The enterprise control plane for Model Context Protocol
Install vetted MCP integrations, govern every tool call with guardrails, encrypt credentials in the vault, and turn any Rylvo bot into a reusable MCP endpoint.
Tool sprawl ends here
One registry for every MCP integration. Install vetted servers, connect custom ones, and scope them to specific bots — no more shadow integrations scattered across configs.
Credentials never leak
AES-256-GCM encryption in a dedicated vault. Plaintext never touches Firestore or the client. Only the last four characters are visible in the UI.
Humans stay in control
High-risk tools auto-gate to require_approval. Refunds, deletions, and merges pause for human review via Mission Control. Nothing critical runs unsupervised.
The MCP Control Plane
registry → runtime → auditRegistry
verified · community · custom
Vault
encrypted credentials
Bot Hub
scope + attach
Runtime
guardrails + invoke
Approvals
human-in-the-loop
Audit
logs + analytics
Curated catalog with trust levels
Not all integrations are equal. Every server in the registry carries a trust label so you know exactly what you're installing before a single credential is added.
Rylvo Verified
verifiedSecurity-reviewed by our team. Safe to install across production orgs with full confidence.
Community
communityPublished by a known community author. Review permissions before installing — standard due diligence applies.
Custom
customYour own server or an external endpoint you connected manually. Gets the same vault, guardrails, and monitoring as registry entries.
Categories include Communication, Dev Tools, Productivity, Data, Search, Files, CRM, Finance, and Custom. Search by name, vendor, or category. Submit your own for org-wide reuse.
Credentials encrypted with AES-256-GCM
Plaintext API keys, OAuth tokens, and bearer secrets never touch Firestore or the client. They are encrypted server-side and stored in a dedicated vault. Only the last four characters are visible in the UI — just enough to know which key is which.
At invocation time, the server decrypts the credential once, forwards it to the MCP server, and never logs or persists the plaintext. Rotation is instant: re-encrypt in place without reconfiguring the server.
Per-tool permissions, auto-gated by risk
Every discovered tool gets a permission state. High-risk operations auto-default to require_approval — no configuration drift, no surprise escalations.
Bot calls the tool without human intervention. Use for read-only or low-risk operations.
Bot pauses and creates an approval request. An operator reviews and approves or denies before execution continues.
Tool is hidden from the bot entirely. Use for capabilities you never want exposed to a specific agent.
Auto-gating examples
GitHub merge PR, Stripe refunds, Jira delete issue, and Filesystem write/delete auto-default to require_approval regardless of server default. You can tighten or loosen per-tool at any time.
Human-in-the-loop without the hang
When a high-stakes tool call triggers approval, the bot pauses gracefully. An operator reviews the payload, approves or denies, and the bot resumes automatically — or times out with a clean denial.
The Approval Pipeline
6 stages · never hangsCall
bot requests tool
Gate
permission check
Queue
approval request created
Review
operator inspects payload
Decide
approve or deny
Resume
bot continues or exits
Args preview
Operators see a redacted JSON preview of the tool arguments, not raw secrets.
LLM rationale
The bot explains why it wants to call the tool — context that makes approval decisions faster.
Time-boxed TTL
Default 10-minute TTL. Auto-deny on expiration so conversations never hang silently.
Tab-resilient
Close the tab, come back later. The resume button picks up exactly where the conversation paused.
Immutable audit
Every approval decision is logged with operator identity, timestamp, and rationale.
Deny with reason
Operators can deny with a custom reason that the bot surfaces back to the user gracefully.
Turn any bot into an MCP server
One toggle and your bot's tools become discoverable MCP endpoints. Other bots call them. External clients discover them. Your team stops rebuilding the same integrations.
The exported server runs over HTTP with internal auth, trust level set to Custom, and defaults to allow so composed workflows stay fast. Disable anytime — the server pauses but history and logs are preserved.
Bot-to-bot composition
A research bot exposes its search tools; a writing bot calls them as MCP endpoints. Reuse without duplication.
Team-wide tool reuse
One bot maintains your CRM sync. Every other bot in the org calls it via MCP instead of re-implementing the same integration.
External client access
Third-party MCP clients — IDEs, chat apps, or other platforms — can discover and invoke your bot's capabilities.
Micro-agent architecture
Break monolithic bots into focused micro-agents that expose specific tools. Compose them into larger workflows.
See every call, cost, and denial
Full-stack observability for your MCP layer. Daily spend trends, top tools by volume, failure rates, and health status — all in one view.
Daily spend
Per-server, per-tool cost trends with sparklines and delta vs. prior period.
Call volume
Top tools and servers by invocation count, with failure-rate breakdown.
Health status
Latency, consecutive failures, and last-error tracking per server.
Denial rate
Which tools get blocked most — signal for permission tuning or guardrail drift.
Questions about MCP Hub
Everything you need to know before connecting your first server.
What is MCP Hub and why do I need it?
MCP Hub is an enterprise control plane for the Model Context Protocol. It lets you install, govern, and monitor MCP servers from a single interface — with encrypted credential vaults, per-tool permissions, human-in-the-loop approvals, and full audit trails. Without it, bots connect to tools with no oversight, no guardrails, and no accountability.
Can I connect my own custom MCP servers?
Yes. You can connect any external MCP server via HTTP, SSE, or stdio transports. Configure auth headers, OAuth2 flows, timeouts, and custom metadata. Custom servers receive the same vault encryption, permission governance, and health monitoring as registry servers.
How does the approval workflow work?
When a bot calls a tool marked 'require approval,' the execution pauses and an approval request is created in the queue. An operator reviews the tool name, arguments preview, and LLM rationale, then approves or denies. The bot resumes automatically upon approval, or receives a graceful denial. Timeouts auto-deny so conversations never hang.
Can I turn a Rylvo bot into an MCP server?
Yes. Any bot can be exported as an MCP server with a single toggle. The bot's tools become discoverable MCP endpoints that other bots — or external MCP clients — can invoke over HTTP. This enables bot-to-bot composition and reuse across your organization.
What transport protocols are supported?
HTTP (recommended for hosted servers), SSE (legacy streaming), and stdio (local processes). All transports route through the same permission checks, guardrails, credential vault, and audit pipeline.
How are credentials secured?
Credentials are encrypted server-side with AES-256-GCM and stored in a dedicated vault. Plaintext never touches Firestore or the client. Only the last four characters are visible in the UI. Credentials are decrypted only at invocation time on the server, used once, and never logged.
Ready to connect your first MCP server?
Install from the registry, connect your own, or export a bot as an MCP endpoint. Full governance, encryption, and oversight from day one.