The pattern is familiar. A development team discovers a useful Model Context Protocol (MCP) server on GitHub, integrates it into their agent workflow, and ships it to production. Two months later, the security team learns about the new server during an incident review.
Shadow AI, the unsanctioned use of AI tools outside enterprise governance, is the predictable outcome when capable engineers meet powerful tools without enterprise visibility. And security teams, unable to see what is being used, often respond the only way they can: by blocking adoption entirely. The result is a standoff where innovation stalls and shadow usage grows.
Agent Registrypart of MuleSoft Agent Fabric, addresses both sides of this problem. By syncing continuously with the community’s Official MCP Registry, it bridges open ecosystem discovery with enterprise governance. Developers get access to a governed path for widespread MCP capabilities while platform teams get the visibility and control they need to approve adoption rather than block it.
The technical architecture of bridging two MCP registries
Understanding how this bridge works requires looking at both registries and the pipeline connecting them.
The Official MCP Registry
The Official MCP Registry serves as the community’s authoritative index of MCP servers. It stores metadata including version information, transport requirements, and links to source repositories. Thousands of servers now populate the registry, spanning use cases from cloud infrastructure management to specialized documentation tools.
The registry supports a light moderation policy, allowing anyone to register their own servers. This openness lowers the barrier for developers to share work and discover possibilities. But it also means the Official MCP Registry alone cannot answer the questions enterprise platform teams need answered before approving a capability for production use.
MuleSoft’s Agent Registry and enterprise governance
MuleSoft Agent Registry solves this gap. It is an enterprise catalog that brings together MCP servers, agents, and other reusable assets under unified governance.
When a public MCP server appears in Agent Registry, it carries the governance context that enterprise teams require: visibility into what the server does, how it is maintained, and how it fits into the organization’s policy framework. Because Agent Registry is built on the same Anypoint Platform that powers MuleSoft’s API management, enterprises inherit the controls they already use for mission-critical integrations.
This means a platform team can apply consistent policies across all capabilities their agents use, regardless of whether those capabilities originate from internal development or the public ecosystem.
How they work together
Continuous discovery: MuleSoft continuously polls the Official MCP Registry for new MCP servers. When new servers appear, they pass through an automated filtering process that evaluates them against a defined criteria rule set. We enforce that:
- The asset contains complete metadata, as expected by Agent Registry’s schema definitions
- The asset is published by a verified GitHub organization
- The asset vendor offers a remote-hosted endpoint for the MCP server
- The asset references an open-source repository that serves as either the canonical implementation or the source of public documentation
Servers that meet the threshold move to the MuleSoft Curation Team for final review before publication to Agent Registry. This combination of automated screening and human judgment ensures that enterprise teams only see servers worth considering.
Continuous integration: The pipeline does not stop at initial discovery. MuleSoft syncs with the Official MCP Registry nightly, detecting version updates and deprecation notices. When a server publishes a new version or marks an older one as deprecated, that information flows through to Agent Registry automatically. Enterprise teams always work with current metadata, reducing the risk of building against abandoned or outdated capabilities.
The result is a single pane of glass. An architect searching Agent Registry can discover both the internal MCP servers their team built last quarter and the public servers maintained by the broader community, all within the same governance framework.
An ecosystem challenge: Tool metadata
MCP servers, especially remote-hosted ones, often surface different tools to users based on authentication context, permissions, or subscription tier. Without knowing the end user, accurately cataloging available tools is not possible at a registry level. Even for servers that expose the same tools to all users, querying /tools/list typically requires authentication. As a result, the vast majority of listings in the Official MCP Registry do not include tool definitions.
MuleSoft addresses this today through a hybrid approach. For servers where credentials are already maintained, tools are dynamically fetched and included. For others, semantic summaries are extracted from the linked documentation that each server is required to provide. These summaries provide high-level tool information, enabling accurate indexing on Agent Registry to ensure enterprise teams can still evaluate capabilities before adoption.
MuleSoft is actively working with the Model Context Protocol committee and maintainers of the Official MCP Registry to identify a standards-based solution.
Growing the ecosystem
The infrastructure for governed MCP server discovery exists today. The Official MCP Registry continues to grow as the community contributes new servers, each one expanding the capabilities available to enterprise teams through Agent Registry’s continuous sync.
Contributing to the Official MCP Registry is accessible to any developer with an MCP server. The registry provides an NPM package that generates the required metadata file once a server has been packaged and published to NPM. From there, the registration process handles verification and indexing. See the registry quickstart guide for more details.
Enterprise scenario: Engineering workflow automation
Consider a platform architect tasked with enabling AI agents to manage development tasks across the organization. While multiple engineering teams need agents that can triage bugs, raise issues, or coordinate across project management tools, there are large risks of uncontrolled access to development infrastructure.
Without a centralized registry, each team searches independently. They find different servers with varying maturity levels, some integrating directly from GitHub while others build custom solutions. As a result, the security team has no visibility into what is being used. When a vulnerability is disclosed in a popular project management server, such as a PII leak or CVE exploit, no one knows which agents are affected.
With Agent Registry, the platform architect searches for issue management servers in Agent Registry. They find vetted integrations for GitHub, Jira, and Linear from the public catalog, plus an internal server the DevOps team built for their CI pipeline.
They evaluate the options against their requirements, select one, and wrap it with API Manager policies for access control and audit logging. The server becomes the organization’s approved capability. When other teams need similar functionality, they find it already vetted and governed. When the security team runs a quarterly audit, usage data exists in one place.
Discovery to deployment shifts from weeks of manual research and security review to hours of evaluation within an established framework. Security becomes built into the process rather than a gate that slows adoption.
Building the agentic future
The gap between community innovation and enterprise adoption has historically been difficult to bridge, with useful capabilities either bypassing governance entirely or stalling in security review. Developers will keep finding useful tools, and security teams will keep needing visibility into what runs in production.
By collaborating with the Official MCP Registry and investing in MCP standards, MuleSoft is helping drive the agentic ecosystem forward. Through automated filtering and human curation, public MCP servers in Agent Registry give developers the freedom to innovate and platform teams the visibility to say yes.
