MODEL CONTEXT PROTOCOL · 2026 MCP Registry

The trusted registry for Model Context Protocol.

Browse, sign, and ship MCP servers your security team actually approves. Private registry, signed releases, policy gates, full audit trail.

Join the waitlist → Read the manifesto
mcp — acme/github-server v2.1
# install a server the registry has signed + scanned
$ mcp install @acme/github --verify
↳ fetching @acme/github@2.1.0 · 184 kB
↳ signature: sigstore ✓ CVE feed: clean ✓
↳ policy check: allowed by org.mcp-policy.yml ✓
$ mcp audit --last 30d
12 tool calls · 0 privileged · 0 outside allowlist
$
signed by default
Manifesto

Four things we refuse to compromise on.

  1. 01

    Every server is signed, scanned, and pinned — no more raw stdio commands pulled from a GitHub README.

  2. 02

    Governance is a first-class citizen: allowlists, CVE feeds, and policy files check into git next to your code.

  3. 03

    Authors get distribution and telemetry. Ops get audit trails. Devs get one command. Nobody gets surprised.

  4. 04

    Open CLI, open catalog, paid registry — the trust layer is the product, not the packaging.

The gap

What breaks right now.

Every Claude Code, Cursor and Windsurf user is wiring MCP servers by pasting raw commands from random READMEs. No signing, no version pinning, no auto-update, no security scanning, no telemetry. Fine for a demo; fatal the moment a regulated buyer asks who signed off on that server reaching their database.

The surface

Every capability, opinionated.

Public catalog

Search, version, categories, author telemetry. Discovery that actually scales past the first 50 servers.

One CLI, every IDE

mcp install / update / audit across Claude Code, Cursor, Cline, Windsurf. One shape of command to rule them all.

Sigstore-grade signing

Every published version gets a verifiable signature. Verification happens on install, not on trust.

CVE + malicious feed

Dedicated MCP feed with same-day CVE propagation and a blocklist of known-compromised servers.

Author telemetry

Opt-in usage insights so authors know which tool calls matter and where their server is stalling.

Org policy as code

org.mcp-policy.yml: allowlist, tool-level denies, max-privilege rules. Checked in git. Enforced at install.

The motion

From pain to production.

  1. 01 Install

    One CLI command pulls a signed, scanned MCP server into your IDE. Verification is local and deterministic.

  2. 02 Verify

    Every call is tied back to a signed version and a policy decision. CVE updates flow into your audit log.

  3. 03 Govern

    Ship org-wide policy files. Approve or deny servers in bulk. Export SOC-2-friendly evidence in one click.

The ambition

Numbers we're chasing.

Month 6 $7.5k MRR 50 paying teams at $150 avg · proof the governance tier lands with engineering orgs
Year 1 $600k ARR 300 teams + 5 enterprise self-host contracts · crossing the trust-layer chasm
Year 2 $3M ARR 1,500 teams + 30 enterprise · default choice when security asks 'where did this server come from?'
The doubts

Things you'll ask.

  • What if Anthropic ships an official registry?

    We partner. They'll ship discovery; enterprises still need SOC 2, SSO, allowlists, on-prem deployment, CVE feed SLAs. That's the tier we own from day one.

  • Does it only cover MCP?

    MCP from v1 — OpenAI GPT Actions and A2A support from v1.1. The protocol landscape will consolidate; the trust layer above it is what actually scales.

  • Can we self-host?

    Yes. Enterprise tier ships a self-hostable registry with SSO, audit-log export, and an air-gapped update channel. Your catalog never leaves your network.

  • What about author revenue?

    Free to publish. Paid tier for authors unlocks telemetry, audience analytics, and a featured slot in the discovery surface. No take rate on MCP itself — we're not a marketplace, we're a trust layer.

Under the hood

Stack we trust.

  • TypeScript
  • Sigstore
  • Postgres
  • Cloudflare Workers
  • Stripe
  • OpenTelemetry
The ask

Tell us if you'd use this.

Two clicks. No spam. One email when there's something to show.

We'll email you when the CLI opens to alpha testers — ~Q3. No newsletter, one ping, you unsubscribe in one click.

How strongly do you want this?
2 clicks. promise.