Documentation

MCP Runtime documentation

Architecture, CLI workflows, request-path governance, and API reference for operating MCP services on Kubernetes. Start with runtime for the model, then use the CLI, sentinel, and API guides for the exact operational surface.

Runtime guide CLI guide

Use runtime for control-plane concepts, CLI for install and day-two operations, sentinel for the governed request path, and API for resource fields and trust semantics.

Documentation map

Understand the runtime

Architecture, core resources, delivery flow, and product boundaries.
Operate from the CLI

Setup, registry, server rollout, access, sentinel, and status commands.
Add governance and observability

Request-path policy, audit flow, analytics services, and observability surfaces.
Use the API reference

CRD fields, gateway headers, trust model, and YAML examples.

Prereqs: Go 1.24+, kubectl, Docker, and Make.

Fast path

Bring up the platform and deploy one server.

The shortest path from repo checkout to a working runtime flow.

Full CLI reference

make deps && make build-runtime

./bin/mcp-runtime setup
./bin/mcp-runtime status

./bin/mcp-runtime registry push --image my-server:v1.0.0
./bin/mcp-runtime pipeline generate --dir .mcp --output manifests/
./bin/mcp-runtime pipeline deploy --dir manifests/

Start here

Pick the page that matches your job.

You do not need to read the whole docs set in order.

Architecture

Runtime

Control-plane responsibilities, core resources, delivery model, and traffic handoff.

Best first read Operations

CLI

Concrete command flows for setup, cluster, registry, server, access, sentinel, pipeline, and status.

Day-1 and day-2 Governance

Sentinel

Policy enforcement, audit flow, analytics services, UI surfaces, and observability components.

Request path Reference

API

CRDs, trust semantics, headers, rollout fields, analytics settings, and YAML examples.

Spec and manifests

Platform map

Understand the split quickly.

The platform becomes easier to reason about once each surface has a clear job.

Runtime

Owns lifecycle and cluster state.

Cluster bootstrap, ingress, registry, and operator setup
MCPServer rollout and reconciliation into Kubernetes objects
Access grants and agent sessions beside each service

Sentinel

Owns the governed request path.

Policy evaluation at tool-call time
Audit decisions, query surfaces, and analytics flow
Gateway, UI, metrics, tracing, and log surfaces

CLI and API

Expose the operator surface.

CLI for install, delivery, access, and operational workflows
API reference for manifests, headers, trust, and rollout settings
One platform story instead of separate tooling islands

Context

Know the boundaries before you dive in.

What this is not

Not a generic mesh control plane

MCP Runtime sits above lower-level ingress, gateway, and service-mesh layers. It models MCP-specific delivery, access, policy, and audit rather than becoming the network control plane for every workload in the cluster.

Current scope

Broad enough to evaluate today

Deployment, routing, grants, sessions, gateway policy, audit flow, and observability are implemented in the repo today. A full OAuth 2.1 authorization server and Dynamic Client Registration flow are still out of scope.

Repository

Need the repo workflows too?

Use these helpers when you are changing the platform codebase, not only operating a cluster.

Use the development scripts when you are working inside the repo and need local generation, manifests, or test helpers alongside the docs.

Open GitHub Back to website

./hack/dev-setup.sh
make test
make operator-manifests operator-generate