Search • Sprawl Radar • TrustOps • Gateway • Ledger • Mandates • Hosting • Docs Compiler • Demo • Plans • Shortlists • Rankings • Compare • ChatGPT compatible • Claude compatible • Healthcare • Digests • RSS • RSS XML • Backfill • MCP API
MCP RUNTIME / SANDBOX HOSTING
Verify Hosted MCP
Do not just score MCP servers. Host the trusted ones behind a managed endpoint with validation, secrets, egress controls, releases, rollback, trust badges, and audit events.
Hosted endpoint
/hosted/{namespace}/{name}/mcpRemote MCP surface for activated hosted deployments.
Trust gate
TrustOps tier
Requires a verified publisher claim plus paid hosted runtime feature access.
Release proof
score + snapshot
Each release carries the validation run and sandbox policy that allowed activation.
Control plane
SOURCE
Deploy from GitHub
Create a hosted runtime from a claimed server repository, source ref, and sandbox policy.
TRUST
Validate before activation
Attach the current Verify score, trust snapshot, validation run, and badge state to each release.
SECRETS
Runtime vault
Store header, token, env, or file secrets with encrypted payloads and redacted metadata.
SANDBOX
Egress allowlist
Deny outbound network access except the server endpoint and explicit allowlisted hosts.
RELEASES
Version and rollback
Promote releases, keep previous versions addressable, and roll back by release id.
AUDIT
Usage events
Emit deployment, secret, release, rollback, egress, upstream, and request usage events.
Who buys this
PUBLISHERS
Trusted runtime for claimed servers
Publishers who want a verified endpoint, trust badge, uptime monitoring, and release proof without running MCP infrastructure themselves.
PLATFORM TEAMS
Approved tools behind one endpoint
Agent platform teams that want trusted MCP servers hosted with consistent secrets, egress, release, and observability controls.
AI ADMINS
Runtime inventory with evidence
Enterprise admins who need hosted tools tied to policy decisions, audit events, and rollback-ready operational history.
How it connects to Gateway and Ledger
Hosted MCP turns a trusted server into an execution surface. Gateway decides whether a specific hosted call is allowed, and Ledger preserves the release, trust snapshot, mandate, outcome, and cost evidence.
GATEWAY
Decide before hosted execution
Gateway can require the hosted release id, trust snapshot, sandbox policy, and mandate before allowing an agent call.
LEDGER
Record runtime evidence
Ledger stores hosted deployment, release, rollback, egress, upstream, and request usage events next to policy and risk snapshots.
MANDATES
Bind authority to hosted calls
Mandates constrain which agents and users may call hosted tools, with budget, scope, and approval requirements evaluated at /v1/decide.
API surface
| Method | Path | Purpose |
|---|---|---|
GET | /v1/hosting/capabilities | Discover hosted runtime controls. |
GET | /v1/servers/{namespace}/{name}/hosting | Inspect readiness, deployments, releases, secrets, and events. |
POST | /v1/servers/{namespace}/{name}/hosting/deployments | Create or update a GitHub-backed hosted runtime deployment. |
POST | /v1/servers/{namespace}/{name}/hosting/deployments/{id}/secrets | Store encrypted runtime secrets. |
POST | /v1/servers/{namespace}/{name}/hosting/deployments/{id}/releases | Create and optionally activate a release. |
POST | /v1/servers/{namespace}/{name}/hosting/deployments/{id}/rollback | Promote a previous release. |
POST | /hosted/{namespace}/{name}/mcp | Serve the sandboxed hosted MCP endpoint. |
Activation rule
Hosted runtime activation requires a healthy or degraded server, a remote endpoint, fresh validation, and a score at or above the hosting threshold. Deployments can be created while blocked, but releases stay pending until the trust gate passes.