs for:
registry.mcpruntime.org
mcp.mcpruntime.org
platform.mcpruntime.org
## Notes
The dashboard should not require users to know internal ingress paths like /, /api, /grafana, or /prometheus on a
raw IP. platform.<domain> should become the stable production entrypoint.Expose dashboard UI at platform.<domain>
Context
In production,
MCP_PLATFORM_DOMAIN=mcpruntime.orgcurrently derives:registry.mcpruntime.orgmcp.mcpruntime.orgWe should also expose the dashboard/admin UI on a dedicated platform host:
platform.mcpruntime.orgThis should be the primary user/admin entrypoint for managing MCP Runtime resources, access grants, sessions,
observability links, and platform status.
Proposal
When
MCP_PLATFORM_DOMAIN=<domain>is set, derive:MCP_REGISTRY_INGRESS_HOST=registry.<domain>MCP_MCP_INGRESS_HOST=mcp.<domain>MCP_PLATFORM_INGRESS_HOST=platform.<domain>Then configure the bundled
mcp-sentinelUI ingress to serve from: