MCP Registry beta live
Get early access
MODEL CONTEXT PROTOCOL · 2026 MCP Registry Beta · live

The trusted registry for Model Context Protocol.

Browse, sign, and ship MCP servers your security team actually approves. Private registry, signed releases, policy gates, full audit trail.

Request early access See the overview
mcp — acme/github-server v2.1
# install a server the registry has signed + scanned
$ mcp install @acme/github --verify
↳ fetching @acme/github@2.1.0 · 184 kB
↳ signature: sigstore ✓ CVE feed: clean ✓
↳ policy check: allowed by org.mcp-policy.yml ✓
$ mcp audit --last 30d
12 tool calls · 0 privileged · 0 outside allowlist
$
signed by default
Manifesto

Things we refuse to compromise.

  1. 01

    Every server is signed, scanned, and pinned — no more raw stdio commands pulled from a GitHub README.

  2. 02

    Governance is a first-class citizen: allowlists, CVE feeds, and policy files check into git next to your code.

  3. 03

    Authors get distribution and telemetry. Ops get audit trails. Devs get one command. Nobody gets surprised.

  4. 04

    Open CLI, open catalog, paid registry — the trust layer is the product, not the packaging.

The gap

What breaks right now.

Every Claude Code, Cursor and Windsurf user is wiring MCP servers by pasting raw commands from random READMEs. No signing, no version pinning, no auto-update, no security scanning, no telemetry. Fine for a demo; fatal the moment a regulated buyer asks who signed off on that server reaching their database.

The surface

Every capability, opinionated.

Public catalog

Search, version, categories, author telemetry. Discovery that actually scales past the first 50 servers.

One CLI, every IDE

mcp install / update / audit across Claude Code, Cursor, Cline, Windsurf. One shape of command to rule them all.

Sigstore-grade signing

Every published version gets a verifiable signature. Verification happens on install, not on trust.

CVE + malicious feed

Dedicated MCP feed with same-day CVE propagation and a blocklist of known-compromised servers.

Author telemetry

Opt-in usage insights so authors know which tool calls matter and where their server is stalling.

Org policy as code

org.mcp-policy.yml: allowlist, tool-level denies, max-privilege rules. Checked in git. Enforced at install.

The motion

From pain to production.

  1. 01 Install

    One CLI command pulls a signed, scanned MCP server into your IDE. Verification is local and deterministic.

  2. 02 Verify

    Every call is tied back to a signed version and a policy decision. CVE updates flow into your audit log.

  3. 03 Govern

    Ship org-wide policy files. Approve or deny servers in bulk. Export SOC-2-friendly evidence in one click.

The offer

What beta partners actually get.

An early-access program, not a newsletter. Every slot is hand-picked and comes with real terms.

  1. Founding pricing · locked 12 months

    40% below the public v1 price. You keep it for a full year from GA, even as the team tier catches up.

  2. Direct founder Slack

    Shared channel with the core team. Bugs get triaged same-day. Feature requests skip the roadmap queue.

  3. Roadmap input you can see

    Beta partners vote on what ships next, Fridays. Outcomes ship in the weekly shipping note — no black box.

  4. Hands-on onboarding

    We pair with your team on the first install. You're verifying signed MCP servers before lunch, not next quarter.

  5. Influence the governance model

    The policy spec is still open. Wave 1 partners co-design org.mcp-policy.yml — your constraints become the defaults.

A trust layer for MCP is the piece nobody's shipped yet. If this had existed six months ago we'd have pushed our agent to prod already — instead we're still writing signature-check scripts by hand.

Platform lead fintech · wave 0 partner
The doubts

Things you'll ask.

  • What if Anthropic ships an official registry?

    We partner. They'll ship discovery; enterprises still need SOC 2, SSO, allowlists, on-prem deployment, CVE feed SLAs. That's the tier we own from day one.

  • Does it only cover MCP?

    MCP from v1 — OpenAI GPT Actions and A2A support from v1.1. The protocol landscape will consolidate; the trust layer above it is what actually scales.

  • Can we self-host?

    Yes. Enterprise tier ships a self-hostable registry with SSO, audit-log export, and an air-gapped update channel. Your catalog never leaves your network.

  • What about author revenue?

    Free to publish. Paid tier for authors unlocks telemetry, audience analytics, and a featured slot in the discovery surface. No take rate on MCP itself — we're not a marketplace, we're a trust layer.

Early access

Join the private beta.

Two clicks, one email. We'll reach out when your slot opens.

We'll email you when the CLI opens to alpha testers — ~Q3. No newsletter, one ping, you unsubscribe in one click.

How strongly do you want this?
After you apply
  1. 01
    You apply 2 minutes. We read every application by hand.
  2. 02
    We reply within 48h Quick note from a human, plus a 15-minute fit call if there's a match.
  3. 03
    You're in the registry Onboarding call, founder pairs with you on first install. Signed MCP servers, same day.
2 clicks. promise.
Request early access private beta · limited seats