97 million monthly SDK downloads. Zero governance.
The Model Context Protocol is the fastest-growing AI integration standard. But MCP servers ship without rate limits, PII scanning, audit trails, or approval workflows. Every tool call is a trust decision -- and right now, nobody is checking.
MCP is everywhere. Governance is nowhere.
The Model Context Protocol connects AI agents to databases, APIs, file systems, browsers, and cloud infrastructure. Adoption is explosive -- but security and governance have not kept up.
MCP SDK downloads per month as of Q1 2026. The protocol is the fastest-growing AI integration standard.
Registered across official and community directories. Most ship zero governance controls.
Nearly 9 in 10 MCP servers need API keys, database passwords, or OAuth tokens to function.
More than half rely on static environment variables. Only 8.5% implement OAuth-based credential management.
The attack surface is growing. Every MCP server your agents connect to is a potential vector for prompt injection, credential theft, data exfiltration, and unauthorized actions. Without governance, a single compromised tool can cascade across your entire agent fleet.
Six governance layers for every MCP tool call.
MCP governance means applying the same rigor to tool invocations that you apply to LLM API calls. Every tool call passes through a six-step policy chain before execution.
Agent calls tool → Allowlist → Rate Limit → PII Scan → HITL Gate → Execute → Audit
The governance chain short-circuits on the first denial. If a tool is not on the allowlist, the call never reaches the rate limiter. If PII is detected, the call never reaches HITL. Every step is recorded in the audit trail regardless of outcome.
Tool Allowlists
Control which tools each agent can invoke.
Define per-agent, per-template, and per-organization tool policies. Allowlists cascade through scope inheritance -- org-level restrictions override template-level grants. Wildcards supported for namespace matching.
Per-Tool Rate Limits
Prevent tool abuse with granular throttling.
Set requests-per-minute limits on individual tools. Dangerous tools like shell_exec default to 5 RPM. Safe tools like file_read get higher ceilings. All limits configurable per org, template, and agent.
PII Scanning
Scan tool arguments before execution.
Every tool invocation passes through the PII scanner. Arguments are checked for API keys, SSNs, credit card numbers, email addresses, and other sensitive data. Deny or redact modes configurable per tool.
HITL Approval
Require human approval for dangerous tools.
Flag high-risk tool calls for manual review before execution. Approval requests appear in the dashboard, Slack, or Teams. Configurable timeout with auto-deny. Full audit trail of approval decisions.
Cost Tracking
Track cost per tool invocation.
Every MCP tool call is metered and attributed to the originating agent, template, and organization. Real-time cost dashboards show spend by tool, by server, and by agent. Budget caps enforce daily limits.
Audit Trail
Immutable log of every tool call.
Append-only event log captures tool name, arguments, caller identity, timestamp, duration, and result status. Time-travel replay lets you inspect any tool execution. Tamper-proof storage with cryptographic chaining.
How Curate-Me governs MCP servers.
Register any MCP server -- public or custom -- and Curate-Me wraps it with governance automatically. No code changes to your servers, no SDK modifications, no agent rewrites.
25+ vetted MCP servers
Pre-configured with per-tool risk metadata (safe, moderate, dangerous), default rate limits, and SSRF protection. Install from the Skill Gallery with one click.
Custom MCP server registration
Register your own MCP servers with SSRF protection, automatic tool discovery, and governance policy assignment. Supports stdio and SSE transports.
Per-tool risk classification
Every tool is tagged as safe, moderate, or dangerous. Risk metadata drives default governance policies -- dangerous tools automatically require HITL approval and strict rate limits.
Scope inheritance
Policies cascade from organization to template to runner to agent. Set a global policy once and override at any level. Narrower scopes can only restrict, never widen.
6 Skill Packs for common workflows
| Skill Pack | Servers | Includes |
|---|---|---|
| Developer Tools | 6 | GitHub, shell, filesystem, git, Docker, npm |
| Data & Analytics | 4 | PostgreSQL, MongoDB, BigQuery, Snowflake |
| Web & Browser | 3 | Playwright, Firecrawl, HTTP client |
| Communication | 4 | Slack, email, Teams, Discord |
| Cloud Infrastructure | 5 | AWS, GCP, Azure, Kubernetes, Terraform |
| Security & Compliance | 3 | Vault, compliance checker, audit export |
Dangerous tools need dangerous-tool governance.
Some MCP tools can execute shell commands, delete files, query databases, or navigate browsers. These tools are powerful -- and without governance, they are attack surfaces waiting to be exploited.
| Tool | Risk | Curate-Me Governance |
|---|---|---|
shell_exec | Arbitrary command execution | HITL required, 5 RPM limit |
file_delete | Irreversible data destruction | HITL required, path allowlist |
database_query | SQL injection, data exfiltration | HITL required, read-only default |
browser_navigate | SSRF, credential theft | Rate limited, domain allowlist |
send_email | Phishing, spam, data leak | HITL required, recipient allowlist |
http_request | SSRF, internal network probing | Domain allowlist, PII scan on body |
Default governance policies are applied automatically when you register an MCP server. Override any policy at the org, template, runner, or agent level through the dashboard or API.
Before and after MCP governance.
What changes when you add Curate-Me to your MCP tool ecosystem.
Add governance to your MCP servers.
No code changes required.
Register your MCP servers, assign governance policies, and get per-tool rate limits, PII scanning, HITL approval, cost tracking, and an immutable audit trail -- in minutes.