README
¶
ToolHive (thv)
ToolHive (thv) is a lightweight, secure, and fast manager for MCP (Model Context Protocol) servers. It is written in Golang and has extensive test coverage—including input validation—to ensure reliability and security.
Under the hood, ToolHive acts as a very thin client for the Docker/Podman Unix socket API. This design choice allows it to remain both efficient and lightweight while still providing powerful, container-based isolation for running MCP servers.
Why ToolHive?
Deploying MCP servers requires complex multi-step processes with a lot of friction: involving running random potentially harmful commands (e.g. using uv or npx), manually managing security credentials (e.g. putting an api token into a text file), and wrestling with inconsistent packaging methods. ToolHive aims to solve this by starting containers in a locked-down environment, granting only the minimal permissions required to run. This significantly reduces the attack surface, imporves usability, and enforces best practices for container security.
ToolHive radically simplifies MCP deployment by:
-
Ease of Use: Instantly deploy MCP servers through Docker containers. Users can start their MCP servers with a single, straightforward command. No need to install and fight with different versions of python / node / etc.
-
Enhanced Security: Secure by default: the tool securely manages secrets and configurations, greatly reducing leaks & risks. No more plaintext secrets in configuration files
-
Standardized Packaging: Leveraging OCI container standards, the project provides a repeatable, standardized packaging method for MCP servers, ensuring compatibility and reliability.
Key Benefits
-
Curated MCP Registry: Includes a registry of curated MCPs with verified configurations — users can effortlessly discover and deploy MCP servers without any manual setup. Just select one from the list and safely run it with just one command.
-
Enterprise-Ready Authorization: Offers robust authorization controls tailored for enterprise environments, securely managing tool access and integrating seamlessly with existing infrastructures (e.g., Kubernetes).
-
Seamless Integration: Compatible with popular development tools such as Copilot, Continue, Claude Desktop, Stitch, and more, streamlining your workflow.
Client Compability
| Client | Supported | Notes |
|---|---|---|
| Copilot (VS Code) | ✅ | |
| Cursor | ✅ | |
| Roo Code | ✅ | |
| PydanticAI | ✅ | |
| Continue | ❌ | Continue doesn't yet support SSE |
| Claude Desktop | ❌ | Claude Desktop doesn't yet support SSE |
Commands
The thv command-line interface provides the following subcommands:
-
thv runRuns an MCP server. -
thv listLists running MCP servers. -
thv stopStops an MCP server. -
thv rmRemoves an MCP server. -
thv restartRestarts an MCP server. -
thv searchSearches for available MCP servers in the registry. -
thv registry listLists available MCP servers in the registry. -
thv helpDisplays help information. -
thv versionShows the current version of ToolHive.
Usage
Running an MCP Server
First, find the MCP server you want to run. You can search for available MCP servers in the registry using:
thv search <search-term>
This command will return a list of available MCP servers that match the search term.
Once you find the MCP server you want to run, you can start it using the thv run command. For example, to run a specific MCP server:
thv run <name-of-mcp-server>
The registry already contains all the parameters needed to run the server, so you don't need to specify any additional arguments. ToolHive will automatically pull the image and start the server.
Browsing the Registry
You can also browse the registry to see all available MCP servers. Use the following command:
thv registry list
This will display a list of all available MCP servers in the registry, along with their descriptions and other relevant information.
To view detailed information about a specific MCP server, use:
thv registry info <name-of-mcp-server>
This command will provide you with detailed information about the MCP server, including its configuration, available options, and any other relevant details.
We're open to adding more MCP servers to the registry. If you have a specific server in mind, please submit a pull request or open an issue on our GitHub repository. We're tracking the the list in registry.json.
Running a Custom MCP Server
If you want to run a custom MCP server that is not in the registry, you can do so by specifying the image name and any additional arguments. For example:
thv run --transport sse --name my-mcp-server --port 8080 my-mcp-server-image:latest -- my-mcp-server-args
This command closely resembles docker run but focuses on security and simplicity. When invoked:
-
ToolHive creates a container from the specified image (
my-mcp-server-image:latest). -
It configures the container to listen on the chosen port (8080).
-
Labels the container so it can be tracked by ToolHive:
toolhive: true toolhive-name: my-mcp-server -
Sets up the specified transport (e.g., SSE, stdio), potentially using a reverse proxy, depending on user choice.
Transport Modes
-
SSE:
If the transport is
sse, ToolHive creates a reverse proxy a random that forwards requests to the container. This means the container itself does not directly expose any ports. -
STDIO:
If the transport is
stdio, ToolHive redirects SSE traffic to the container's standard input and output. This acts as a secure proxy, ensuring that the container does not have direct access to the network nor the host machine.
Permissions
Containers launched by ToolHive come with a minimal set of permissions, strictly limited to what is required. Permissions can be further customized via a JSON-based permission profile provided with the --permission-profile flag.
An example permission profile file could be:
{
"read": [
"/var/run/mcp.sock"
],
"write": [
"/var/run/mcp.sock"
],
"network": {
"outbound": {
"insecure_allow_all": false,
"allow_transport": [
"tcp",
"udp"
],
"allow_host": [
"localhost",
"google.com"
],
"allow_port": [
80,
443
]
}
}
}
This profile lets the container read and write to the /var/run/mcp.sock Unix socket and also make outbound network requests to localhost and google.com on ports 80 and 443.
Two built-in profiles are included for convenience:
stdio: Grants minimal permissions with no network access.network: Permits outbound network connections to any host on any port (not recommended for production use).
Listing Running MCP Servers
Use:
thv list
This lists all active MCP servers managed by ToolHive, along with their current status.
Running Against Local Kind Cluster
In order to run this against a local Kind Cluster, run:
task build-imageto build the image into the local registry, it should spit out the image URLkind load docker-image $IMAGE_URL --name $KIND_CLUSTER_NAMEto load it into the Kind cluster- Create a
pod.yamlspec for the pod, using the URL above as the image URL andargs:field with the args you want to run. kind should create and run the pod.
License
This project is licensed under the Apache 2.0 License. See the LICENSE file for details.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
thv
command
Package main provides the entry point for the toolhive command-line application.
|
Package main provides the entry point for the toolhive command-line application. |
|
pkg
|
|
|
auth
Package auth provides authentication and authorization utilities.
|
Package auth provides authentication and authorization utilities. |
|
authz
Package authz provides authorization utilities using Cedar policies.
|
Package authz provides authorization utilities using Cedar policies. |
|
client
Package client provides utilities for managing client configurations and interacting with MCP servers.
|
Package client provides utilities for managing client configurations and interacting with MCP servers. |
|
config
Package config contains the definition of the application config structure and logic required to load and update it.
|
Package config contains the definition of the application config structure and logic required to load and update it. |
|
container
Package container provides utilities for managing containers, including creating, starting, stopping, and monitoring containers.
|
Package container provides utilities for managing containers, including creating, starting, stopping, and monitoring containers. |
|
container/docker
Package docker provides Docker-specific implementation of container runtime, including creating, starting, stopping, and monitoring containers.
|
Package docker provides Docker-specific implementation of container runtime, including creating, starting, stopping, and monitoring containers. |
|
container/kubernetes
Package kubernetes provides a client for the Kubernetes runtime including creating, starting, stopping, and retrieving container information.
|
Package kubernetes provides a client for the Kubernetes runtime including creating, starting, stopping, and retrieving container information. |
|
container/runtime
Package runtime provides interfaces and types for container runtimes, including creating, starting, stopping, and monitoring containers.
|
Package runtime provides interfaces and types for container runtimes, including creating, starting, stopping, and monitoring containers. |
|
environment
Package environment provides utilities for handling environment variables and environment-related operations for containers.
|
Package environment provides utilities for handling environment variables and environment-related operations for containers. |
|
errors
Package errors provides error types and utilities for the toolhive application.
|
Package errors provides error types and utilities for the toolhive application. |
|
labels
Package labels provides utilities for managing container labels used by the toolhive application.
|
Package labels provides utilities for managing container labels used by the toolhive application. |
|
logger
Package logger provides a logging capability for toolhive for running locally as a CLI and in Kubernetes
|
Package logger provides a logging capability for toolhive for running locally as a CLI and in Kubernetes |
|
networking
Package networking provides utilities for network operations, such as finding available ports and checking network connectivity.
|
Package networking provides utilities for network operations, such as finding available ports and checking network connectivity. |
|
permissions
Package permissions provides utilities for managing container permissions and permission profiles for the toolhive application.
|
Package permissions provides utilities for managing container permissions and permission profiles for the toolhive application. |
|
process
Package process provides utilities for managing process-related operations, such as PID file handling and process management.
|
Package process provides utilities for managing process-related operations, such as PID file handling and process management. |
|
registry
Package registry provides access to the MCP server registry
|
Package registry provides access to the MCP server registry |
|
runner
Package runner provides functionality for running MCP servers
|
Package runner provides functionality for running MCP servers |
|
runner/state
Package state provides functionality for storing and retrieving runner state across different environments (local filesystem, Kubernetes, etc.)
|
Package state provides functionality for storing and retrieving runner state across different environments (local filesystem, Kubernetes, etc.) |
|
secrets
Package secrets contains the secrets management logic for ToolHive.
|
Package secrets contains the secrets management logic for ToolHive. |
|
secrets/aes
Package aes contains functions for encrypting and decrypting data using AES-GCM
|
Package aes contains functions for encrypting and decrypting data using AES-GCM |
|
transport
Package transport provides utilities for handling different transport modes for communication between the client and MCP server.
|
Package transport provides utilities for handling different transport modes for communication between the client and MCP server. |
|
transport/errors
Package errors provides error types and constants for the transport package.
|
Package errors provides error types and constants for the transport package. |
|
transport/proxy/httpsse
Package httpsse provides an HTTP proxy implementation for Server-Sent Events (SSE) used in communication between the client and MCP server.
|
Package httpsse provides an HTTP proxy implementation for Server-Sent Events (SSE) used in communication between the client and MCP server. |
|
transport/proxy/transparent
Package transparent provides a transparent HTTP proxy implementation that forwards requests to a destination without modifying them.
|
Package transparent provides a transparent HTTP proxy implementation that forwards requests to a destination without modifying them. |
|
transport/ssecommon
Package ssecommon provides common types and utilities for Server-Sent Events (SSE) used in communication between the client and MCP server.
|
Package ssecommon provides common types and utilities for Server-Sent Events (SSE) used in communication between the client and MCP server. |
|
transport/types
Package types provides common types and interfaces for the transport package used in communication between the client and MCP server.
|
Package types provides common types and interfaces for the transport package used in communication between the client and MCP server. |