MCP Server Registry

[alexhancock]

Pre-submission Checklist

• I have verified that this discussion would not be more appropriate as an issue in a specific repository
• I have searched existing discussions to avoid duplicates

Discussion Topic

The purpose of this is to sketch a baseline set of required functionality for a public industry standard registry of MCP Servers. A number of sites have popped up in recent months. For example:

https://mcpserver.cloud/
https://mcp.run/
https://smithery.ai/
https://block.github.io/goose/v1/extensions/

While there is value in different server browsers and client integrations for MCP, there will be additional value in a “single-source-of-truth” registry containing the metadata about MCP servers themselves. Right now each of these sites has its own copy of data, relying on additions by maintainers or contributors. They each present a subset of all available MCP servers globally, and duplicate much of the storage and search logic. Ultimately this presents a fragmented view of what is available to end-users.

In contrast, a single widely adopted registry will be a bedrock resource that higher level tools interfacing with MCP servers can leverage.

Feature Requirements

Global Public API

We need a robust API serving metadata about every server, as well as artifact download URIs, search functionality (via utility and categories), new server publishing, storage, tagging, versioning, etc.

This will allow multiple server browsers / client install flows to emerge, while maintaining and deriving the benefits of a single source of all metadata.

Server Browser

Similar to https://www.npmjs.com/ we should have a standard server browser that implements and exposes a UX for these feature requirements. This is not to say we will discourage other browsers, but that to pair with the global public API there should be at least one officially maintained server browser.

Curation and Segmentation

There should be support in the API and UX for browsing MCP servers of notable utility (popular, most installed, new this week) as well as specific categories for the services they connect to (finance tools, fitness, wellness, etc).

Security

Security should be taken as a first class consideration in the registry. We should implement automated code scanning looking for traditional CVE (common vulnerabilities & exposures) as well as analysis specific to MCP servers (adherence to authorization spec, scanning for prompt injection, etc) that will become more clear over time. The global public API should also be protected against publishing / DDoS attacks.

Further Exploration

Unified Runtime

We could explore a unified runtime for MCP servers (a la npx) that would work for MCP servers written in any language. This would simplify the installation and usage flow for client integrators.

[jspahrsummers]

Thanks for writing this up! I'm increasingly feeling like this is the right path forward too.

Before, I had been reluctant for us to undertake this because it felt like building npm/pypi from scratch—but actually, if we assume the continued use of package managers' own registries, we can make this strictly a metadata service about servers. That dials the complexity and security risk way down. We could also integrate something like socket.dev to provide some basic level of security assessment about the underlying packages.

Does it sound right that we should require packages to be published to some underlying registry first (npm, pypi, Docker), and then they should be explicitly submitted/registered with the metadata registry afterward?

[alexhancock]

Excellent

Does it sound right that we should require packages to be published to some underlying registry first (npm, pypi, Docker), and then they should be explicitly submitted/registered with the metadata registry afterward?

Yes, I agree. This could potentially offload quite a bit of responsibility in storage etc as well.

[Mehdi-Bl]

MCP servers utilize many platforms beyond Python and JavaScript/TypeScript scripting. I've observed implementations in Golang, Rust, Java, and C#.
Docker would be ideal, but most users don't employ it. Docker would also be limited for mobile applications. Many tools remain unpublished and exist primarily as scripts. Entry points vary widely—sometimes even using Makefiles.
This creates an environment without standard artifacts like those found in NPM, PyPI, or Docker registries. The ecosystem is highly fragmented. Without artifacts, there are no checksums either.
How can we meaningfully discuss a registry in this context? Scripts have diverse entry points and setup procedures. Even within Python, developers might use venv, uv, or raw Python. Additionally, scripts require different parameters through arguments and environment variables, not to mention tokens and secrets needed for tool setup.
In enterprise environments, validating artifact sources and preventing supply chain issues is critical. How can we accomplish this with scripts? The official list at https://github.com/modelcontextprotocol/servers presents a mixed collection.
Would a directory with metadata be more appropriate?
What value would such a directory provide without standardized installation processes in the metadata? Or should we consider restricting it?
Another consideration is the communication method: STDIO versus SSE. With OAuth now implemented in MCP, SSE could even function as SaaS. So you have:

STDIO (local)
SSE (local)
SSE (remote)

Each local setup introduces its own complexity regarding artifacts, signing, and supply chain security.
Scanning tools might be effective for Python and NPM code, but they would be limited for Golang, Rust, C#, or C++, where compiled code is inherently obfuscated.
Many tools are written by AI without rigorous code reviews. STDIO would present minimal attack surface, but SSE introduces greater risk due to its remote nature. Some SDKs aren't officially vetted by the MCP team.
Eventually, MCP might be ported to mobile platforms, further fragmenting SDKs, tools, and packages. While mobile could rely on SSE, one of MCP's key advantages is local access to files and data. Therefore, STDIO deployment on mobile seems likely.
Consider a future scenario where Anthropic offers MCP tools in the Claude Desktop UI. How could they vet tools they didn't create themselves? Already, some tools are broken or buggy, raising security concerns.
Relying on NPM, PyPI, or Docker for trust is problematic. Docker offers no security guarantees, as flawed images can be pushed without issue. NPM and PyPI perform some scanning for code obfuscation, but what about Rust, Go, C#, and C++ binaries?
Remote SSE setup would be relatively straightforward as it would primarily involve APIs. The main challenge concerns local setups.
We need to develop proper packaging and one-click deployment solutions.
Cline has adopted a "marketplace" approach that lists GitHub URLs and uses models to fetch information, leveraging AI for installation. This isn't particularly standardized.
A similar approach exists with the MCP-installer—an MCP that leverages AI for installation.

[Mehdi-Bl]

And I forgot in the above the mutliplatform side:
Linux/Windows/Mac
X86/ARM

For now until we have the mobile, if that happen one day. But I see already Kotlin SDK kicking.

[Jeff-Bouchard]

Wish Granted .. I also think it's a good thing
https://www.docker.com/blog/announcing-docker-mcp-catalog-and-toolkit-beta

[tadasant]

I agree with the opportunity here, namely to create a "single source of truth" of all the MCP servers out there and deduplicate all the effort being made to identify and collate what's been built.

Definitely agree on having a global, public API for providing access to this bedrock data.

Also agree that reimplementing npm/pypi is out of scope -- leave the source code hosting to those solutions.

I also like the idea of a base "Server Browser" implementation, with allowing the market to potentially improve on the "server discovery UX" by implementing their own take on top of the global, public API.

I'm not as sold on "curation and segmentation", "security", or "unified runtime" as something that should definitely be solved within the registry. I think this could potentially be separated out and be concerns tackled by third party "Server Browsers" - of which the native official "Server Browser" is just a simple implementation that does not offer much in the way of opinionated tags or security guarantees. But maybe we could take these on a case by case basis after an initial official registry exists.

Does it sound right that we should require packages to be published to some underlying registry first (npm, pypi, Docker), and then they should be explicitly submitted/registered with the metadata registry afterward?

I think this should be true for open source packages that are meant to run on a local machine. But I think this "centralized registry" solution should also accept closed source, SSE server submissions.

[tadasant]

Fundamentally, I think the big initial value-add here of centralizing the single source of truth is that:

• Server creators would have a single place to submit and manage metadata about their creation, rather than having various directories compete for their loyalty and attention
• MCP clients and other directory-like consumers of server metadata would be able to programmatically hook into this. Some might choose to read it all, some might choose just a subset

The curation/security/runtime ideas would be nice to have but not necessary to achieve these two benefits^

[jspahrsummers]

Agree with most of these points! However, not sure about this:

I think this "centralized registry" solution should also accept closed source, SSE server submissions.

I see the value in being able to offer a directory for things like this, but OTOH it introduces a lot of risk (security, privacy, and others) to permit servers that are hosted but whose implementation isn't available to look at somewhere.

[tadasant]

but OTOH it introduces a lot of risk (security, privacy, and others) to permit servers that are hosted but whose implementation isn't available to look at somewhere.

I agree that the risk is something that needs to be addressed. My pitch would be to build around mitigating the risk rather than avoiding it, because I think reducing the friction to set up/maintain servers - supporting using servers over HTTP - is important to broadening MCP adoption.

Some sources of inspiration:

• Borrow from the discussion on server/tool risk level. If we do land on delegating the risk analysis to MCP client implementations, we could still offer protocol level guidance in suggesting treating stdio differently from SSE (e.g. different tiers of required user-approvals for SSE vs. stdio based servers).
• Borrow from macOS's Gatekeeper/Quarantine implementations (and other OS equivalents). This feels a little heavy-handed, in that those are the way they are because the app code has local-machine-level access in a way that SSE servers wouldn't.
• Go full-blown iOS app store model: officially certify and host all the code that comes through. I don't think that's practical for a number of reasons, but maybe there is some lightweight inspiration we could take from it. e.g. rather than certify the code, certify the organization that writes or hosts the code.
• I know the idea of adopting WASM (i.e. mcp.run's approach) has been thrown around. I'm not super familiar with WASM tech but perhaps that's an alternative path to dodging the current friction present in configuring stdio-based servers. But probably a much broader discussion than that of this registry.

Some specific paths forward, which I think could all be explored in parallel with still collecting SSE URL's into the registry:

• Delegate to hosting providers. We collect and publish SSE URL's with appropriate qualifications ("these are untrusted, untested"). Some hosting providers will emerge. We work with the hosting providers to assure some level of verification that the code they are hosting on behalf of their clients are not malicious, and then mark those servers verified as such.
• Delegate to MCP clients. Provide guidance but ultimately leave it up to host app developers for how they want to manage this risk. e.g. if it's a host app built by Block, then anyone using it is of course going to trust HTTP requests going to https://block.xyz, and only the host app really knows that.
• Bake more transparency of domains/paths of invoked HTTP calls into the spec. Maybe just an offshoot of the MCP client delegation direction, but the thought here is that: fundamentally, the only thing we know about SSE URL's is the domain/path where data is getting sent, then after that it's a black box. So exposing some sort of ability to e.g. "do you trust domain.com to whitelist all calls to it?" (on top of existing tool-level "do you want to use this tool" approval controls) could be a helpful lever for clients to leverage in surfacing to their users.

[alexhancock]

Great back and forth here!

Regarding closed source SSE addressable servers being part of the registry, I lean more towards not representing a server where there isn't a publicly available implementation in the public registry as @jspahrsummers said. But I could be convinced if we do feel it's critical to include them!

Some ideas for guardrails that wouldn't be a full requirement of a public/scannable implementation:

1. Require the registrant initially or periodically submit the closed source codebase for security scanning, and try to devise a way to verify they are serving a codebase that has passed a scan.
2. At least make it clear to users browsing servers that closed source servers are a different thing in terms of our ability to provide helpful security guarantees about the nature of the code, and so they connect to them at their own risk.

rather than certify the code, certify the organization that writes or hosts the code

This also sounds good as it would allow companies to expose servers as public APIs for their own services without an open implementation and still give the user some degree of confidence it's from the verified source.

To me it's just about trying to bake in as many helpful guarantees to users as we can, and building with good security principles in mind from day one.

I am interested in further discussion 👍

[bdoyle0182]

I mean, what is the standard for discovering a website / server today? Does closed source sse servers need to be in a registry or something that can just be handled by traditional information retrieval of web search? Feel like that's a bit of reinventing the wheel and server owners can integrate with existing web discovery mechanisms

[brianthompson-sarcat]

My recommendation would be that there be a standard json/yaml specification and or configuration file that is used that is implementation agnostic (Think terraform). That standardized spec/config is converted by MCP server implementations into a functional service. Industry originating specs/ configs could then be published for deployment on any MCP server service package

Its really inhibitive for each server developer maintain multiple versions that are not readily extensible and for developers / service deployers to not have this sort of modular approach.

This approach calls for the following:

• a standardized file syntax and structure (file aggregate*)
• a representative interpreter (could be packaged or coupled with a server service package - basically converts the spec/config into functional code in the server service package)
• a server service package ( industry / public FOSS) that implements the standard spec/config
• client facing specification standard (like swagger but for MCP)
• client app

In addition to the value added circumstances that everyone mentions above, this approach could stream line adoption and get us out of a proprietary / snowflake solution trajectory (which is where it seems this could go).

[tadasant]

Correct me if I'm misunderstanding your proposal, but it sounds like this:

That standardized spec/config is converted by MCP server implementations into a functional service.

Is very different than @alexhancock 's suggestion of a centralized metadata service. If every server is responsible for serving its own configuration file, then we'd still have the problem of all these third party server-discovery scrapers duplicating effort and fragmenting the ecosystem.

Perhaps your commentary here is a better fit for the .well-known/mcp discussion. Though I do think that discussion and this one are intertwined; if we have this centralized metadata service, I'm not sure we still need the .well-known file/directory. Or at least we don't need it focused on the same "discovery" purpose that other discussion started with.

[orliesaurus]

+1 to have an official place where people can submit their servers, clients etc.
This should be hosted under modelcontextprotocol.io or one of its subdomains.
It's frankly quite crazy to think that I have to submit my server to 4-5 different websites manually for them to be picked up by Google/SEO so that people can discover them, additionally I noticed that when I push an update to my own MCP server, not all website "pull" the update from the Github repo (where I host it/open source)

[alexhancock]

All good responses here. Thanks for the thoughtful commentary and ideas @tadasant!

I'm pretty aligned and look forward to figuring out a more specific plan soon. I'll be on vacation a few days beginning tomorrow, but back full time from next Wednesday.

[devnomad-byte]

bro, look at my design

Architecture (Text Diagram):

+-------------------+  
|  Service Client   |  
|  (SSE Subscriber) |  
|  - Pulls service  |  
|    list           |  
|  - Receives real- |  
|    time updates   |  
+-------+----------+  
        |  SSE Event Stream (text/event-stream)  
        v  
+-------------------+  
|  MCP Service Hub  |  
|  (Single-Node)    |  
|  Core Features:   |  
|  1. Service Registry |  
|  2. Health Checks    |  
|  3. SSE Push Engine  |  
+-------+----------+  
        |  REST APIs (Register/Unregister)  
        v  
+-------------------+  
|  MCP Server Nodes |  
|  (Providers)      |  
|  - Register on    |  
|    startup        |  
|  - Send heartbeats|  
+-------------------+  

https://github.com/orgs/modelcontextprotocol/discussions/159#discussioncomment-12624829

[calclavia]

Maintainer of Smithery AI here!

I would definitely want to be kept up to date about MCP's official plans as Smithery currently offers both hosting and registry of MCPs. Open to discussing any potential integrations/collaborations that might deduplicate work.

Our registry API: https://smithery.ai/docs/registry

[sean-roberts]

I believe the issue of registry fragmentation of having different registries of various levels of support and awareness is real. I'd also suggest that this might be duplicative of the discoverability topic. Though to offer a differing opinion to consider here... Registries are expensive to build and maintain with very little hope for revenue gen (I know this from experience and from discussions with NPM founders), this is what makes them hard to continue maintaining at scale. Propagation of MCP servers are not remotely to the point of "scaled" where this will be a challenge. So perhaps the "registry fragmentation" problem is a problem that will naturally go away unless someone can figure out a path to monetize the ability to support these at scale. To put it directly, I fully expect these registries to fall away as expenses build (though I do wish for everyone's efforts and ventures to be successful). So my suggestion would be not to create a cloud service for this discoverability but to lean into systems like GitHub, NPM, etc. to provide a way to openly capture, list, and publish updates to this list - take that as far as possible. Those that need it are technical teams and can easily sync from there. That should provide a long-term viable way to support these systems even as the lists start to hit a level of actual scale.

I also believe there are differing needs for MCP servers and I do not believe that, architecturally, MCP clients should have the breadth of all MCP servers available to use at the ready on disk. While a registry that can be stable and cost-effective for clients to sync to is a good initial solution, we will need to consider how to determine the context directories that always need to be available and what should be sourced on demand. For example, if I create an MCP server for a local service in town, I don't expect anyone to need that constant knowledge of its existence. I expect that leaning into the web as the on-demand system for that would be ideal.

What happens when there are 100k MCP servers, 10 million, 100m, more? Then the multiple of times that content needs to sync? Not suggesting we build for that scale now but preparing for the ideal outcome that this pattern takes hold means expecting these numbers.

[geoffsmith82]

I think a good start would be to have a defined path on the local machine that can be used to store basic configuration info... command to execute, and or server address. Just have it so a json or yaml file could be dropped in it so the various utilities could scan when they startup and find mcp's that they could use. So Claude Desktop could see a new MCP has been installed, and Cursor could both see something has been installed for example.

[zanetworker]

Have we explored existing standard formats like OCI? This can, out of the box, allow servers to be adopted by existing container registries (e.g., Quay, Dockerhub, ECR, and Github container registries). I.e., one standard vs. one registry.

[Mehdi-Bl]

OCI is over kill and and manifests should have install steps to standarise install.

[aigchacker]

I believe the biggest directory site is still https://mcp.so

[LarsKemmann]

There are two categories of use cases here, and I think much of the discussion is missing that critical distinction (@sean-roberts points out the issue). The problem is likely because we're all developers, in many cases using MCP to build tools for ourselves where we know exactly which MCP servers we want to install (if only we had a registry). But we're not the only target audience for MCP; in fact, I'd argue we are the least important (at least in terms of audience size).

MCP, by itself, solves the problem of how to enrich a user agent with structured interaction capabilities, with a very precise level of control as opposed to the more general agents.json-esque approach. There's real value in exposing structured and secured interactions, regardless of enterprise or consumer use case. But unlike MCP servers for enterprise scenarios like software development, the interactions in most consumer use cases will depend almost entirely on the user's browsing context (how many apps do most people actually install on their devices?), and it's impossible to maintain a registry of all of those interactions. For example, imagine a world in which every WordPress site offers an MCP server for commenting on blog posts (perhaps as a site-specific link to a multitenant MCP server hosted by Automattic's Jetpack service, for example). Yahoo! tried to build a portal for the entire web in the '90s, but Google had the right idea: present search results using metadata ( tags, in this case) that are published by the websites themselves and that any search engine could use.

For enterprise scenarios, by all means, define a registry protocol and let different registries try to establish themselves. I'm sure GitHub Enterprise, Azure DevOps, and the rest will be interested in building a package feed for MCP servers according to whatever standard you choose. WASM as a common target makes sense to me, for what it's worth. Also, insisting on open-source isn't likely to be as helpful as people think—the xz Utils backdoor for example was fully open-source.

However, for the everyday AI and consumer scenarios, Anthropic and the MCP community need to embrace the Google philosophy of relying on the open web. I don't know enough to state which approach is best, and there are several competing would-be standards vying for attention (agents.json being one recurring theme), but discovery of arbitrary servers and APIs (which may not have an MCP server defined) via structured AI-oriented metadata—and then progressively enhancing those connections with MCP when it's available—is a far more impactful strategy in the consumer space.

EDIT: I should clarify that I'm both saying more focus needs to be placed on the discovery discussion and also that restricting MCP servers to being open-source, or in some language or other, is self-defeating when dealing with a world where every website potentially comes with one or several MCP servers. Registries are helpful for enterprise/developer local uses, but not for the broader world of consumer AI.

[devnomad-byte]

bro, look at my design

Architecture (Text Diagram):

+-------------------+  
|  Service Client   |  
|  (SSE Subscriber) |  
|  - Pulls service  |  
|    list           |  
|  - Receives real- |  
|    time updates   |  
+-------+----------+  
        |  SSE Event Stream (text/event-stream)  
        v  
+-------------------+  
|  MCP Service Hub  |  
|  (Single-Node)    |  
|  Core Features:   |  
|  1. Service Registry |  
|  2. Health Checks    |  
|  3. SSE Push Engine  |  
+-------+----------+  
        |  REST APIs (Register/Unregister)  
        v  
+-------------------+  
|  MCP Server Nodes |  
|  (Providers)      |  
|  - Register on    |  
|    startup        |  
|  - Send heartbeats|  
+-------------------+  

https://github.com/orgs/modelcontextprotocol/discussions/159#discussioncomment-12624829

[bdoyle0182]

heavily +1 to this and far more descriptive of my comment here. We don't need to reinvent information retrieval and search for remote endpoints w/ search engine / page rank / personalization etc, it's a thirty year solved problem. For installing and running software yourself, of course a version controlled registry makes sense

[larryhopecode]

For technical or dev use, a npmjs like + CLI should be the key. Single point of truth with good version control is beneficial.
However, for common desktop client user, they might need different kind of forms of representation, ranking, hot-list even personalize bookmark and so on. That is a different story.

[devnomad-byte]

Proposal: Service Registration & Dynamic Push Mechanism for Model Context Protocol (MCP)

---

What is it? (Concept Overview)

This proposal introduces a Service Registration Hub to MCP, enabling dynamic discovery and management of MCP servers via Server-Sent Events (SSE).

Architecture (Text Diagram):

+-------------------+  
|  Service Client   |  
|  (SSE Subscriber) |  
|  - Pulls service  |  
|    list           |  
|  - Receives real- |  
|    time updates   |  
+-------+----------+  
        |  SSE Event Stream (text/event-stream)  
        v  
+-------------------+  
|  MCP Service Hub  |  
|  (Single-Node)    |  
|  Core Features:   |  
|  1. Service Registry |  
|  2. Health Checks    |  
|  3. SSE Push Engine  |  
+-------+----------+  
        |  REST APIs (Register/Unregister)  
        v  
+-------------------+  
|  MCP Server Nodes |  
|  (Providers)      |  
|  - Register on    |  
|    startup        |  
|  - Send heartbeats|  
+-------------------+  

---

Why is it like that? (Design Rationale)

1. Centralized Service Discovery

• Problem: Manual configuration of server lists limits scalability and flexibility.
• Solution: A registry hub centralizes server metadata (IP, port, health status), reducing dependency on static configurations.

2. Real-Time Updates via SSE

• Problem: Clients cannot dynamically adapt to server changes (e.g., new nodes added/removed).
• Solution: SSE pushes updates instantly to clients (e.g., INSTANCE_ADDED, INSTANCE_DOWN), eliminating the need for polling.

3. Simplified Health Management

• Problem: Server failures go undetected until clients attempt connections.
• Solution:
  • Heartbeats: Servers send periodic pings (e.g., every 5s).
  • Auto-Demotion: If a server misses 3 heartbeats, it is marked unhealthy and excluded from client lists.

4. Single-Node Implementation

• Why: Reduces complexity for MVP testing while maintaining core logic.
• Scalability: Future clusters can adopt this design with distributed storage (e.g., Redis).

---

How does it work? (Technical Implementation)

1. Service Registration Flow

Server Startup → POST /register (IP:Port) → Hub stores metadata → SSE broadcast to clients  

2. SSE Subscription for Clients

// Client subscribes to service updates  
const eventSource = new EventSource('/sse?service=mcp');  
eventSource.onmessage = (event) => {  
  const data = JSON.parse(event.data);  
  updateServiceList(data); // Update local server list  
};  

3. Heartbeat & Health Checks

• Server: Sends PUT /heartbeat every 5 seconds.
• Hub:
  • Marks a server as unhealthy after 15s of no heartbeat.
  • Removes it from registry after 30s of inactivity.

4. Client-Side Adaptation

• Initial Load: Fetches the latest server list via GET /services/mcp.
• Dynamic Updates: Automatically reconnects to healthy servers when failures occur.

---

Design Philosophy (Design Philosophy)

• User-Centric: Reduces developer effort by automating server discovery.
• Fault-Tolerant: Built-in health checks ensure clients avoid unhealthy nodes.
• Future-Proof: SSE aligns with modern web standards and scales to distributed systems.

---

Value Proposition

• Flexibility: Add/remove servers without code changes.
• Real-Time: Clients react instantly to infrastructure changes.
• Cost-Effective: Single-node setup requires minimal resources.

---

Next Steps

1. Community Feedback: Discuss implementation details (e.g., heartbeat interval, SSE API design).
2. Prototype: Open-source contributors can build this as a standalone module.

---

GitHub Profile: aliyun1024qjc

[kevklam]

I don't know if I'm missing something, but it sounds extremely overengineered to me. As a user, I don't want my personal AI assistant to automatically pick up every MCP that Joe in their basement pushed somewhere on the internet. I want to interactively pick and choose reputable ones from a list that I trust, and that list only needs to be queried once when I open up a 'marketplace' dialog.

I also don't think the health check/heartbeat protocol is useful. Most web services of any significant adoption/scale are not just one server that is either 'up' or 'down'. They're hundreds/thousands/millions of servers constantly going in and out of rotation across dozens of globally distributed datacenters. A service being 'down' for one user doesn't mean it's 'down' for another user. And even then, it's not like as a user I'd want an MCP that I 'installed' to uninstall itself as soon as it had a 5 minute outage.

[devnomad-byte]

I want to emphasize my earlier point: we need to consider the requirements for private registration centers in enterprise environments, rather than centralizing all MCP servers in a single public registry.

From our practical experience, enterprise users have strict requirements for security and control. In actual deployments, they typically don't allow AI assistants to connect freely to services on the internet, but rather prefer a strictly vetted and controlled list of trusted services.

I agree with @kevklam's point that an over-engineered central registration system indeed has issues. Users should be able to choose trusted services independently, rather than passively accepting all available options. This is especially important for enterprise users.

We should consider establishing a standardized "feed protocol" specification that allows:

1. Organizations to maintain their own private MCP service registries
2. Different service discovery strategies for various security levels and application scenarios
3. Preservation of users'/administrators' ultimate control over service selection

Regarding health checks, I similarly believe that simple up/down detection has limited value. The complexity and regional differences of modern service architectures make single status indicators insufficient for accurately reflecting service quality.

In conclusion, we should avoid building an overly centralized global registry, and instead focus on creating a flexible registration protocol standard that supports distributed management, allowing enterprises and organizations to maintain and manage their trusted MCP service lists according to their own requirements.

[raphaelkieling]

I liked this idea. I was sketching something to build for my internal team and randomly came across this thread. In my opinion, there are a few ways to approach this — especially when thinking about companies with multiple areas or teams:

Just some random ideas I was exploring — feels a bit related to your "enterprise" topic.

---

1 - MCP Builder

Proposal

Each team creates its own MCPs and Tools, being responsible for handling incoming/outgoing requests. That includes exposing endpoints like /sse or /message and translating MCP Client calls to standard REST APIs.

This "builder" layer would simplify the process for teams to expose their existing APIs, without changing MCP internals. Would be a UI where you can build those translations from MCP → REST.

After write this, maybe a terraform like way to deal with this is valid, like defining

Positive Points

• Easy integration for teams using REST-based systems.
• Decouples MCP implementation from API design.
• Enables gradual adoption of the MCP ecosystem.
• Centralized auth

Negative Points

• Needs to manage all stateful MCP Servers.
• Additional infrastructure layer to maintain.
• Complexity increases without Streamable HTTP (pending proposal).

---

2 - MCP Discovery

Proposal

Teams register their MCPs with metadata like scope, authentication type, repository, etc.
A centralized discovery service exposes a proxy that routes requests to the appropriate MCP. This proxy also helps abstract internal access (e.g., private VPN).

Positive Points

• Centralized auth
• Centralized control and visibility of all MCPs.
• Easier for gateways to find compatible MCPs.
• Unified access format, regardless of internal location.

Negative Points

• Requires teams to keep metadata up to date.
• Adds one more layer in the request flow.

Example endpoints:

• GET /discovery?area=SUPPORT
  → Returns only MCPs from the SUPPORT area

• GET/POST /discovery/{mcpId}/proxy/**
  → Exposes all routes like /sse, /message, /mcp, etc.
  → This is the endpoint that the MCP Client would use.

[devnomad-byte]

I think excessive design of mcp registry will lead to complex design, what we need to do now is to improve the mcp ecology instead of excessive design, your proposal is very good, I like the same idea as mine, what I don't understand is that they don't understand my plan

[Jeff-Bouchard]

"Positive Points
Centralized auth
Centralized control and visibility of all MCPs."

wat? perhaps a typo .. these are the complete opposite of positive

We will propose exactly the opposite while keeping Governance using blockchain and decentralized web2 protocols.
proposal is ongoing writing but we leverage Emercoin NVS and specifically EmerDNS/SSL and SSH.

[leoooven]

We are discussing whether this is a server directory similar to Docker Hub or a registration center that supports hosts in dynamically discovering servers. Personally, I believe an authoritative server directory is very useful, but a unified registration center is not very reasonable. However, the dynamic registration and discovery of servers can be part of the MCP protocol specification, used to guide the construction of privately deployed MCP clusters.

[Jeff-Bouchard]

can be decentralized DNS records and decentralized names (registry.mcp and subdomains.
Everybody can create subdomains but only the expressly defined as SD= record on the parent DNS subsystem will ignore it so there's governance about what SD to "enable" . The rest stays as unofficial and can be flagged if malicious.

[kevklam]

A couple points I'd like to make:

A grand central registry, vs a registry protocol/spec

Coming from the enterprise world, I believe that you're going to want to support multiple "feeds" (so that an IT admin can provide a list of known and vetted MCPs), but (a) standardize what a 'feed' looks like so that apps can build marketplaces/MCP pickers on top of feeds, and (b) provide an 'official' feed that the majority of MCP makers will publish their work to and that the majority of non-enterprise users will use by default. I believe @LarsKemmann was also suggesting something along these lines.

Trying to 'own' the only registry in the world would both create a very attackable single point of failure and alienate most of the enterprise industry.

Local vs Remote MCP servers

I feel that the majority of this technical discussion is only complicated because MCP servers are currently all local and therefore there needs to be a story for somehow getting the server onto the user's local machine and running on whatever platform they use.

If you shelve that discussion for the time being, all you really need for a registry of remote MCP servers is something like a feed of endpoint URLs and descriptions. And I suspect remote servers are going to be the preferred tech for web services, for a variety of reasons. I'm not sure how many legitimate use cases there are where a local MCP server is the better choice - basically things like local filesystem access, local access to settings, screen contents and hardware (cursor, sound, network etc). Whereas there are hundreds/thousands of websites/web services that will potentially want to integrate with LLMs and be better served by remote MCP since those will be better able to integrate with both web and desktop based LLM apps.

This seems like it would be much simpler/cheaper to design/build/maintain, and could be stood up pretty quickly (once remote MCP's become a reality). Local MCP servers could even be split out into their own separate registry/package manager that you build at some later date - I don't see any real benefit to combining the two.

[kevklam]

Ah - I see most of this is already the direction being taken in the "discovery" topic - seems like good discussion happening there. https://github.com/orgs/modelcontextprotocol/discussions/84

[Jeff-Bouchard]

"Trying to 'own' the only registry in the world would both create a very attackable single point of failure and alienate most of the enterprise industry."

+1 There can be no "owning", a provably fair and decentralized governance is a must in this post-truth, post-trust world.
we propose to use EmerNVS and web2 subsystem, it's BTC/BCH/BSV backed security by AuxPoW, nothing can rewrite that. Many have tried in the last 13 years of it's existence...

[guillaumedesmartin]

Hi Everyone,

Agreed on the remote MCP servers. Is there a way to be sure an MCP server is secure, by the way? Some are asking for API keys, while we don’t really know who has published the MCP server (even in the case of common Google APIs, for instance).

Great to hear from the community on this as well

Best,

Guillaume

[kevklam]

I suspect the issue will go away with a combination of:

1. Web services creating their own remote MCP servers
2. In-app integration/implementation of an 'install MCP server' experience

You enter the URL of the service itself (e.g. google drive website, so you know it can be trusted) or choose it from a marketplace from within your LLM app (claude, chatgpt etc); it pops a login window that asks you for consent for the LLM app (as opposed to consent for the local MCP server published by someone random) to access your data in that service; click OK and it's done.

Before these things become a reality, your only real option is to inspect the code of the MCP in github.

[Jeff-Bouchard]

Yes a public key on a public blockchain and corresponding client certificate.
Imo We, as a species didn't came up with anything better yet; standard-compliance is paramount

[fjm2u]

How about taking a decentralized approach similar to the Fediverse? Since MCP is a protocol, centralizing its index would just create a single point of failure, defeating many of its advantages. It seems unwise to put the future of MCP in the hands of just one administrator.

[Jeff-Bouchard]

+1 Thanks I was feeling lonely

[cooco119]

What about just using the github url for the source of MCPs like golang and have the make a registry of MCPs like pkg.go.dev?

# golang
go get -v github.com/modelcontextprotocol/example-app

# mcp style?
mcp get github.com/modelcontextprotocol/example-app

I was actually building something similar to MCP(hyperpocket) with my team and moving on to the idea for extending MCP cause you guys seem to become the standard now.

But sharing the idea and the pain-points that we had, one of them was a debate to have a global registry or just go with github url to pull everything that you can launch - like golang package system.

We've chosen just to use github url and make them searchable on github somehow - in future, we thought about separating just the registry part like https://pkg.go.dev/, but the sources remaining on github.

I'm sharing our example code source

from hyperpocket_langgraph import PocketLanggraph
from langgraph import AgentGraph

# Load tools with Hyperpocket
pocket = PocketLanggraph(tools=[
        "https://github.com/vessl-ai/hyperpocket/tree/main/tools/slack/get-messages",
        "https://github.com/vessl-ai/hyperpocket/tree/main/tools/github/list-pull-requests",
    ])

tool_nodes = pocket.get_tool_node(should_interrupt=True)

# Define the LangGraph workflow
graph = AgentGraph()
graph.add_node("schedule_message", tool_nodes)
graph.connect("start", "schedule_message")
graph.connect("schedule_message", "end")

# Execute the workflow
graph.execute({"channel": "general", "message": "Team meeting at 3 PM"})

P.S. About the need of not just tool prototol interface but unified "execution interface"
To load the tool and execute them, you need a protocol how to initiate and launch a tool - as our approach was to have a containerized runtime of tool and communicate with stdio, as similar as MCP servers, but not on process.

If you go with the pkg.go.dev style, you might want to consider this interface too.

To achieve that, We've made a pocket.json(example - get-slack-messages so that you can define tool schema, install and run scripts.

{
  "tool": {
    "name": "slack_get_messages",
    "description": "get slack messages",
    "inputSchema": {
      "properties": {
        "channel": {
          "title": "Channel",
          "type": "string"
        },
        "limit": {
          "title": "Limit",
          "type": "integer"
        }
      },
      "required": [
        "channel",
        "limit"
      ],
      "title": "SlackGetMessageRequest",
      "type": "object"
    }
  },
  "auth": {
    "auth_provider": "slack",
    "scopes": ["channels:history"]
  },
  "language": "python",
  "entrypoint": {
    "build": "pip install .",
    "run": "python -m get_message"
  }
}

[zhjch05]

What I would request on the metadata part of the registry API is something similar to config json in Smithery: https://smithery.ai/docs/config Where non technical users don't have to understand args, env vars but just put their secrets in a UI form with textboxes. So it will be easier for broader audience to adopt.

[kmghari001]

In this regard, I am currently conducting a security assessment if you have projects to submit in order to contribute to the standardization of good security practices for the MCP. It's fascinating to see how we jump to new protocols without going through the standardization process.but business reasons always take precedence. Have a nice sunday for all Le dim. 13 avr. 2025 à 03:10, Raphael Kieling ***@***.***> a écrit :

…

I liked this idea. I was sketching something to build for my internal team and randomly came across this thread. In my opinion, there are a few ways to approach this—especially when thinking about companies with multiple areas or teams: Just some random ideas that i was thinking, feel that is a bit related to your "enterprise" topic 1 - MCP Builder: Each team can create its own MCPs and tools, being responsible for handling the incoming/outgoing requests. That means exposing endpoints like /sse or /message to clients and translating MCP Client requests to REST APIs. Would be literally a builder, create the translation and make 100% easier to the teams to expose their existing APIs without touch in any MCP code. The downside is that this service would also be responsible for managing all the stateful MCP Servers. Hopefully, the new Streamable HTTP proposal will be released soon to make that easier. 2 - MCP Discovery: Teams can register their MCPs along with metadata like scope, authentication type (some services require specific auth and the LLM gateway for a given area might not have access), repository , etc. This would allow us to expose a proxy that targets the desired MCP. While returning the raw endpoint is possible, having a unified way to access them is more convenient and could hide a private VPN behind it. For example: •GET /discovery?area=AI_TECH&authentication=INTERNAL_ADMIN: Returns only MCPs from the AI_TECH area that also support the INTERNAL_ADMIN auth scope. •GET/POST /discovery/{mcpId}/proxy/**: Exposes all endpoints like /sse, /message, /., this is the endpoint that the mcp client would use. — Reply to this email directly, view it on GitHub <#159 (reply in thread)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADZCZ3BKDIDFVGW3DCPDIF32ZG2RBAVCNFSM6AAAAABV6PEGTKVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTEOBRGYZDONA> . You are receiving this because you are subscribed to this thread.Message ID: <modelcontextprotocol/.github/repo-discussions/159/comments/12816274@ github.com>

[Jeff-Bouchard]

" It's fascinating to see how we jump to new
protocols without going through the standardization process.but business
reasons always take precedence."

+1 and that's gonna cause the downfall of most who does try to invent a parachute after jumping off the plane.
I indeed have a project to submit, proposal not quite ready but I have to acknowledge this post now.
it's Emercoin blockchain EmerNVS with Privateness.network tooling with a World Object Mapper structure based on our github/ness-network/worm
genesis block in dec 2013, blockchain has been running since, backed by AuxPoW with BTC/BCH/BSV "reusing" the PoW makes it more efficient. It should power countless chains but as you said, business reasons take precedence.
We propose a neutral ground where all welcome and governed by consensus

[kdada]

I propose a design for the MCP Server Registry (MSR)。

Principles：

• MSR should focus on service name resolution.
• MSR should provide a hierarchical tree structure for recursive resolution, facilitating enterprises in managing their own service names.
• MSR should describe service metadata, including service description, service address, and authentication methods.
• MSR should remain neutral toward services. An additional Yellow Page can enable similar functionality.
• MSR should not implement a Proxy, as this is the responsibility of software like Nginx.
• MSR should not handle service security (this falls to service providers), but it may offer security inspection tools.

Arch:

 ┌───────────────────┐  ┌───────────────────┐                                                               
 │                   │  │                   │                                                               
 │ MCP Yellow Pages  │  │ MCP Root Registry │                                                               
 │                   │  │                   │                                                               
 └───────────▲───────┘  └───────────▲───────┘                                                               
             │                      │                                                                       
             │                      │Resolve && Register                                                    
             │                      │                                                                       
             │                  ┌───┼──────────────────┐                                                    
             │                  │                      │                                                    
             │                  │ MCP Private Registry ◄────────────────┐                                   
             │                  │                      │                │Register MCP Server Name           
             │                  └─────────▲────────────┘                │                    Description    
             │                            │                             │                    Server Address 
             │                            │                             │                    and etc.       
             │                            │Name Resolve                 │                                   
             │                            │                      ┌──────┼───────┐                           
             │                            │      ┌───────────────► MCP Server 1 │                           
             │                            │      │               └──────────────┘                           
             │Subscribe(Optional)   ┌─────┼──────┤               ┌──────────────┐                           
             └──────────────────────┼ MCP Client ├───────────────► MCP Server 2 │                           
                                    └────────────┤               └──────────────┘                           
                                                 │               ┌──────────────┐                           
                                                 └───────────────► MCP Server 3 │                           
                                                  Auth           └──────────────┘                           
                                                  List Tools                                                
                                                  Call                                                      
                                                                                                                                                                                                

[commit4ever]

I'm not advocating for any vendor or tech but docker just announced https://hub.docker.com/catalogs/mcp and https://www.docker.com/blog/introducing-docker-mcp-catalog-and-toolkit/ and given both private and public registries are std, why this be off docker ?

[Jeff-Bouchard]

control daemon overhead, need root (ok podman thus far) but some people like to get their hands dirty. I don't think any 1 solution should take it all in everything.
edit: but I think it's good news for the standard; this thing just became factors of magnitudes more accessible.

are proposals for registry still open?
I can resume in a few words: decentralized, uncensorable yet governable by dPKI Emercoin blockchain (means decentralized web2 protocols, no web3 panopticon, turing-incomplete no surprises)
Metadata onchain, data on decentralized storage, IPFS, Magnet links, transparent as all handled by EmerDNS RFC-1035-compliant.
We kicked Circle out via UD when they tried to take the .coin tld some may know the saga.
.coin domains are working perfectly btw, cost 0

[Mehdi-Bl]

Docker have a lot of issues like using file system. At lease the tool as separate docker.
I had that for month's and I was strong believer that docker is the right way to ship then moved back fully to dev container, with another more portable setup.
Docker may be good for SSE or similar, but local access sorry no go.

[guruhubb]

Züs-MCP Registry Proposal

It's simple. Any MCP service provider can get permission-less registry and verifiable setup, by using Züs as their storage backend. Since data is at the heart of MCP services, Züs not only stores data securely, but also acts as a built-in registry for service providers, with attributes like provenance and bulletproof security—check out Blimp.software. Züs is an open network, allowing you to self-host storage servers and deliver essentially an on-prem solution.

Here’s the trick:

• WalletID = the organization.

• AllocationID = the specific service (like a dataset).

Since a company can have multiple wallets, and each wallet can handle multiple allocations, it’s a scalable, decentralized, and permission-less system. No need for extra infrastructure or jumping through hoops—you just store your MCP data on Züs and you’re part of the system.

With Blimp.software (to quickly set up wallets and allocations and view data), Zs3server (to work with S3-compatible storage), and Atlus.cloud (to explore the blockchain), everything’s secure, verifiable, and self-sovereign—no central authority needed. Plus, any third-party registry can curate a list of MCP servers straight from the blockchain, filtering by industry, region, or whatever they want.

The Building Blocks

1. Blimp.software

• Your one-click button for creating WalletIDs and AllocationIDs on Züs.
• It’s just a couple of clicks to set up your storage and view/manage your data in one place.
• You can even share folders publicly for anyone to verify your content. There is an option for private encrypted data sharing as well.
• Check it out here.

2. MCP Server

• This is where you run your MCP magic (vector databases, memory, query engines, etc).
• You save data, logs, and model contexts on Züs using Zs3server.

3. Zs3server

• Works just like AWS S3—but decentralized.
• Handles PUT/GET operations for your data at a fast speed, 5x better than AWS.
• See the repo.

4. Atlus.cloud

• The blockchain explorer for Züs.
• You can look up any WalletID or AllocationID to verify the service, its data, and metadata.
• Explore it here.

How It All Flows

Step 1: Set Up Your Wallet & Allocation

• Use Blimp.software to generate a WalletID (for your org) and AllocationID (for your service)—it’s effortless.

Step 2: Store Your MCP Data

• Your MCP Server writes its data, logs, and models to Züs through Zs3server.
• All your data is tied back to your WalletID + AllocationID.

Step 3: Get Verified

• Anyone (including clients or other services) can hop on Atlus.cloud and verify your service, metadata, and history.
• Boom—you’re part of the decentralized MCP registry.

Why Use Züs for MCP?

• Self-sovereign Identity:
  Your WalletID + AllocationID is yours—no need for a central registry.
  Others (like industry registries) can curate server lists from the blockchain.

• Provenance You Can Trust:
  Every change is recorded on-chain, so there’s a clear audit trail as your data evolves.

• Rock-Solid Security:
  Zero-trust, split-key, distributed storage—your data and key are locked down tight and unbreakable.

• ACID Integrity Built In:
  2-phase commits and chained writemarkers mean your data operations are consistent and reliable.

• Blazing Fast Performance:
  Parallel threads make PUT/GET operations faster than AWS S3.

Comparison Table

Feature	Current MCP Registries	Züs-Enhanced MCP
Service Identity	Centralized registry	WalletID + AllocationID (via Blimp)
Discovery	Database or registry queries	Atlus blockchain explorer
Setup Complexity	Requires separate infrastructure	Blimp + Zs3server (quick & easy)
Security Model	Trust-based	Cryptographic (blockchain + zero-trust + split-key + distributed data)
Provenance Verification	Internal logs	Immutable blockchain records

Diagram

Refer to the attached diagram for the visual representation of the architecture.

[Jeff-Bouchard]

Mcp is the future and I am amazed that ZUS could support it.

+1 yes support it, not capture it; First this is 0chain after rebrand and hard fork of their backend private blockchain which is not FOSS.

If you're not familiar with token metrics these two are major Red flags when they show up: minting-enabled is automatic show-stopper when the supply can change unilaterally at anytime and the Top10 owners owning 89% of entire supply is just adding insult to injury.

while I find the system very good technologically, distributed is not decentralized and private blockchains is an oxymoron imo

https://gopluslabs.io/token-security/1/0xb9ef770b6a5e12e45983c5d80545258aa38f3b78

@Jeff-Bouchard there is no vendor lock-in, it's decentralized, and you can self-host. In fact a MSP is already using this system with their customers. IPFS, Arweave and Torrents are old and slow protocols and not enterprise ready. Please use blimp.software first and then let me know.

[Jeff-Bouchard]

edit @guruhubb
I'm just saying that 2 basic common metrics everybody should look at are screaming RUN when they see your Tokenomics.

All Open and Public Registries have sets or rules and guidelines they must (or should) obey/conform to in order to justify Trust in them. I'm not making the metrics bro; I'm coin founder too so I know exactly what they mean but that doesn't mean I wouln't spin blubbers if I could but the private nature of the thing prevents me to do so if I'm not mistaking.
could I or anyone else spin nodes (blubbers) and participate for passive income?
Bvery feew things are binaty like that 1 or 0 and Decentralization is one of those things so your Yes/No answer will determine what it is or not.

[Jeff-Bouchard]

anyway Docker just announced their catalog and toolkit and each and every one MCPs out there that scrapers will be able to find as we're not exactly hiding, that'd defeat the purpose will just be converted to Docker compatible format like mcp-generator
the whole internet is the registry now.
I think it's already out of hand

[devnomad-byte]

bro, send me your Twitter. I'll follow you and let's communicate

[guruhubb]

@Jeff-Bouchard you're mistaken - you're looking at the initial Eth contract. Our native blockchain and storage code is open source, and our mainnet is one of the fastest in the world with 370ms finality, built from scratch in Golang and for the enterprise. Our storage performance is 5x traditional cloud. MCP is one of our use cases - our core value is breachproof security and faster performance.

Anyways, your discussion on token economics is irrelevant because it doesn't control or affect the blockchain, nor our data layer. Again, I suggest you look at our docs, our explorer, our storage software app built on it, and then argue on specific points why our platform cannot be considered decentralized or make sense for this application.

could I or anyone else spin nodes (blobbers) and participate for passive income?

Yes, one MSP is already doing so and making money on this from their enterprise customers; I have posted their performance results on my LinkedIn posts. You'd use our Chimney app to receive income in tokens from Zus Network and even USD from enterprise customers, if you were to manage the entire solution.

[lilac]

I'd like to contribute to this discussion with a solution we've been developing that could address the registry needs outlined here.

The MCP Server Manifest Concept

In our initial proposal, we outlined a standardized approach for MCP server management using a decentralized yet organized system through mcp.json manifest files.

This approach is inspired by both npm's package.json and ESM's URL-based imports, allowing MCP servers to be described consistently while remaining decentralized. The manifest contains standardized metadata including:

• Server name and version
• Detailed description and homepage
• Vendor information
• Installation instructions
• Configuration requirements

The manifest concept creates a middle ground between completely centralized repositories and the current fragmented landscape.

MCPBar: A Reference Implementation

We've recently launched MCPBar, a reference implementation of this concept. MCPBar is a CLI tool that uses the standardized manifest format to simplify discovery, installation, and management of MCP servers across different clients.

MCPBar demonstrates how a registry based on this manifest concept can work in practice, with features like server search, simple installation, and standardized configuration.

Example manifest:

{
  "name": "github",
  "version": "1.0.0",
  "description": "GitHub MCP Server for AI tools using Model Context Protocol.",
  "homepage": "https://github.com/github/github-mcp-server",
  "repository": {
    "type": "git",
    "url": "https://github.com/github/github-mcp-server.git"
  },
  "license": "MIT",
  "keywords": ["mcp", "ai", "github"],
  "inputs": [
    {
      "id": "github_token",
      "type": "promptString",
      "description": "GitHub Personal Access Token",
      "password": true
    }
  ],
  "server": {
    "command": "docker",
    "args": [
      "run", "-i", "--rm", "-e", "GITHUB_PERSONAL_ACCESS_TOKEN",
      "ghcr.io/github/github-mcp-server"
    ],
    "env": {
      "GITHUB_PERSONAL_ACCESS_TOKEN": "${input:github_token}"
    }
  }
}

Usage:

# Install an MCP server
mcpbar install github/github-mcp-server

# Search for servers
mcpbar search github

This approach gives us the best of both worlds - decentralized publication but standardized discovery and installation. MCPBar could serve as the foundation for a standardized registry that addresses the requirements outlined in this discussion.

We'd love to get feedback from the community and potentially align our efforts with the official MCP direction. Full details are available on our blog and GitHub repository.

[fjm2u]

The manifest format looks good. Here are a few suggestions:

• Use secret: true rather than password: true in inputs.
• Use {github_token} rather than ${input:github_token}.

[lilac]

The manifest format looks good. Here are a few suggestions:

• Use secret: true rather than password: true in inputs.
• Use {github_token} rather than ${input:github_token}.

Thanks for the suggestion. The design here is to align with VS Code's settings format, as we can see in the Github's example.

For more details, refer to the RFC: mcp.json – A Standardized Manifest for Model Context Protocol Servers. In the doc, I also referenced the VS Code MCP Server Configuration Docs.

I am open to more discussion.

[Mehdi-Bl]

Worked on similar. I should publish the full API + schemas. OSS.

There is a lot of problems, if you analyze the MCP rolling as there is so different setup.

[Fannon]

A first great starting point would be an official spec how an MCP API can be described in a single, self contained JSON file, including some info about the server and how to connect. Similar to OpenAPI for REST APIs. I would assume that one server can potentially also host multiple MCP APIs.

From there, you can put a thinner publishing / discovery / federation layer on top. Concretely: How you can provide those JSON file(s), how a bigger registry would make the information available via a convenient API and (later maybe) how registries can sync the metadata between them efficiently, without creating conflicts.

[alexhancock]

Thank you all for the engagement and for exploring so many different approaches in this discussion!

There is an in progress API implementation for an official server registry here now: https://github.com/modelcontextprotocol/registry

[tadasant]

And some context for how we're approaching this here: modelcontextprotocol/registry#11

Other Discussions in that repo have started to parcel out many of the considerations the community raised throughout this thread

[jcamdev]

Just providing an alternative viewpoint here:

While I agree with this concept in principle - new standards, centralized repositories, and single sources of truth very rarely succeed in practice. We already have established patterns for how users interact with new products and services on the internet: the World Wide Web supported by search engines, online forums, third-party resources, wikis, advertising, etc.

This ecosystem works well precisely because it accommodates the complexities and differences between applications. Trying to conform them to a single standard of governance is going to be virtually impossible, and in some ways even restricts the explorability & potential for LLMs & AI Agents to engage with the ecosystem ("sorry you can't use that app its not a part of the registry"). These existing patterns already effectively guide users to finding websites, tools, and platforms, and it will do the same with discoverability of MCP servers & AI agents.

This proposal feels reminiscent of the early internet where we had websites would simply provide lists of resources—an approach we've since evolved beyond because once the internet grew beyond 10 websites, half of which were dancing cats, it was no longer feasible to maintain. Our existing decentralized approach is more flexible, sustainable, and allows for organic growth and innovation, which will likely be severely hampered by a centralized, constrained governance approach.

[sboily]

Agreed with you @rtyhgfvbn. Having a centralized MCP service list seems unrealistic, but it would be interesting to have a federation system instead - where each organization maintains control over their own MCP catalog while sharing information through a decentralized trust network. This way we could discover services across different providers without sacrificing autonomy or creating a single point of failure.