Stacklok / ToolHive

An enterprise-grade open-source (Apache 2.0) platform for running and managing Model Context Protocol (MCP) servers. Founded by Craig McLuckie (co-creator of Kubernetes). Four components: Runtime (container-isolated MCP server execution with fine-grained permissions), Registry (curated catalog of trusted MCP servers with Sigstore supply chain verification), Gateway (Virtual MCP Server proxy with OIDC/OAuth SSO, Cedar policy-based authorization, and OpenTelemetry), and Portal (discovery UI for users). Available as CLI, desktop app, or Kubernetes Operator.

Addresses the critical MCP trust problem — most MCP servers ship with no security, no isolation, and plaintext API tokens. ToolHive containerises every MCP server with minimal permissions, verifies provenance via Sigstore and GitHub Attestations, encrypts secrets, and enforces fine-grained authorization via Amazon Cedar policies. The Kubernetes Operator provides enterprise-grade deployment with RBAC, network policies, and audit logging. Hooks for Claude Code and Cursor restrict tool calls to managed servers only.

Deploy when using MCP-based agent architectures in production and you need security, governance, and supply chain verification. The CLI is quick for individual developers; the Kubernetes Operator is designed for teams and enterprises. Requires Docker or Kubernetes expertise depending on deployment model. Essential infrastructure for any production MCP deployment.

Risks addressed — mapped to both OWASP Top 10 standards. 2 in LLM, 2 in Agentic.

What Yuntona stores. Single source of truth — fork it on GitHub.

name: Stacklok / ToolHive
slug: stacklok-toolhive
type: Mixed
category: Identity & AppSec
url: https://stacklok.com

reviewed:   2026-04
added:      2026-04
updated:    2026-04

risks:
  llm:  [LLM07, LLM08]
  asi:  [ASI04, ASI05]

complexity:    Expert Required
pricing:       —
audience:      Builder
lifecycle:     [deploy]

tags: [Agentic, Gateway, Kubernetes, MCP, Open Source, Supply Chain]