How do I install Metatool App?

Install Metatool App with a single command: npx mdskills install metatool-ai/metatool-app. This downloads the skill files into your project and your AI agent picks them up automatically.
What platforms support Metatool App?

Metatool App works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.
← Back to skills
Metatool App

Name: Metatool App: AI Agent Skill
Rating: 8 (1 reviews)
Author: metatool-ai
Verified
API DevelopmentIntermediate
MetaMCP is a MCP proxy that lets you dynamically aggregate MCP servers into a unified MCP server, and apply middlewares. MetaMCP itself is a MCP server so it can be easily plugged into ANY MCP clients. For more details, consider visiting our documentation site: https://docs.metamcp.com English | 中文 - 🎯 Use Cases - 📖 Concepts - 🖥️ MCP Server - 🔐 Environment Variables \& Secrets (STDIO MCP Serve
by @metatool-ai0Updated 1 weeks ago
Add this skill
npx mdskills install metatool-ai/metatool-app
Fork & Edit
Skill Advisor8.0
Comprehensive MCP proxy infrastructure for aggregating servers with middleware and endpoints
+Provides powerful aggregation, namespacing, and middleware orchestration for MCP servers
+Excellent documentation with clear setup instructions and multiple deployment options
+Strong architecture with authentication, rate limiting, and OIDC support
-Declared permissions are overly broad for what appears to be primarily a proxy/gateway service
SKILL.md
Edit in Browser
1# 🚀 MetaMCP (MCP Aggregator, Orchestrator, Middleware, Gateway in one docker) <!-- omit in toc -->
2 
3<div align="center">
4 
5<div align="center">
6  <a href="https://discord.gg/mNsyat7mFX" style="text-decoration: none;">
7    <img src="https://img.shields.io/badge/Discord-MetaMCP-5865F2?style=flat-square&logo=discord&logoColor=white" alt="Discord" style="max-width: 100%;">
8  </a>
9  <a href="https://docs.metamcp.com" style="text-decoration: none;">
10    <img src="https://img.shields.io/badge/Documentation-docs.metamcp.com-blue?style=flat-square&logo=book" alt="Documentation" style="max-width: 100%;">
11  </a>
12  <a href="https://opensource.org/licenses/MIT" style="text-decoration: none;">
13    <img src="https://img.shields.io/badge/License-MIT-yellow.svg?style=flat-square" alt="MIT License" style="max-width: 100%;">
14  </a>
15  <a href="https://github.com/metatool-ai/metamcp/pkgs/container/metamcp" style="text-decoration: none;">
16    <img src="https://img.shields.io/badge/GHCR-available-green.svg?style=flat-square&logo=github" alt="GHCR" style="max-width: 100%;">
17  </a>
18  <a href="https://deepwiki.com/metatool-ai/metamcp"><img src="https://img.shields.io/badge/DeepWiki-metatool--ai%2Fmetamcp-blue.svg?style=flat-square&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACwAAAAyCAYAAAAnWDnqAAAAAXNSR0IArs4c6QAAA05JREFUaEPtmUtyEzEQhtWTQyQLHNak2AB7ZnyXZMEjXMGeK/AIi+QuHrMnbChYY7MIh8g01fJoopFb0uhhEqqcbWTp06/uv1saEDv4O3n3dV60RfP947Mm9/SQc0ICFQgzfc4CYZoTPAswgSJCCUJUnAAoRHOAUOcATwbmVLWdGoH//PB8mnKqScAhsD0kYP3j/Yt5LPQe2KvcXmGvRHcDnpxfL2zOYJ1mFwrryWTz0advv1Ut4CJgf5uhDuDj5eUcAUoahrdY/56ebRWeraTjMt/00Sh3UDtjgHtQNHwcRGOC98BJEAEymycmYcWwOprTgcB6VZ5JK5TAJ+fXGLBm3FDAmn6oPPjR4rKCAoJCal2eAiQp2x0vxTPB3ALO2CRkwmDy5WohzBDwSEFKRwPbknEggCPB/imwrycgxX2NzoMCHhPkDwqYMr9tRcP5qNrMZHkVnOjRMWwLCcr8ohBVb1OMjxLwGCvjTikrsBOiA6fNyCrm8V1rP93iVPpwaE+gO0SsWmPiXB+jikdf6SizrT5qKasx5j8ABbHpFTx+vFXp9EnYQmLx02h1QTTrl6eDqxLnGjporxl3NL3agEvXdT0WmEost648sQOYAeJS9Q7bfUVoMGnjo4AZdUMQku50McDcMWcBPvr0SzbTAFDfvJqwLzgxwATnCgnp4wDl6Aa+Ax283gghmj+vj7feE2KBBRMW3FzOpLOADl0Isb5587h/U4gGvkt5v60Z1VLG8BhYjbzRwyQZemwAd6cCR5/XFWLYZRIMpX39AR0tjaGGiGzLVyhse5C9RKC6ai42ppWPKiBagOvaYk8lO7DajerabOZP46Lby5wKjw1HCRx7p9sVMOWGzb/vA1hwiWc6jm3MvQDTogQkiqIhJV0nBQBTU+3okKCFDy9WwferkHjtxib7t3xIUQtHxnIwtx4mpg26/HfwVNVDb4oI9RHmx5WGelRVlrtiw43zboCLaxv46AZeB3IlTkwouebTr1y2NjSpHz68WNFjHvupy3q8TFn3Hos2IAk4Ju5dCo8B3wP7VPr/FGaKiG+T+v+TQqIrOqMTL1VdWV1DdmcbO8KXBz6esmYWYKPwDL5b5FA1a0hwapHiom0r/cKaoqr+27/XcrS5UwSMbQAAAABJRU5ErkJggg==" alt="DeepWiki: MetaMCP"></a>
19</div>
20 
21</div>
22 
23> **📢 Update:** *[From the author: apologize for some recent maintainence delay, but will at least keep merging PRs, more background [here](recent-updates.md)]*
24 
25**MetaMCP** is a MCP proxy that lets you dynamically aggregate MCP servers into a unified MCP server, and apply middlewares. MetaMCP itself is a MCP server so it can be easily plugged into **ANY** MCP clients.
26 
27![MetaMCP Diagram](metamcp.svg)
28 
29---
30 
31For more details, consider visiting our documentation site: https://docs.metamcp.com
32 
33English | [中文](./README_cn.md)
34## 📋 Table of Contents <!-- omit in toc -->
35 
36- [🎯 Use Cases](#-use-cases)
37- [📖 Concepts](#-concepts)
38  - [🖥️ **MCP Server**](#️-mcp-server)
39    - [🔐 **Environment Variables \& Secrets (STDIO MCP Servers)**](#-environment-variables--secrets-stdio-mcp-servers)
40  - [🏷️ **MetaMCP Namespace**](#️-metamcp-namespace)
41  - [🌐 **MetaMCP Endpoint**](#-metamcp-endpoint)
42  - [⚙️ **Middleware**](#️-middleware)
43  - [🔍 **Inspector**](#-inspector)
44  - [✏️ **Tool Overrides \& Annotations**](#️-tool-overrides--annotations)
45- [🚀 Quick Start](#-quick-start)
46  - [🐳 Run with Docker Compose (Recommended)](#-run-with-docker-compose-recommended)
47  - [📦 Build development environment with Dev Containers (VSCode/Cursor)](#-build-development-environment-with-dev-containers-vscodecursor)
48  - [💻 Local Development](#-local-development)
49- [🔌 MCP Protocol Compatibility](#-mcp-protocol-compatibility)
50- [🔗 Connect to MetaMCP](#-connect-to-metamcp)
51  - [📝 E.g., Cursor via mcp.json](#-eg-cursor-via-mcpjson)
52  - [🖥️ Connecting Claude Desktop and Other STDIO-only Clients](#️-connecting-claude-desktop-and-other-stdio-only-clients)
53  - [🔧 API Key Auth Troubleshooting](#-api-key-auth-troubleshooting)
54- [❄️ Cold Start Problem and Custom Dockerfile](#️-cold-start-problem-and-custom-dockerfile)
55- [🧾 Log Levels](#-log-levels)
56- [🔐 Authentication](#-authentication)
57- [🚦 Traffic Management](#-traffic-management)
58  - [🚧 **MCP Rate Limit**](#-mcp-rate-limit)
59- [🔗 OpenID Connect (OIDC) Provider Support](#-openid-connect-oidc-provider-support)
60  - [🛠️ **Configuration**](#️-configuration)
61  - [🏢 **Supported Providers**](#-supported-providers)
62  - [🔒 **Security Features**](#-security-features)
63  - [📱 **Usage**](#-usage)
64- [⚙️ Registration Controls](#️-registration-controls)
65  - [🎛️ **Available Controls**](#️-available-controls)
66  - [🏢 **Enterprise Use Cases**](#-enterprise-use-cases)
67  - [🛠️ **Configuration**](#️-configuration-1)
68- [🌐 Custom Deployment and SSE conf for Nginx](#-custom-deployment-and-sse-conf-for-nginx)
69- [🏗️ Architecture](#️-architecture)
70  - [📊 Sequence Diagram](#-sequence-diagram)
71- [🗺️ Roadmap](#️-roadmap)
72- [🌐 i18n](#-i18n)
73- [🤝 Contributing](#-contributing)
74- [📄 License](#-license)
75- [🙏 Credits](#-credits)
76 
77## 🎯 Use Cases
78- 🏷️ **Group MCP servers into namespaces, host them as meta-MCPs, and assign public endpoints** (SSE or Streamable HTTP), with auth. One-click to switch a namespace for an endpoint.
79-  🎯 **Pick tools you only need when remixing MCP servers.** Apply other **pluggable middleware** around observability, security, etc. (coming soon)
80-  🔍 **Use as enhanced MCP inspector** with saved server configs, and inspect your MetaMCP endpoints in house to see if it works or not.
81-  🔍 **Use as Elasticsearch for MCP tool selection** (coming soon)
82 
83Generally developers can use MetaMCP as **infrastructure** to host dynamically composed MCP servers through a unified endpoint, and build agents on top of it.
84 
85Quick demo video: https://youtu.be/Cf6jVd2saAs
86 
87![MetaMCP Screenshot](metamcp_screenshot.png)
88 
89## 📖 Concepts
90 
91### 🖥️ **MCP Server**
92A MCP server configuration that tells MetaMCP how to start a MCP server.
93 
94```json
95"HackerNews": {
96  "type": "STDIO",
97  "command": "uvx",
98  "args": ["mcp-hn"]
99}
100```
101 
102#### 🔐 **Environment Variables & Secrets (STDIO MCP Servers)**
103 
104For **STDIO MCP servers**, MetaMCP supports three ways to handle environment variables and secrets:
105 
106**1. Raw Values** - Direct string values (not recommended for secrets):
107```
108API_KEY=your-actual-api-key-here
109DEBUG=true
110```
111 
112**2. Environment Variable References** - Use `${ENV_VAR_NAME}` syntax:
113```
114API_KEY=${OPENAI_API_KEY}
115DATABASE_URL=${DB_CONNECTION_STRING}
116```
117 
118**3. Auto-matching** - If the expected environment variable name in your tool matches the container's environment variable, you can omit it entirely. MetaMCP will automatically pass through matching environment variables.
119 
120> **🔒 Security Note**: Environment variable references (`${VAR_NAME}`) are resolved from the MetaMCP container's environment at runtime. This keeps actual secret values out of your configuration and git repository.
121 
122> **⚙️ Development Note**: For local development with `pnpm run dev:docker`, ensure your environment variables are listed in `turbo.json` under `globalEnv` to be passed to the development processes. This is not required for production Docker deployments.
123 
124### 🏷️ **MetaMCP Namespace**
125- Group one or more MCP servers into a namespace
126- Enable/disable MCP servers or at tool level
127- Apply middlewares to MCP requests and responses
128- Override tool names/titles/descriptions per namespace and attach custom MCP annotations (e.g. `{ "annotations": { "readOnlyHint": false } }`)
129 
130### 🌐 **MetaMCP Endpoint**
131- Create endpoints and assign namespace to endpoints
132- Multiple MCP servers in the namespace will be aggregated and emitted as a MetaMCP endpoint
133- Choose between API-Key Auth (in header or query param) or standard OAuth in MCP Spec 2025-06-18
134- Host through **SSE** or **Streamable HTTP** transports in MCP and **OpenAPI** endpoints for clients like [Open WebUI](https://github.com/open-webui/open-webui)
135 
136### ⚙️ **Middleware**
137- Intercepts and transforms MCP requests and responses at namespace level
138- **Built-in example**: "Filter inactive tools" - optimizes tool context for LLMs
139- **Future ideas**: tool logging, error traces, validation, scanning
140 
141### 🔍 **Inspector**
142Similar to the official MCP inspector, but with **saved server configs** - MetaMCP automatically creates configurations so you can debug MetaMCP endpoints immediately.
143 
144### ✏️ **Tool Overrides & Annotations**
145- Open a namespace → **Tools** tab to see every tool coming from connected MCP servers.
146- Each saved tool can be expanded and edited inline: update the display **name/title/description** or provide a JSON blob with namespace-specific annotations (for example `{ "annotations": { "readOnlyHint": false } }`).
147- Badges in the table ("Overridden", "Annotations") show which tools currently have custom metadata. Hover them to read a tooltip describing what was overridden.
148- Annotation overrides are merged with whatever the upstream MCP server returns, so you can safely add custom UI hints without losing provider metadata.
149 
150## 🚀 Quick Start
151 
152### **🐳 Run with Docker Compose (Recommended)**
153 
154Clone repo, prepare `.env`, and start with docker compose:
155 
156```bash
157git clone https://github.com/metatool-ai/metamcp.git
158cd metamcp
159cp example.env .env
160docker compose up -d
161```
162 
163If you modify APP_URL env vars, make sure you only access from the APP_URL, because MetaMCP enforces CORS policy on the URL, so no other URL is accessible.
164 
165Note that the pg volume name may collide with your other pg dockers, which is global, consider rename it in `docker-compose.yml`:
166 
167```
168volumes:
169  metamcp_postgres_data:
170    driver: local
171```
172 
173### **📦 Build development environment with Dev Containers (VSCode/Cursor)**
174 
175You can use the VSCode/Cursor extension to build the development environment in a container.
176 
177It only requires that you have an environment running Docker or a similar alternative (the `docker`/`docker compose` command is required), and no other dependent components need to be installed on your host machine.
178 
1791. First, clone the MetaMCP source code, open project in Visual Studio Code.
180```bash
181git clone https://github.com/metatool-ai/metamcp.git
182cd metamcp
183code .
184```
1852. Switch to Dev Containers. Open the VSCode Command Palette, and execute `Dev Containers: Reopen in Container`.
186 
187VSCode will open the Dev Containers project in a new window, where it will build the runtime and install the toolchain according to the `Dockerfile` before starting the connection and finally installing the MetaMCP dependencies.
188<img width="895" height="153" alt="image" src="https://github.com/user-attachments/assets/d3e1420d-43c1-4ed6-9229-b91ea09c142a" />
189 
190> **note**
191> This process requires a reliable network connection, and it will access Docker Hub, GitHub, and some other sites. You will need to ensure the network connection yourself, otherwise the container build may fail.
192 
193Wait some minutes, depending on the internet connection or computer performance, it may take from a few minutes to tens of minutes, you can click on the Progress Bar in the bottom right corner to view a live log where you will be able to check unusual stuck.
194<img width="732" height="173" alt="image" src="https://github.com/user-attachments/assets/6e5752f8-7353-4a8f-b489-c13daef6700e" />
195 
196After finished, you can run `pnpm dev` to start the development server.
197 
198### **💻 Local Development**
199 
200Still recommend running postgres through docker for easy setup:
201 
202```bash
203pnpm install
204pnpm dev
205```
206 
207## 🔌 MCP Protocol Compatibility
208 
209- ✅ **Tools, Resources, and Prompts** supported
210- ✅ **OAuth-enabled MCP servers** tested for 03-26 version
211 
212If you have questions, feel free to leave **GitHub issues** or **PRs**.
213 
214## 🔗 Connect to MetaMCP
215 
216### 📝 E.g., Cursor via mcp.json
217 
218Example `mcp.json`
219 
220```json
221{
222  "mcpServers": {
223    "MetaMCP": {
224      "url": "http://localhost:12008/metamcp/<YOUR_ENDPOINT_NAME>/sse"
225    }
226  }
227}
228```
229 
230### 🖥️ Connecting Claude Desktop and Other STDIO-only Clients
231 
232Since MetaMCP endpoints are remote only (SSE, Streamable HTTP, OpenAPI), clients that only support stdio servers (like Claude Desktop) need a local proxy to connect.
233 
234**Note:** While `mcp-remote` is sometimes suggested for this purpose, it's designed for OAuth-based authentication and doesn't work with MetaMCP's API key authentication. Based on testing, `mcp-proxy` is the recommended solution.
235 
236Here's a working configuration for Claude Desktop using `mcp-proxy`:
237 
238Using Streamable HTTP
239 
240```json
241{
242  "mcpServers": {
243    "MetaMCP": {
244      "command": "uvx",
245      "args": [
246        "mcp-proxy",
247        "--transport",
248        "streamablehttp",
249        "http://localhost:12008/metamcp/<YOUR_ENDPOINT_NAME>/mcp"
250      ],
251      "env": {
252        "API_ACCESS_TOKEN": "<YOUR_API_KEY_HERE>"
253      }
254    }
255  }
256}
257```
258 
259Using SSE
260 
261```json
262{
263  "mcpServers": {
264    "ehn": {
265      "command": "uvx",
266      "args": [
267        "mcp-proxy",
268        "http://localhost:12008/metamcp/<YOUR_ENDPOINT_NAME>/sse"
269      ],
270      "env": {
271        "API_ACCESS_TOKEN": "<YOUR_API_KEY_HERE>"
272      }
273    }
274  }
275}
276```
277 
278**Important notes:**
279- Replace `<YOUR_ENDPOINT_NAME>` with your actual endpoint name
280- Replace `<YOUR_API_KEY_HERE>` with your MetaMCP API key (format: `sk_mt_...`)
281 
282For more details and alternative approaches, see [issue #76](https://github.com/metatool-ai/metamcp/issues/76#issuecomment-3046707532).
283 
284### 🔧 API Key Auth Troubleshooting
285 
286- `?api_key=` param api key auth doesn't work for SSE. It only works for Streamable HTTP and OpenAPI.
287- Best practice is to use the API key in `Authorization: Bearer <API_KEY>` header.
288- Try disable auth temporarily when you face connection issues to see if it is an auth issue.
289 
290## ❄️ Cold Start Problem and Custom Dockerfile
291 
292- MetaMCP pre-allocate idle sessions for each configured MCP servers and MetaMCPs. The default idle session for each is 1 and that can help reduce cold start time.
293- If your MCP requires dependencies other than `uvx` or `npx`, you need to customize the Dockerfile to install dependencies on your own.
294- Check [invalidation.md](invalidation.md) for a seq diagram about how idle session invalidates during updates.
295 
296🛠️ **Solution**: Customize the Dockerfile to add dependencies or pre-install packages to reduce cold start time.
297 
298## 🧾 Log Levels
299 
300MetaMCP’s backend writes logs to files and optionally mirrors selected levels to the console. Control console mirroring with the `LOG_LEVEL` environment variable.
301 
302- Files
303  - `app.log`: receives `DEBUG`, `INFO`, and `WARN`
304  - `error.log`: receives `ERROR`
305 
306- Console mirroring (`LOG_LEVEL`)
307  - `all`: mirror `DEBUG`, `INFO`, `WARN`, `ERROR` to console
308  - `info`: mirror only `INFO` to console
309  - `errors-only`: mirror `WARN` and `ERROR` to console
310  - `none`: no console output
311 
312- Defaults and examples
313  - Default (when unset or invalid): `errors-only`
314  - `.env` example:
315    ```bash
316    LOG_LEVEL='errors-only' # 'all', 'info', 'errors-only', 'none'
317    ```
318  - `docker-compose.dev.yml` uses: `LOG_LEVEL: ${LOG_LEVEL:-all}`
319 
320## 🔐 Authentication
321 
322- 🛡️ **Better Auth** for frontend & backend (TRPC procedures)
323- 🍪 **Session cookies** enforce secure internal MCP proxy connections
324- 🔑 **API key authentication** for external access via `Authorization: Bearer <api-key>` header
325- 🪪 **MCP OAuth**: Exposed endpoints have options to use standard OAuth in MCP Spec 2025-06-18, easy to connect.
326- 🏢 **Multi-tenancy**: Designed for organizations to deploy on their own machines. Supports both private and public access scopes. Users can create MCPs, namespaces, endpoints, and API keys for themselves or for everyone. Public API keys cannot access private MetaMCPs.
327- ⚙️ **Separate Registration Controls**: Administrators can independently control UI registration and SSO/OAuth registration through the settings page, allowing for flexible enterprise deployment scenarios.
328 
329## 🚦 Traffic Management
330 
331### 🚧 MCP Rate Limit
332The MCP Rate Limit feature allows you to set the maximum requests a MCP tool (a endpoint) will accept in a given time window. There are two different strategies to set limits that you can use separately or together:
333 
334 * `Endpoint rate-limiting (Rate Limiting)`: applies simultaneously to all clients using the endpoint, sharing a unique counter.
335 * `User rate-limiting (Client Rate Limiting)`: sets a counter to each individual user.
336 
337Both types can coexist and they complement each other, and store the counters in-memory. On a cluster, each machine sees and counts only its passing traffic.
338 
339### **Endpoint rate-limiting**
340The endpoint rate limit acts on the number of simultaneous transactions an endpoint can process. This type of limit protects the service for all customers.
341When the users connected to an endpoint together exceed the `rate-limiting`, MetaMCP starts to reject connections with a status code `503 Service Unavailable`.
342 
343#### **Endpoint rate-limiting options**
344 * `Max Rate`: Defines how many requests will you accept from all users together at any given instant. When the gateway starts, the bucket is full. As requests from users come, the remaining tokens in the bucket decrease. At the same time, the rate-limiting refills the bucket at the desired rate until its maximum capacity is reached.
345 * `Max Rate Seconds`: Time period in which the maximum rates operate in seconds. For instance, if you set an max rate seconds of 60s and a rate-limiting of 5, you are allowing 5 requests every sixty seconds.
346 
347### **User rate-limiting**
348The client or user rate limit applies one counter to each individual user and endpoint. When a single user connected to an endpoint exceeds their `client-max-rate`, MetaMCP starts rejecting connections with a status code `429 Too Many Requests`
349 
350#### **User rate-limiting options**
351 * `Client Max Rate`: Number of tokens you add to the Token Bucket for each individual user (user quota) in the time interval you want (Client Max Rate Seconds). The remaining tokens in the bucket are the requests a specific user can do.
352 * `Client Max Rate Seconds`: Time period in which the maximum rates operate in seconds. For instance, if you set an every of 60s and a rate of 5, you are allowing 5 requests every sixty seconds.
353 * `Client Max Rate Strategy`: Sets the strategy you will use to set client counters. Choose ip when the restrictions apply to the client’s IP address, or set it to header when there is a header that identifies a user uniquely. That header must be defined with the key entry.
354 * `Client Max Rate Strategy Key`: It is the header name containing the user identification (e.g., Authorization on tokens, or X-Original-Forwarded-For for IPs).
355 
356## 🔗 OpenID Connect (OIDC) Provider Support
357 
358MetaMCP supports **OpenID Connect authentication** for enterprise SSO integration. This allows organizations to use their existing identity providers (Auth0, Keycloak, Azure AD, etc.) for authentication.
359 
360### 🛠️ **Configuration**
361 
362Add the following environment variables to your `.env` file:
363 
364```bash
365# Required
366OIDC_CLIENT_ID=your-oidc-client-id
367OIDC_CLIENT_SECRET=your-oidc-client-secret
368OIDC_DISCOVERY_URL=https://your-provider.com/.well-known/openid-configuration
369 
370# Optional customization
371OIDC_PROVIDER_ID=oidc
372OIDC_SCOPES=openid email profile
373OIDC_PKCE=true
374```
375 
376### 🏢 **Supported Providers**
377 
378MetaMCP has been tested with popular OIDC providers:
379 
380- **Auth0**: `https://your-domain.auth0.com/.well-known/openid-configuration`
381- **Keycloak**: `https://your-keycloak.com/realms/your-realm/.well-known/openid-configuration`
382- **Azure AD**: `https://login.microsoftonline.com/your-tenant-id/v2.0/.well-known/openid-configuration`
383- **Google**: `https://accounts.google.com/.well-known/openid-configuration`
384- **Okta**: `https://your-domain.okta.com/.well-known/openid-configuration`
385 
386### 🔒 **Security Features**
387 
388- 🔐 **PKCE (Proof Key for Code Exchange)** enabled by default
389- 🛡️ **Authorization Code Flow** with automatic user creation
390- 🔄 **Auto-discovery** of OIDC endpoints
391- 🍪 **Seamless session management** with existing auth system
392 
393### 📱 **Usage**
394 
395Once configured, users will see a **"Sign in with OIDC"** button on the login page alongside the email/password form. The authentication flow automatically creates new users on first login.
396 
397For more detailed configuration examples and troubleshooting, see **[CONTRIBUTING.md](CONTRIBUTING.md#openid-connect-oidc-provider-setup)**.
398 
399## ⚙️ Registration Controls
400 
401MetaMCP provides **separate controls** for different registration methods, allowing administrators to fine-tune user access policies for enterprise deployments.
402 
403### 🎛️ **Available Controls**
404 
405- **UI Registration**: Controls whether users can create accounts via the registration form
406- **SSO Registration**: Controls whether users can create accounts via SSO/OAuth providers (OIDC, etc.)
407 
408### 🏢 **Enterprise Use Cases**
409 
410This separation enables common enterprise scenarios:
411 
412- **Block UI registration, allow SSO**: Prevent manual signups while allowing corporate SSO users
413- **Block SSO registration, allow UI**: Allow manual signups while restricting SSO access
414- **Block both**: Completely disable new user registration
415- **Allow both**: Default behavior for open deployments
416 
417### 🛠️ **Configuration**
418 
419Access the **Settings** page in the MetaMCP admin interface to configure these controls:
420 
4211. Navigate to **Settings** → **Authentication Settings**
4222. Toggle **"Disable UI Registration"** to control form-based signups
4233. Toggle **"Disable SSO Registration"** to control OAuth/OIDC signups
424 
425Both controls work independently, giving you full flexibility over your registration policy.
426 
427## 🌐 Custom Deployment and SSE conf for Nginx
428 
429If you want to deploy it to a online service or a VPS, a instance of at least 2GB-4GB of memory is required. And the larger size, the better performance.
430 
431Since MCP leverages SSE for long connection, if you are using reverse proxy like nginx, please refer to an example setup [nginx.conf.example](nginx.conf.example)
432 
433## 🏗️ Architecture
434 
435- **Frontend**: Next.js
436- **Backend**: Express.js with tRPC, hosting MCPs through TS SDK and internal proxy
437- **Auth**: Better Auth
438- **Structure**: Standalone monorepo with Turborepo and Docker publishing
439 
440### 📊 Sequence Diagram
441 
442*Note: Prompts and resources follow similar patterns to tools.*
443 
444```mermaid
445sequenceDiagram
446    participant MCPClient as MCP Client (e.g., Claude Desktop)
447    participant MetaMCP as MetaMCP Server
448    participant MCPServers as Installed MCP Servers
449 
450    MCPClient ->> MetaMCP: Request list tools
451 
452    loop For each listed MCP Server
453        MetaMCP ->> MCPServers: Request list_tools
454        MCPServers ->> MetaMCP: Return list of tools
455    end
456 
457    MetaMCP ->> MetaMCP: Aggregate tool lists & apply middleware
458    MetaMCP ->> MCPClient: Return aggregated list of tools
459 
460    MCPClient ->> MetaMCP: Call tool
461    MetaMCP ->> MCPServers: call_tool to target MCP Server
462    MCPServers ->> MetaMCP: Return tool response
463    MetaMCP ->> MCPClient: Return tool response
464```
465 
466## 🗺️ Roadmap
467 
468**Potential next steps:**
469 
470- [ ] 🔌 Headless Admin API access
471- [ ] 🔍 Dynamically apply search rules on MetaMCP endpoints
472- [ ] 🛠️ More middlewares
473- [ ] 💬 Chat/Agent Playground
474- [ ] 🧪 Testing & Evaluation for MCP tool selection optimization
475- [ ] ⚡ Dynamically generate MCP servers
476 
477## 🌐 i18n
478 
479See [README-i18n.md](README-i18n.md)
480 
481Currently en and zh locale are supported, but welcome contributions.
482 
483## 🤝 Contributing
484 
485We welcome contributions! See details at **[CONTRIBUTING.md](CONTRIBUTING.md)**
486 
487## 📄 License
488 
489**MIT**
490 
491Would appreciate if you mentioned with back links if your projects use the code.
492 
493## 🙏 Credits
494 
495Some code inspired by:
496- [MCP Inspector](https://github.com/modelcontextprotocol/inspector)
497- [MCP Proxy Server](https://github.com/adamwattis/mcp-proxy-server)
498 
499Not directly used the code by took ideas from
500- https://github.com/open-webui/openapi-servers
501- https://github.com/open-webui/mcpo
502
Full transparency — inspect the skill content before installing.