The trusted operating layer for MCP servers.
A platform where users can discover MCP servers, inspect capabilities, see trust and security signals, install them locally or remotely, test them in a sandbox, and export ready-to-use configs for Claude, OpenAI-compatible clients, editors, and custom agent runtimes.
MCP Forge is a trusted operating layer for the MCP (Model Context Protocol) ecosystem. Unlike simple awesome lists that are easy to copy, MCP Forge provides:
Trust infrastructure (validation, probing, scoring)Runtime execution (sandbox testing, local/remote launches)Compatibility tooling (client-specific config generators)Security hardening (scope analysis, SSRF detection, least-privilege enforcement)Ecosystem growth (maintainer incentives, federation, monetization)
The trusted operating layer for MCP servers.
📋 Roadmap Status (15 Phases)
Phase
Title
Status
Key Deliverables
Phase 1 Foundation
✅ COMPLETED
Manifest spec, validator CLI, registry schema, dual-backend scaffold (Actix/Axum)
Phase 2 Real Utility
✅ COMPLETED
Runtime probe, install generator, trust scoring, compatibility matrix
Phase 3 Differentiation
✅ COMPLETED
Sandbox tester, security policy analysis, reproducible release snapshots, maintainer dashboard
Phase 4 Performance
✅ COMPLETED
Benchmarking suite, latency/throughput metrics, optimization guides
Phase 5 Observability
Pending
Centralized logging, Prometheus/Grafana dashboards, OpenTelemetry tracing
Phase 6 Enterprise Security
Pending
SAML/OAuth, audit trails, policy packs, least-privilege enforcement
Phase 7 Ecosystem Growth
Pending
Stars/badges, maintainer bounties, curated collections, "Works with X" badges
Phase 8 Client Diversity
Pending
Ollama, LM Studio, LocalAI, and custom client config generators
Phase 9 Advanced MCP Features
Pending
Roots/sampling support in sandbox, structured output validation, progress/cancellation
Phase 10 Offline Mode
Pending
Air-gapped registry mirroring, offline validation, local-first mode
Phase 11 Automation
Pending
GitHub/GitLab CI/CD integration, automatic manifest validation, PR checks
Phase 12 Documentation
Pending
Interactive tutorials, API docs (Swagger/OpenAPI), video guides, CLI man pages
Phase 13 Monetization
Pending
Private registries, priority support, premium features (e.g., "Verified Publisher" badge)
Phase 14 Federation
Pending
Mirror registries, team namespaces, upstream sync, private enterprise registries
Phase 15 AI-Powered Curation
Pending
AI-driven package recommendations, auto-generated docs, smart search
Benchmark MCP servers for latency, throughput, and resource usage.
Provide optimization guides for high-throughput deployments.
Integrate performance metrics into the trust score.
Component
Description
mcp-benchmark CLIRun standardized benchmarks (e.g., 1K requests, 1MB payloads) and generate reports.
Performance Dashboard
Visualize latency/throughput metrics in the maintainer dashboard.
Optimization Guides
Documentation for tuning MCP servers (e.g., async I/O, connection pooling).
Trust Score Integration
Adjust trust score based on performance metrics (e.g., sub-100ms latency bonus).
MCP-Forge/
├── packages/
│ ├── benchmark/ # Benchmarking suite (Python/Go)
│ │ ├── scenarios/ # Standardized test scenarios
│ │ └── reporter.py # Generate HTML/PDF reports
│ └── scoring/ # Trust score integration
└── apps/web/ # Performance dashboard UI
🗺️ Phase 5: Observability
Centralize logs, metrics, and traces for deployed MCP servers.
Provide dashboards for monitoring health, performance, and security.
Component
Description
OpenTelemetry Integration
Instrument MCP servers for distributed tracing.
Prometheus/Grafana Dashboards
Pre-built dashboards for latency, error rates, and resource usage.
Centralized Logging
Aggregate logs from multiple MCP servers into a single view.
Alerting
Notify maintainers of anomalies (e.g., high latency, failed probes).
MCP-Forge/
├── packages/
│ └── observability/ # OpenTelemetry SDK, Prometheus exporters
└── apps/
└── web/ # Grafana dashboard templates
🗺️ Phase 6: Enterprise Security
Support enterprise authentication (SAML/OAuth).
Enforce least-privilege policies and audit trails.
Component
Description
SAML/OAuth Integration
Support enterprise identity providers (Okta, Azure AD).
Audit Trails
Log all registry actions (publish, install, verify) for compliance.
Policy Packs
Pre-built security policies (e.g., "No network egress", "Read-only filesystem").
Least-Privilege Enforcement
Block manifests with excessive scopes (e.g., * in filesystem paths).
MCP-Forge/
├── packages/
│ └── security/ # SAML/OAuth adapters, policy engine
└── apps/
└── api/ # Audit trail API
🗺️ Phase 7: Ecosystem Growth
Incentivize maintainers to publish high-quality MCP servers.
Curate collections and highlight popular packages.
Component
Description
Stars/Badges
Let users star packages; display badges (e.g., "Top 10%", "Verified").
Maintainer Bounties
Reward maintainers for high trust scores, installs, or documentation.
Curated Collections
Group packages by domain (e.g., "Web Search", "Filesystem Tools").
"Works with X" Badges
Show compatibility with clients (e.g., "Works with Ollama", "Works with LM Studio").
MCP-Forge/
├── packages/
│ └── ecosystem/ # Bounty system, collection manager
└── apps/
└── web/ # Stars/badges UI, curated collections page
🗺️ Phase 8: Client Diversity
Support non-OpenAI clients (Ollama, LM Studio, LocalAI).
Expand the compatibility matrix and install generator.
Component
Description
Ollama Config Generator
Generate Modelfile and config.json for Ollama.
LM Studio Config Generator
Generate config.yaml for LM Studio.
LocalAI Config Generator
Generate config.yaml for LocalAI.
Compatibility Matrix Updates
Add rows for Ollama, LM Studio, LocalAI.
MCP-Forge/
└── packages/
└── client-templates/ # New config generators
🗺️ Phase 9: Advanced MCP Features
Support advanced MCP features (roots, sampling, structured outputs) in the sandbox.
Validate structured outputs and progress/cancellation.
Component
Description
Roots Support
Allow sandboxed access to specific filesystem roots.
Sampling Support
Test sampling endpoints in the sandbox.
Structured Output Validation
Validate JSON Schema compliance for tool outputs.
Progress/Cancellation
Support progress updates and request cancellation in the sandbox.
MCP-Forge/
├── packages/
│ └── runtime/ # Roots/sampling support in probe.py
└── apps/
└── web/ # Sandbox UI updates for advanced features
🗺️ Phase 10: Offline Mode
Support air-gapped environments and offline validation.
Enable local-first registry mirroring.
Component
Description
Air-Gapped Registry Mirroring
Sync registry data to a local database for offline use.
Offline Validation
Validate manifests without network access.
Local-First Mode
Run MCP Forge entirely locally (no cloud dependencies).
MCP-Forge/
├── cli/
│ └── mcp-mirror # Registry mirroring CLI
└── packages/
└── offline/ # Offline validation logic
Integrate MCP Forge into CI/CD pipelines.
Automate manifest validation and trust scoring.
Component
Description
GitHub/GitLab CI/CD Integration
Validate manifests on PRs; block merges for critical issues.
Automatic Manifest Validation
Run mcp-validate on every push to main.
PR Checks
Comment on PRs with trust score and security findings.
MCP-Forge/
├── .github/
│ └── workflows/ # GitHub Actions workflows
└── packages/
└── ci/ # CI/CD integration logic
🗺️ Phase 12: Documentation
Provide interactive tutorials, API docs, and video guides.
Improve CLI man pages and help text.
Component
Description
Interactive Tutorials
Step-by-step guides for publishing, installing, and testing MCP servers.
API Docs (Swagger/OpenAPI)
Auto-generated API documentation for the registry.
Video Guides
YouTube/TikTok-style tutorials for key workflows.
CLI Man Pages
Comprehensive man pages for mcp-validate, mcp-probe, etc.
MCP-Forge/
├── docs/ # Interactive tutorials, API docs
└── packages/
└── docs/ # Video scripts, CLI man pages
🗺️ Phase 13: Monetization
Offer premium features for enterprise users.
Sustain development with a sustainable business model.
Component
Description
Private Registries
Host private MCP registries for enterprise customers.
Priority Support
Offer SLAs and dedicated support for premium users.
Premium Features
"Verified Publisher" badge, advanced analytics, custom domains.
MCP-Forge/
├── apps/
│ └── enterprise/ # Private registry backend
└── packages/
└── monetization/ # Billing, support ticketing
Support mirror registries and team namespaces.
Enable private enterprise registries.
Component
Description
Mirror Registries
Sync registry data across multiple instances.
Team Namespaces
Support @team/package naming for organizations.
Upstream Sync
Sync public registry data to private mirrors.
Private Enterprise Registries
Host private registries for enterprise customers.
MCP-Forge/
├── apps/
│ └── federation/ # Federation backend
└── packages/
└── sync/ # Upstream sync logic
🗺️ Phase 15: AI-Powered Curation
Use AI to recommend packages, auto-generate docs, and improve search.
Component
Description
AI-Driven Package Recommendations
Recommend packages based on user behavior and domain.
Auto-Generated Docs
Generate API docs, examples, and tutorials from manifests.
Smart Search
Improve search relevance with NLP and embeddings.
MCP-Forge/
├── packages/
│ └── ai/ # AI models for recommendations/docs/search
└── apps/
└── web/ # Smart search UI, auto-generated docs
Feature
Status
Description
Registry ✅ Phase 1
Searchable catalog with metadata, tags, health status
Verification ✅ Phase 2
Automated checks for manifest validity, protocol support, smoke tests
Trust Signals ✅ Phase 2
Verified publisher badge, signed release info, trust score, security warnings
Local Runtime ✅ Phase 2
Lightweight runner for stdio/Docker/remote servers
Install Generator ✅ Phase 2
One-click export for Claude, OpenAI, VS Code, Docker Compose
Sandbox Tester ✅ Phase 3
Safe test UI with bounded permissions and visible logs
Security Layer ✅ Phase 3
Scope inspection, least-privilege warnings, network policy hints
Compatibility Matrix ✅ Phase 2
Shows client transport/primitive/auth support
Versioned Manifests ✅ Phase 3
Reproducible package metadata for each release (snapshots)
Publisher Tooling ✅ Phase 2
mcp-validate, mcp-probe, mcp-score, mcp-snapshot CLI tools
Performance Benchmarking 🚧 Phase 4
Latency/throughput metrics, optimization guides
Observability Phase 5
Centralized logging, Prometheus/Grafana dashboards, OpenTelemetry tracing
Enterprise Security Phase 6
SAML/OAuth, audit trails, policy packs, least-privilege enforcement
Ecosystem Growth Phase 7
Stars/badges, maintainer bounties, curated collections
Client Diversity Phase 8
Ollama, LM Studio, LocalAI config generators
Advanced MCP Features Phase 9
Roots/sampling support, structured output validation, progress/cancellation
Offline Mode Phase 10
Air-gapped registry mirroring, offline validation
Automation Phase 11
GitHub/GitLab CI/CD integration, automatic manifest validation
Documentation Phase 12
Interactive tutorials, API docs, video guides, CLI man pages
Monetization Phase 13
Private registries, priority support, premium features
Federation Phase 14
Mirror registries, team namespaces, upstream sync
AI-Powered Curation Phase 15
AI-driven recommendations, auto-generated docs, smart search
Node.js 20+
Python 3.10+
Rust 1.70+
Docker (optional, for containerized MCP servers)
# Clone the repositorycd MCP-Forge
# Install dependencies# Build the CLI toolscd cli && pip install -e .
# Start the registry APIcd ../apps/api && npm run dev
# Start the web UIcd ../web && npm run dev# Validate a manifest# Probe a local MCP server# Generate an install configWe welcome contributions! See CONTRIBUTING.md for guidelines.
Publish MCP Servers : Add your MCP server to the registry.Improve Documentation : Write tutorials, fix typos, or add examples.Build Tools : Create new CLI tools or integrations.Report Bugs : Open issues for bugs or feature requests.Review PRs : Help review and test pull requests.
MIT © Luv Goel
