MCP Registry

The Model Context Protocol (MCP) is a standardized way for AI models to securely interact with external tools, services, and data sources. Rather than allowing models to call tools directly, MCP introduces a structured interface that defines which tools exist, how they can be invoked, and the constraints on their use.

Within Highflame, MCP acts as a controlled bridge between LLMs and external systems. All MCP interactions are routed through the Agent Gateway, allowing Highflame to enforce security policies, apply guardrails, and continuously assess tool risk. This enables the extension of agent capabilities, such as querying knowledge bases or invoking internal APIs, without sacrificing enterprise-grade security or observability.

Enterprise MCP Registries

An MCP Registry defines how tools are discovered, trusted, and exposed to AI models through the Agent Gateway. Rather than hard-coding tool endpoints into prompts or applications, registries provide a structured, auditable way to declare which MCP servers exist, what tools they expose, and under what conditions those tools may be used.

In Highflame, an MCP Registry is a collection of authorized MCP servers and serves as the authoritative source of truth for tool discovery, authentication, and baseline policy enforcement. This mirrors the MCP Registry model: tools are not implicitly available to models; they are explicitly registered, evaluated, and enabled.

Once registered, tools from an MCP server can be selectively exposed to applications and routes, ensuring that agent capabilities grow in a controlled and observable way.

Creating an MCP Registry

When creating a registry, you define the core identity and connection details of the MCP server:

• A name that uniquely identifies the server (for example, deepwiki)

• The endpoint where the MCP server accepts requests

• Optional authentication credentials required by the server

• A description that documents the registry’s purpose

Once saved, Highflame generates a Gateway request URL for the registry, like:

https://api.highflame.app/v1/mcp/<mcp_server_name>
e.g., https://api.highflame.app/v1/mcp/deepwiki

1. Navigate to the MCP Registries page within your gateway.

2. Click the Add MCP Registry button.

3. In the Details tab, fill in the required fields (see Details Tab for a complete description of each field).

4. Click Save to create the registry.

Once an MCP Registry is created, it will appear in the MCP Registries list. From here, selecting a registry takes you to its dedicated page, where you can configure and manage it further.

The Tools tab allows you to:

• View all tools exposed by the registered MCP server.

• Enable or disable individual tools for controlled access.

• See Vulnerability scan results for each tool.

Whenever you enable/disable a tool or open the Tools tab, Highflame automatically runs a vulnerability scan on that tool. The results are displayed directly in this tab, showing potential security vulnerabilities.

The Policy tab displays all MCP Registry-level policies currently applied.

Policies ensure safer usage of MCP tools by applying filters such as:

• Malicious Instruction Injections – Defends against prompt injection or jailbreak attempts.

• Data Protection – Prevents exposure of sensitive data like PII, credentials, or secrets.

• Security Filters – Defend against MCP tool vulnerabilities, including command injection, path traversal, secret leakage, and SQL injection.

These registry-level guardrails are enforced after a tool response is received when requests are made using an application key.

The Details tab provides the core configuration for your MCP Registry.

It includes:

• Name – Unique identifier for your MCP server (e.g., deepwiki, github).

• URL – The base URL of the MCP server.

• Request URL – The endpoint Highflame uses to send MCP requests for this server.

  • This URL is automatically generated after registration and is required when connecting LLMs to MCP tools.

  • Example: https://api.highflame.app/v1/mcp/deepwiki

• Description – A human-readable purpose or context for the MCP registry.

• Authorization Token – Token used to authenticate with the MCP server.

  • Store this securely, as it may grant direct access to the MCP server’s tools.

  • The token can be updated at any time if compromised.

This tab serves as the foundation for connecting Highflame to your MCP server, ensuring all requests are routed securely.

The Application Graph tab displays all MCP tools accessed via this agent:

• Shows tool name, MCP server, number of requests, and last used in a graph format.

• Helps you analyze MCP tool usage patterns and identify high-traffic integrations.

Tool Discovery and Enablement

After a registry is created, Highflame queries the MCP server to discover the tools it exposes. These tools are listed under the registry and are disabled by default. Each tool must be explicitly enabled before a model can use it.

This opt-in model follows the MCP Registry principle that availability does not imply permission. Teams can expose only the minimum set of tools required for an agent’s task, reducing risk and limiting blast radius.

Tracing MCP Requests

Every MCP request routed through the Agent Gateway appears in the application’s traces.

These records include:

• The model input that triggered the tool call

• The MCP tool invocation

• The tool’s response

• Guardrails and policies that were evaluated during execution

This creates a complete, end-to-end audit trail that aligns with the MCP Registry goal of transparent and accountable tool usage.