BetaMCPG is in public beta. Join the waitlist for managed cloud + early-access features.
MCPG
beta
Control Plane

One control plane. Many gateways.

The CP is where you operate fleets — register instances, mint enrollment tokens, issue licenses, bind plugin sets, watch live status, drill into per-call audit, and ship metrics to Prometheus / OpenTelemetry.

Tenancy hierarchy
3 levels
Org → Workspace → Environment
Storage backends
2
SQLite (Tier 0) or Postgres (Tier 1+) with RLS
HA
multi-instance
Leader-leased janitors, BEGIN IMMEDIATE chains, shared CA

Run it

bash
# Tier 0 — single binary, SQLite, embedded UI
mcpg-ctl quickstart

# Tier 1+ — Postgres + multi-instance
helm install mcpg-cp ./helm/charts/mcpg-cp \
  --set replicaCount=3 \
  --set postgres.enabled=true
What's in the CP

The operational surface.

Instance management

  • Enrollment tokens — single-use, time-limited bootstrap
  • Live registry of connected agents per replica
  • Cross-replica ConfigUpdate fan-out via pubsub
  • Quarantine + revive operator actions

Configuration delivery

  • Plugin sets — versioned, named, content-hashed
  • Bind plugin set to instance; updates pushed via gRPC channel
  • PullConfig + Heartbeat dirty-bit + push narrowing for converging replicas
  • ConfigAck records prove delivery

Observability

  • Per-call tool invocation samples (BLAKE3 error hashing, no plaintext)
  • Hourly + daily rollups for fleet-level metrics
  • StatusReport ingest — CPU, memory, plugin status, warnings
  • Prometheus exposition at /v1/orgs/{org}/metrics

Security

  • Tamper-evident audit ledger with per-org chain serialization
  • License-tiered retention (24h → 365d for raw tool logs)
  • Per-tenant envelope-encrypted payload capture (Enterprise)
  • OIDC SSO + workspace-scoped RBAC
The UI

One dashboard for the fleet.

Embedded React + shadcn/ui, served by the CP itself. No separate deploy, no separate auth. Drill into any instance, any tool call, any audit event.

Observability deep-dive
cp-ui · embedded dashboard