MCP Hub
One hub for everyintegration.
Register MCP servers, manage credentials, and route tool calls across your bot fleet from a single pane of glass.
One hub. Every tool.
Connect the tools your team runs on, to the editors your team builds in
Rylvo MCP Hub speaks the open protocols the industry is converging on — so every integration is interoperable, every credential is governed, and every call is auditable.
Popular MCP-compatible connectors
Consumed by your AI editor
Built on open standards
Model Context Protocol
spec-compliant server & client
OAuth 2.1 + PKCE
S256 only in production
RS256 JWT
asymmetric signing, public JWKS
AES-256-GCM
vault-encrypted credentials
Append-only audit
every tool call logged
Brand names and marks shown above belong to their respective owners and indicate technical compatibility through public MCP servers and APIs — not endorsement, partnership, or certification by those companies.
Tool sprawl ends here
One registry for every MCP integration. Install vetted servers, connect custom ones, and scope them to specific bots — no more shadow integrations scattered across configs.
Credentials never leak
AES-256-GCM encryption in a dedicated vault. Plaintext never touches Firestore or the client. Only the last four characters are visible in the UI.
Humans stay in control
High-risk tools auto-gate to require_approval. Refunds, deletions, and merges pause for human review via Mission Control. Nothing critical runs unsupervised.
MCP control-plane constellation
one hub · many serversVault
AES-256
Approvals
HITL
Runtime
guarded
Audit
logged
Registry
verified
Scope
per-bot
Registry
Curated catalog with trust levels
Not all integrations are equal. Every server in the registry carries a trust label so you know exactly what you're installing before a single credential is added.
Rylvo Verified
verifiedSecurity-reviewed by our team. Safe to install across production orgs with full confidence.
Community
communityPublished by a known community author. Review permissions before installing — standard due diligence applies.
Custom
customYour own server or an external endpoint you connected manually. Gets the same vault, guardrails, and monitoring as registry entries.
Categories include Communication, Dev Tools, Productivity, Data, Search, Files, CRM, Finance, and Custom. Search by name, vendor, or category. Submit your own for org-wide reuse.
Vault
Credentials encrypted with AES-256-GCM
Plaintext API keys, OAuth tokens, and bearer secrets never touch Firestore or the client. They are encrypted server-side and stored in a dedicated vault. Only the last four characters are visible in the UI — just enough to know which key is which.
At invocation time, the server decrypts the credential once, forwards it to the MCP server, and never logs or persists the plaintext. Rotation is instant: re-encrypt in place without reconfiguring the server.
Governance
Per-tool permissions, auto-gated by risk
Every discovered tool gets a permission state. High-risk operations auto-default to require_approval — no configuration drift, no surprise escalations.
Bot calls the tool without human intervention. Use for read-only or low-risk operations.
Bot pauses and creates an approval request. An operator reviews and approves or denies before execution continues.
Tool is hidden from the bot entirely. Use for capabilities you never want exposed to a specific agent.
Auto-gating examples
GitHub merge PR, Stripe refunds, Jira delete issue, and Filesystem write/delete auto-default to require_approval regardless of server default. You can tighten or loosen per-tool at any time.
Approvals
Human-in-the-loop without the hang
When a high-stakes tool call triggers approval, the bot pauses gracefully. An operator reviews the payload, approves or denies, and the bot resumes automatically — or times out with a clean denial.
The Approval Pipeline
6 stages · never hangsCall
bot requests tool
Gate
permission check
Queue
approval request created
Review
operator inspects payload
Decide
approve or deny
Resume
bot continues or exits
Args preview
Operators see a redacted JSON preview of the tool arguments, not raw secrets.
LLM rationale
The bot explains why it wants to call the tool — context that makes approval decisions faster.
Time-boxed TTL
Default 10-minute TTL. Auto-deny on expiration so conversations never hang silently.
Tab-resilient
Close the tab, come back later. The resume button picks up exactly where the conversation paused.
Immutable audit
Every approval decision is logged with operator identity, timestamp, and rationale.
Deny with reason
Operators can deny with a custom reason that the bot surfaces back to the user gracefully.
Bot Export
Turn any bot into an MCP server
One toggle and your bot's tools become discoverable MCP endpoints. Other bots call them. External clients discover them. Your team stops rebuilding the same integrations.
The exported server runs over HTTP with internal auth, trust level set to Custom, and defaults to allow so composed workflows stay fast. Disable anytime — the server pauses but history and logs are preserved.
Bot-to-bot composition
A research bot exposes its search tools; a writing bot calls them as MCP endpoints. Reuse without duplication.
Team-wide tool reuse
One bot maintains your CRM sync. Every other bot in the org calls it via MCP instead of re-implementing the same integration.
External client access
Third-party MCP clients — IDEs, chat apps, or other platforms — can discover and invoke your bot's capabilities.
Micro-agent architecture
Break monolithic bots into focused micro-agents that expose specific tools. Compose them into larger workflows.
Observability
See every call, cost, and denial
Full-stack observability for your MCP layer. Daily spend trends, top tools by volume, failure rates, and health status — all in one view.
Daily spend
Per-server, per-tool cost trends with sparklines and delta vs. prior period.
Call volume
Top tools and servers by invocation count, with failure-rate breakdown.
Health status
Latency, consecutive failures, and last-error tracking per server.
Denial rate
Which tools get blocked most — signal for permission tuning or guardrail drift.
FAQ
Questions about MCP Hub
Everything you need to know before connecting your first server.
What is MCP Hub and why do I need it?
MCP Hub is an enterprise control plane for the Model Context Protocol. It lets you install, govern, and monitor MCP servers from a single interface — with encrypted credential vaults, per-tool permissions, human-in-the-loop approvals, and full audit trails. Without it, bots connect to tools with no oversight, no guardrails, and no accountability.
Can I connect my own custom MCP servers?
Yes. You can connect any external MCP server via HTTP, SSE, or stdio transports. Configure auth headers, OAuth2 flows, timeouts, and custom metadata. Custom servers receive the same vault encryption, permission governance, and health monitoring as registry servers.
How does the approval workflow work?
When a bot calls a tool marked 'require approval,' the execution pauses and an approval request is created in the queue. An operator reviews the tool name, arguments preview, and LLM rationale, then approves or denies. The bot resumes automatically upon approval, or receives a graceful denial. Timeouts auto-deny so conversations never hang.
Can I turn a Rylvo bot into an MCP server?
Yes. Any bot can be exported as an MCP server with a single toggle. The bot's tools become discoverable MCP endpoints that other bots — or external MCP clients — can invoke over HTTP. This enables bot-to-bot composition and reuse across your organization.
What transport protocols are supported?
HTTP (recommended for hosted servers), SSE (legacy streaming), and stdio (local processes). All transports route through the same permission checks, guardrails, credential vault, and audit pipeline.
How are credentials secured?
Credentials are encrypted server-side with AES-256-GCM and stored in a dedicated vault. Plaintext never touches Firestore or the client. Only the last four characters are visible in the UI. Credentials are decrypted only at invocation time on the server, used once, and never logged.
Deep dive
Why MCP needs a control plane
The Model Context Protocol opens the door for AI agents to use real tools. A hub is what keeps that door from being a back door.
Govern every server, not just the one you trust
The MCP ecosystem is exploding. Verified GitHub or Stripe servers sit next to community tools whose permissions you don't fully understand. MCP Hub gives you a verified registry, a sandbox for community installs, and per-tool scope so each bot gets exactly the capabilities it needs — nothing more.
Credentials in a vault, not in a prompt
Tokens belong in an encrypted vault, decrypted only at invocation, used once, and never logged. Hub stores secrets with AES-256-GCM, surfaces only the last four characters in the UI, and rotates without redeploying any bot. Lose a key, revoke it, and every dependent tool falls back to a denied state instantly.
Human-in-the-loop for the actions that matter
Refunds, deletes, payments, and external sends should never auto-execute on a single LLM hop. Hub lets you mark any tool as “requires approval” — the bot pauses, the request lands in a queue with full context, and an operator approves or denies in one click with the decision recorded in audit.
Audit, analytics, and budgets you can trust
Every invocation is captured: which bot called which tool, with what arguments, on whose behalf, and what the result was. Hub turns those traces into denial rates, latency curves, and per-bot budgets so you can spot misuse, runaway costs, and guardrail drift before they hit production traffic.
Ready to connect your first MCP server?
Install from the registry, connect your own, or export a bot as an MCP endpoint. Full governance, encryption, and oversight from day one.