archestra
Verified Safeby archestra-ai
Overview
A platform for securely deploying, orchestrating, and managing Model Context Protocol (MCP) servers and their AI-powered tools within an enterprise environment.
Installation
docker run gcr.io/archestra-ai/mcp-server-base:v0.0.1 npm install --silent @modelcontextprotocol/sdk && node -e 'const { McpServer } = require(\'@modelcontextprotocol/sdk/server/mcp.js\'); const { StdioServerTransport } = require(\'@modelcontextprotocol/sdk/server/stdio.js\'); const server = new McpServer({ name: \'dev-test-server\', version: \'1.0.0\' }); server.tool(\'print_archestra_test\', \'Prints the ARCHESTRA_TEST environment variable value\', {}, async () => { const value = process.env.ARCHESTRA_TEST || \'(not set)\'; return { content: [{ type: \'text\', text: \'ARCHESTRA_TEST = \' + value }] }; }); const transport = new StdioServerTransport(); server.connect(transport);'Environment Variables
- NODE_ENV
- ARCHESTRA_API_BASE_URL
- ARCHESTRA_AUTH_ADMIN_EMAIL
- ARCHESTRA_AUTH_ADMIN_PASSWORD
- ARCHESTRA_TEST
- ARCHESTRA_ORCHESTRATOR_KUBERNETES_ENABLED
- ARCHESTRA_HASHICORP_VAULT_ADDR
- ARCHESTRA_CHAT_DEFAULT_PROVIDER
Security Notes
The Archestra platform demonstrates a strong commitment to security through features like non-root user execution for MCP servers, minimal Alpine Linux base images, robust Role-Based Access Control (RBAC), Single Sign-On (SSO) integration, comprehensive secrets management (including HashiCorp Vault support), and advanced policy enforcement against prompt injections and data exfiltration (e.g., Trusted Data Policies, Dual LLM sub-agents). The codebase also uses a linter rule to prevent `noExplicitAny`, contributing to code quality. While `node -e` is used to execute the base server script, this is a controlled deployment mechanism for a known script and not a vector for arbitrary user code execution.
Similar Servers
klavis
Develop and deploy AI agents that interact with a wide array of web services (e.g., Gmail, YouTube, LinkedIn, Supabase, Salesforce, Kubernetes) through a standardized Model Context Protocol (MCP), often orchestrated by an intelligent routing layer like Strata.
bifrost
A high-performance AI gateway with a unified interface for multiple LLM providers, offering real-time monitoring and configuration.
mcp-gateway-registry
Provides a programmatic interface to interact with the main MCP Gateway Registry API, enabling tasks like registering/toggling services, managing groups/users, and intelligently discovering tools across registered services using semantic search and access control.
mesh
An open-source control plane for Model Context Protocol (MCP) traffic, providing unified authentication, routing, observability, and tool management for AI agents and integrations across various services.