Skip to content

Agent Registry and MCP Trust

Huzefaaa2 edited this page May 18, 2026 · 17 revisions

Agent Registry and MCP Trust Registry

Phase 5 starts the governed identity layer for AI agents and MCP servers.

Current Implementation

  • JSON-backed registry store for local pilots.
  • SQLite-backed registry store and migration for self-hosted API deployments.
  • Governed agent identities with agent ID, type, vendor, version, capabilities, scopes, allowed repositories, allowed tools, risk tier, owner, status, last seen, and evidence references.
  • MCP server trust records with server ID, trust tier, capabilities, owner, approval state, approved tools, last seen, and evidence references.
  • Predefined capability profiles for Claude Code, OpenAI Codex, GitHub Copilot Agent, Cursor Agent, Gemini CLI, and AWS Q Developer.
  • MCP capability classifications for filesystem, shell, network, database, SaaS, cloud, and repository tools.
  • API endpoints for agents, MCP servers, and MCP trust evaluation.
  • CLI commands for registering, listing, and checking registry records.
  • Console views for agent identities, MCP trust records, profiles, and classifications.
  • Runtime MCP decisions can use registry trust state.
  • Unknown MCP servers are blocked by default.

CLI

cavra registry agent-register codex-agent --vendor OpenAI --capability code_edit --repository payments/api --owner "Platform AI"
cavra registry agent-register claude-code --vendor Anthropic --capability mcp_tool_call --sqlite .cavra/registry.db
cavra registry agent-list --owner "Platform AI"
cavra registry profiles
cavra registry mcp-register github-mcp --trust-tier approved --approval-state approved --capability repository --tool create_pull_request --owner "Developer Platform"
cavra registry mcp-register filesystem-mcp --trust-tier approved --approval-state approved --capability filesystem --tool read_file --sqlite .cavra/registry.db
cavra registry mcp-list --trust-tier approved
cavra registry mcp-check github-mcp create_pull_request --capability repository
cavra registry mcp-classifications --capability cloud
cavra registry migrate --sqlite .cavra/registry.db

API

  • GET /agents
  • GET /agents/profiles
  • POST /agents
  • GET /agents/{agent_id}
  • GET /mcp/servers
  • POST /mcp/servers
  • GET /mcp/servers/{server_id}
  • GET /mcp/tool-classifications
  • GET /mcp/trust

Set CAVRA_REGISTRY_STORE to choose the registry JSON path. Set CAVRA_REGISTRY_DB to use SQLite persistence.

User Stories

  • As an AI governance lead, I can see which agents are active and what they are allowed to do.
  • As a platform engineer, I can approve trusted MCP servers once and reuse that trust across repositories.
  • As a security engineer, I can keep unknown MCP servers blocked by default.
  • As an auditor, I can review owner, capability, approval state, profile, classification, and evidence metadata for agent and MCP trust decisions.

Enterprise Challenge Solved

The registry removes identity ambiguity and MCP tool sprawl. Agents and tools become governed records with owners, scopes, approval state, storage-backed auditability, and runtime decision impact.

Next

  • expanded Go registry-backed parity.
  • Public sandbox URL validation after deployment from main.

Clone this wiki locally