/ Каталог / Песочница / toolhive
← Все серверы ↗ GitHub
● Сообщество stacklok ⚡ Сразу

toolhive

автор stacklok · stacklok/toolhive

Run MCP servers in isolated containers with one-click installs, a curated registry, SSO, and Kubernetes support.

ToolHive (Stacklok) is an enterprise-grade platform for running MCP servers. Gateway + Registry + container Runtime + Portal. Targets team and org deployments where you want least-privilege containerized MCPs, SSO, audit logs, and a curated catalog.

▶ Смотреть демо 📦 Установить 💡 Сценарии

Зачем использовать

Ключевые функции

Живое демо

Как выглядит на практике

toolhive.replay ▶ готово
0/0

Установка

Выберите клиент

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "toolhive": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ],
      "_inferred": true
    }
  }
}

Откройте Claude Desktop → Settings → Developer → Edit Config. Перезапустите после сохранения.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "toolhive": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ],
      "_inferred": true
    }
  }
}

Cursor использует ту же схему mcpServers, что и Claude Desktop. Конфиг проекта приоритетнее глобального.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "toolhive": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ],
      "_inferred": true
    }
  }
}

Щёлкните значок MCP Servers на боковой панели Cline, затем "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "toolhive": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ],
      "_inferred": true
    }
  }
}

Тот же формат, что и Claude Desktop. Перезапустите Windsurf для применения.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "toolhive",
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ]
    }
  ]
}

Continue использует массив объектов серверов, а не map.

~/.config/zed/settings.json
{
  "context_servers": {
    "toolhive": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/stacklok/toolhive"
        ]
      }
    }
  }
}

Добавьте в context_servers. Zed перезагружается автоматически.

claude mcp add toolhive -- TODO 'See README: https://github.com/stacklok/toolhive'

Однострочная команда. Проверить: claude mcp list. Удалить: claude mcp remove.

Сценарии использования

Реальные сценарии: toolhive

How to install a community MCP without trusting random `npx -y` scripts

👤 Security-conscious engineers ⏱ ~10 min beginner

Когда использовать: You want the GitHub MCP running locally but don't want to give it unrestricted filesystem access.

Предварительные требования
  • Docker Desktop — docker.com
  • ToolHive desktop app — stacklok.com/download
Поток
  1. Open ToolHive, search the registry
    Install 'github' from the ToolHive registry.✓ Скопировано
    → Container pulled, config prompt for GITHUB_TOKEN
  2. Auto-configure your client
    Click 'Connect to Claude Desktop'.✓ Скопировано
    → Claude Desktop config updated; restart required
  3. Verify isolation
    Confirm the container only has the env vars you set and no host filesystem mounts.✓ Скопировано
    → Inspect container config in the ToolHive UI

Итог: A sandboxed MCP with least-privilege access to your machine.

Подводные камни
  • Filesystem MCPs need a mount — default no-mount is too tight — Add a scoped mount (e.g. ~/Projects only) rather than full-home

How to deploy MCPs on Kubernetes for a platform team

👤 Platform engineers ⏱ ~60 min advanced

Когда использовать: You want org-wide standardized MCP availability.

Предварительные требования
  • Kubernetes cluster + cluster-admin — Existing EKS/GKE/AKS or kind for dev
  • ToolHive Operator CRDs installed — kubectl apply -f the Stacklok-provided manifests
Поток
  1. Declare MCPServer resources
    kubectl apply -f mcp-github.yaml — declaratively register a GitHub MCP with scoped secrets.✓ Скопировано
    → Pod running; Portal lists it
  2. Expose to users via Portal
    Engineers log into the Portal with SSO and one-click install into their client.✓ Скопировано
    → Per-user configs auto-generated

Итог: Central catalog + per-user install; auditable.

Подводные камни
  • Stdio MCPs don't fit network-exposed Kubernetes well — Prefer Streamable HTTP MCPs for k8s; use the gateway for stdio ones

How to produce an audit trail of all MCP tool calls

👤 Compliance, security teams ⏱ ~30 min intermediate

Когда использовать: Your org needs 'who called what tool when' for SOC2 or internal policy.

Поток
  1. Enable OpenTelemetry export
    In ToolHive settings, set the OTLP endpoint to your collector.✓ Скопировано
    → Traces appear in your backend
  2. Tag by user
    Enable per-user identity propagation via SSO.✓ Скопировано
    → Each trace has actor id

Итог: Per-user, per-tool audit log.

Комбинации

Сочетайте с другими MCP — эффект x10

toolhive + mcphub

Use ToolHive for isolation, MCPHub for multi-server routing

Run each MCP in its own ToolHive container and expose them through MCPHub groups.✓ Скопировано
toolhive + unla

Combine ToolHive-run MCPs with Unla's REST-to-MCP conversion

Register our Unla-converted internal API in ToolHive so it runs containerized with SSO.✓ Скопировано

Инструменты

Что предоставляет этот MCP

ИнструментВходные данныеКогда вызыватьСтоимость
(platform) registry-install mcp_name Install a verified MCP free
(platform) gateway-proxy Transport + auth policy Front your MCPs with policy free
(platform) runtime-isolate Container spec Sandboxed execution free + infra cost

Стоимость и лимиты

Во что обходится

Квота API
None at platform layer
Токенов на вызов
Minimal overhead
Деньги
Desktop + CLI + open-source Operator are free. Enterprise plans for support/compliance.
Совет
Start with the free tier; upgrade only if you need dedicated SLAs or advanced SSO/RBAC.

Безопасность

Права, секреты, радиус поражения

Минимальные скоупы: Per-MCP: least privilege env vars and mounts SSO for team deployments
Хранение учётных данных: Encrypted secrets manager built into ToolHive
Исходящий трафик: Determined by downstream MCPs; ToolHive adds telemetry if configured
Никогда не давайте: Don't auto-grant filesystem mounts beyond what each MCP needs

Устранение неполадок

Частые ошибки и исправления

Container starts then exits immediately

Check the MCP's required env vars are set (e.g., GITHUB_TOKEN). View logs in ToolHive UI.

Claude Desktop can't find the server after install

Restart Claude Desktop — config changes only load on launch.

K8s Operator CRD install fails

Ensure cluster-admin and supported k8s version (>= 1.27).

Проверить: kubectl version
OTLP traces missing

Collector endpoint must accept OTLP/HTTP or OTLP/gRPC; confirm protocol match.

Альтернативы

toolhive в сравнении

АльтернативаКогда использоватьКомпромисс
MCPHubYou want multi-server aggregation more than container isolationNot container-runtime focused
Docker MCP ToolkitYou prefer Docker's own integrated toolingLess curated registry

Ещё

Ресурсы

📖 Читать официальный README на GitHub

🐙 Открытые задачи

🔍 Все 400+ MCP-серверов и Skills