# MCP Registry

The Model Context Protocol (MCP) is a standardized way for AI models to securely interact with external tools, services, and data sources. Rather than allowing models to call tools directly, MCP introduces a structured interface that defines which tools exist, how they can be invoked, and the constraints on their use.

Within Highflame, MCP acts as a controlled bridge between LLMs and external systems. All MCP interactions are routed through the Agent Gateway, allowing Highflame to enforce security policies, apply guardrails, and continuously assess tool risk. This enables the extension of agent capabilities, such as querying knowledge bases or invoking internal APIs, without sacrificing enterprise-grade security or observability.

### Enterprise MCP Registries

An MCP Registry defines how tools are discovered, trusted, and exposed to AI models through the Agent Gateway. Rather than hard-coding tool endpoints into prompts or applications, registries provide a structured, auditable way to declare *which MCP servers exist*, *what tools they expose*, and *under what conditions those tools may be used*.

In Highflame, an MCP Registry is a collection of authorized MCP servers and serves as the authoritative source of truth for tool discovery, authentication, and baseline policy enforcement. This mirrors the MCP Registry model: tools are not implicitly available to models; they are explicitly registered, evaluated, and enabled.

Once registered, tools from an MCP server can be selectively exposed to applications and routes, ensuring that agent capabilities grow in a controlled and observable way.

### Creating an MCP Registry

When creating a registry, you define the core identity and connection details of the MCP server:

* A name that uniquely identifies the server (for example, deepwiki)
* The endpoint where the MCP server accepts requests
* Optional authentication credentials required by the server
* A description that documents the registry’s purpose

Once saved, Highflame generates a Gateway request URL for the registry:

```
https://api.highflame.ai/v1/mcp/<mcp_server_name>
e.g., https://api.highflame.ai/v1/mcp/deepwiki
```

1. Navigate to the **MCP Registries** page within your gateway.
2. Click the **Add MCP Registry** button.
3. In the **Details** tab, fill in the required fields: name, URL, optional auth credentials, and description.
4. Click **Save** to create the registry.

<figure><img src="/files/vmU4W88bLqxKa99mpskv" alt=""><figcaption></figcaption></figure>

Once an MCP Registry is created, it will appear in the **MCP Registries list**. From here, selecting a registry takes you to its dedicated page, where you can configure and manage it further.

The **Tools** tab allows you to:

* View all tools exposed by the registered MCP server.
* Enable or disable individual tools for controlled access.
* See **Vulnerability scan results** for each tool.

<figure><img src="/files/3kMSvtCKokO4x67iEt8H" alt=""><figcaption></figcaption></figure>

Whenever you **enable/disable a tool** or open the **Tools tab**, Highflame automatically runs a **vulnerability scan** on that tool.\
The results are displayed directly in this tab, showing potential **security vulnerabilities**.

The **Policy** tab displays all **MCP Registry-level policies** currently applied.

<figure><img src="/files/3kMSvtCKokO4x67iEt8H" alt=""><figcaption></figcaption></figure>

Policies ensure safer usage of MCP tools by applying filters such as:

* **Malicious Instruction Injections** – Defends against prompt injection or jailbreak attempts.
* **Data Protection** – Prevents exposure of sensitive data like PII, credentials, or secrets.
* **Security Filters** – Defend against MCP tool vulnerabilities, including command injection, path traversal, secret leakage, and SQL injection.

These registry-level guardrails are enforced **after a tool response is received** when requests are made using an **application key**.

The **Details** tab provides the core configuration for your MCP Registry.

![](/files/uDk4qFAe4y78f4ObUQF4)\
It includes:

* **Name** – Unique identifier for your MCP server (e.g., `deepwiki`, `github`).
* **URL** – The base URL of the MCP server.
* **Request URL** – The endpoint Highflame uses to send MCP requests for this server.
  * This URL is automatically generated after registration and is required when connecting LLMs to MCP tools.
  * Example: `https://api.highflame.ai/v1/mcp/deepwiki`
* **Description** – A human-readable purpose or context for the MCP registry.
* **Authorization Token** – Token used to authenticate with the MCP server.
  * Store this securely, as it may grant direct access to the MCP server’s tools.
  * The token can be updated at any time if compromised.

This tab serves as the foundation for connecting Highflame to your MCP server, ensuring all requests are routed securely.

The **Application Graph tab** displays all MCP tools accessed via this agent:

* Shows **tool name**, **MCP server**, **number of requests**, and **last used** in a graph format.
* Helps you analyze MCP tool usage patterns and identify high-traffic integrations.

<figure><img src="/files/O1xNYsRtWleT56bp018H" alt=""><figcaption></figcaption></figure>

### Tool Discovery and Enablement

After a registry is created, Highflame queries the MCP server to discover the tools it exposes. These tools are listed under the registry and are disabled by default. Each tool must be explicitly enabled before a model can use it.

This opt-in model follows the MCP Registry principle that ***availability does not imply permission***. Teams can expose only the minimum set of tools required for an agent’s task, reducing risk and limiting blast radius.

### Tracing MCP Requests

Every MCP request routed through the Agent Gateway appears in the application’s traces.

```bash
curl -X POST 'https://api.highflame.ai/v1/responses' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer $OPENAI_API_KEY' \
  -H 'X-Highflame-Apikey: $HIGHFLAME_API_KEY' \
  -d '{
    "input": "List all tools supported in the 2025-03-26 version of the MCP spec.",
    "model": "gpt-4.1",
    "tools": [
      {
        "type": "mcp",
        "server_label": "deepwiki",
        "server_url": "https://api.highflame.ai/v1/mcp/deepwiki",
        "headers": {
          "Authorization": "Bearer $HIGHFLAME_API_KEY"
        },
        "require_approval": "never"
      }
    ]
  }'
```

These records include:

* The model input that triggered the tool call
* The MCP tool invocation
* The tool’s response
* Guardrails and policies that were evaluated during execution

This creates a complete, end-to-end audit trail that aligns with the MCP Registry goal of transparent and accountable tool usage.

<figure><img src="/files/ksoT2mpWmrjBo4cHWjC7" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.highflame.ai/agent-gateway/mcp-registry.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.