/ Directory / Playground / toolhive
← All servers ↗ GitHub
● Community stacklok ⚡ Instant

toolhive

by stacklok · stacklok/toolhive

Run MCP servers in isolated containers with one-click installs, a curated registry, SSO, and Kubernetes support.

ToolHive (Stacklok) is an enterprise-grade platform for running MCP servers. Gateway + Registry + container Runtime + Portal. Targets team and org deployments where you want least-privilege containerized MCPs, SSO, audit logs, and a curated catalog.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

toolhive.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "toolhive": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ],
      "_inferred": true
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "toolhive": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ],
      "_inferred": true
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "toolhive": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ],
      "_inferred": true
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "toolhive": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ],
      "_inferred": true
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "toolhive",
      "command": "TODO",
      "args": [
        "See README: https://github.com/stacklok/toolhive"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "toolhive": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/stacklok/toolhive"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add toolhive -- TODO 'See README: https://github.com/stacklok/toolhive'

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use toolhive

How to install a community MCP without trusting random `npx -y` scripts

👤 Security-conscious engineers ⏱ ~10 min beginner

When to use: You want the GitHub MCP running locally but don't want to give it unrestricted filesystem access.

Prerequisites
  • Docker Desktop — docker.com
  • ToolHive desktop app — stacklok.com/download
Flow
  1. Open ToolHive, search the registry
    Install 'github' from the ToolHive registry.✓ Copied
    → Container pulled, config prompt for GITHUB_TOKEN
  2. Auto-configure your client
    Click 'Connect to Claude Desktop'.✓ Copied
    → Claude Desktop config updated; restart required
  3. Verify isolation
    Confirm the container only has the env vars you set and no host filesystem mounts.✓ Copied
    → Inspect container config in the ToolHive UI

Outcome: A sandboxed MCP with least-privilege access to your machine.

Pitfalls
  • Filesystem MCPs need a mount — default no-mount is too tight — Add a scoped mount (e.g. ~/Projects only) rather than full-home

How to deploy MCPs on Kubernetes for a platform team

👤 Platform engineers ⏱ ~60 min advanced

When to use: You want org-wide standardized MCP availability.

Prerequisites
  • Kubernetes cluster + cluster-admin — Existing EKS/GKE/AKS or kind for dev
  • ToolHive Operator CRDs installed — kubectl apply -f the Stacklok-provided manifests
Flow
  1. Declare MCPServer resources
    kubectl apply -f mcp-github.yaml — declaratively register a GitHub MCP with scoped secrets.✓ Copied
    → Pod running; Portal lists it
  2. Expose to users via Portal
    Engineers log into the Portal with SSO and one-click install into their client.✓ Copied
    → Per-user configs auto-generated

Outcome: Central catalog + per-user install; auditable.

Pitfalls
  • Stdio MCPs don't fit network-exposed Kubernetes well — Prefer Streamable HTTP MCPs for k8s; use the gateway for stdio ones

How to produce an audit trail of all MCP tool calls

👤 Compliance, security teams ⏱ ~30 min intermediate

When to use: Your org needs 'who called what tool when' for SOC2 or internal policy.

Flow
  1. Enable OpenTelemetry export
    In ToolHive settings, set the OTLP endpoint to your collector.✓ Copied
    → Traces appear in your backend
  2. Tag by user
    Enable per-user identity propagation via SSO.✓ Copied
    → Each trace has actor id

Outcome: Per-user, per-tool audit log.

Combinations

Pair with other MCPs for X10 leverage

toolhive + mcphub

Use ToolHive for isolation, MCPHub for multi-server routing

Run each MCP in its own ToolHive container and expose them through MCPHub groups.✓ Copied
toolhive + unla

Combine ToolHive-run MCPs with Unla's REST-to-MCP conversion

Register our Unla-converted internal API in ToolHive so it runs containerized with SSO.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
(platform) registry-install mcp_name Install a verified MCP free
(platform) gateway-proxy Transport + auth policy Front your MCPs with policy free
(platform) runtime-isolate Container spec Sandboxed execution free + infra cost

Cost & Limits

What this costs to run

API quota
None at platform layer
Tokens per call
Minimal overhead
Monetary
Desktop + CLI + open-source Operator are free. Enterprise plans for support/compliance.
Tip
Start with the free tier; upgrade only if you need dedicated SLAs or advanced SSO/RBAC.

Security

Permissions, secrets, blast radius

Minimum scopes: Per-MCP: least privilege env vars and mounts SSO for team deployments
Credential storage: Encrypted secrets manager built into ToolHive
Data egress: Determined by downstream MCPs; ToolHive adds telemetry if configured
Never grant: Don't auto-grant filesystem mounts beyond what each MCP needs

Troubleshooting

Common errors and fixes

Container starts then exits immediately

Check the MCP's required env vars are set (e.g., GITHUB_TOKEN). View logs in ToolHive UI.

Claude Desktop can't find the server after install

Restart Claude Desktop — config changes only load on launch.

K8s Operator CRD install fails

Ensure cluster-admin and supported k8s version (>= 1.27).

Verify: kubectl version
OTLP traces missing

Collector endpoint must accept OTLP/HTTP or OTLP/gRPC; confirm protocol match.

Alternatives

toolhive vs others

AlternativeWhen to use it insteadTradeoff
MCPHubYou want multi-server aggregation more than container isolationNot container-runtime focused
Docker MCP ToolkitYou prefer Docker's own integrated toolingLess curated registry

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills