Production-grade infrastructure for Model Context Protocol
Project description
MCP Hangar
Open-source control plane for MCP servers -- lifecycle, governance, and observability for your server fleet.
Why
In MCP, the tool list is a hint the client caches; the call path is the only surface a provider mediates in real time. Every governance primitive worth having -- revocation, per-tenant scoping, audit -- attaches there, or attaches to nothing. Hangar puts a control plane on that seam: one mediated path for lifecycle, policy, and telemetry across your whole MCP server fleet.
Background: The Advisory List -- Why MCP Governance Lives at the Call Path
Install
pip install mcp-hangar
# or: uv pip install mcp-hangar
Quickstart
Point Hangar at an MCP server in config.yaml:
mcp_servers:
github:
mode: subprocess
command: [uvx, mcp-server-github]
env:
GITHUB_TOKEN: ${GITHUB_TOKEN}
Then serve it:
mcp-hangar serve --config config.yaml # stdio (Claude Desktop)
mcp-hangar serve --config config.yaml --http --port 8000 # HTTP + REST API at /api/
Or skip the config entirely -- get filesystem, fetch, and memory servers wired into Claude Desktop in one line:
curl -sSL https://mcp-hangar.io/install.sh | bash && mcp-hangar init -y && mcp-hangar serve
What you get
- Parallel tool calls -- one
hangar_callfans out to many MCP servers concurrently; all results returned together. - Lifecycle management -- lazy start, health checks, single-flight cold starts, idle shutdown, and per-server circuit breaking.
- Hot config reload -- add or withdraw servers and tools via file watch, no restart.
- Per-tenant tool projection -- front-door mode presents a different executable surface per caller, fail-closed on unknown identity.
- OAuth ingress -- advertise as an RFC 9728 protected resource and challenge external agents for verified tokens.
- Observability built in -- OpenTelemetry traces, Prometheus metrics, structured logs, and an event-sourced audit trail.
Configuring tools:
The per-server tools: key is overloaded and accepts two distinct forms:
-
A list of tool schemas is a pre-start visibility projection. It lets a tool be listed before its provider has started, so callers can see it up front. It is not an access policy. On start, the provider's dynamic
tools/listis authoritative and replaces this projection entirely — a statically-listed tool that the provider does not return becomes uncallable and fails withTool not found: <name>at invocation (a warning naming the unconfirmed tool is logged at start). -
A dict with
allow:/deny:is an access policy (glob-pattern, three-level merge) that filters which discovered tools are exposed.
mcp_servers:
math:
mode: subprocess
command: [python, -m, examples.provider_math.server]
tools: # list form: pre-start schema projection
- name: add
description: "Add two numbers"
inputSchema: { type: object, properties: { a: { type: number } } }
github:
mode: subprocess
command: [uvx, mcp-server-github]
tools: # dict form: allow/deny access policy
allow: [create_issue, list_issues]
deny: [delete_repository]
Documentation
- Getting Started · Configuration · Python API
- Governance & Front Door · Authentication & RBAC · Observability
- Kubernetes operator · Helm charts · All docs
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_hangar-1.5.0.tar.gz.
File metadata
- Download URL: mcp_hangar-1.5.0.tar.gz
- Upload date:
- Size: 1.4 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a62439c8f7e08d1f0a6b7c4ac317ff3a13fae207359f4c1ad561b50ce529fc54
|
|
| MD5 |
d9ea5bbe366bf487c8f54040f6abe8e3
|
|
| BLAKE2b-256 |
ac15ef9beef7ecd6001fd81f9271baef70b30c459ac74e18b508da36e54a5979
|
Provenance
The following attestation bundles were made for mcp_hangar-1.5.0.tar.gz:
Publisher:
release.yml on mcp-hangar/mcp-hangar
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mcp_hangar-1.5.0.tar.gz -
Subject digest:
a62439c8f7e08d1f0a6b7c4ac317ff3a13fae207359f4c1ad561b50ce529fc54 - Sigstore transparency entry: 2176728397
- Sigstore integration time:
-
Permalink:
mcp-hangar/mcp-hangar@6ac3151485096e33bb97b68bd3b0e85fcb05b431 -
Branch / Tag:
refs/tags/v1.5.0 - Owner: https://github.com/mcp-hangar
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@6ac3151485096e33bb97b68bd3b0e85fcb05b431 -
Trigger Event:
push
-
Statement type:
File details
Details for the file mcp_hangar-1.5.0-py3-none-any.whl.
File metadata
- Download URL: mcp_hangar-1.5.0-py3-none-any.whl
- Upload date:
- Size: 792.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
15a4dd83baa70ef56f0352b2b1c0a5b444e7df47a46b427a209e12db9954bc87
|
|
| MD5 |
25fecf7e2ff393e4562ca357e4c898d7
|
|
| BLAKE2b-256 |
b131d6a85bbb58c20c9948b84fe2a97b4fe987703971a58a294cf1bb3d1f4861
|
Provenance
The following attestation bundles were made for mcp_hangar-1.5.0-py3-none-any.whl:
Publisher:
release.yml on mcp-hangar/mcp-hangar
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mcp_hangar-1.5.0-py3-none-any.whl -
Subject digest:
15a4dd83baa70ef56f0352b2b1c0a5b444e7df47a46b427a209e12db9954bc87 - Sigstore transparency entry: 2176728675
- Sigstore integration time:
-
Permalink:
mcp-hangar/mcp-hangar@6ac3151485096e33bb97b68bd3b0e85fcb05b431 -
Branch / Tag:
refs/tags/v1.5.0 - Owner: https://github.com/mcp-hangar
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@6ac3151485096e33bb97b68bd3b0e85fcb05b431 -
Trigger Event:
push
-
Statement type: