CuratedMCP

Documentation

Private Registry Quickstart

The MCP governance control plane for engineering teams. One allowlist, every AI client. Set up in under 10 minutes.

Claude Code
Cursor
Windsurf
Copilot

Why a private registry beats raw Claude/Cursor

Claude, Cursor, Windsurf, and Copilot each support MCP — but each one stops at “edit a JSON file on your laptop.” That works for one developer. It doesn't work for a 50-person engineering org where AppSec needs to know what AI tools are running, Compliance needs an audit trail, and Platform Eng needs to revoke access in a click when someone leaves.

A private registry gives you all of that in one place — and works across every MCP-compatible AI client, because none of the IDE vendors will ever build a cross-vendor governance tool.

For administrators

Four steps to a working team registry. Each step takes ~2 minutes.

1

Add servers to your allowlist

From your registry's Servers tab, search the CuratedMCP catalog and add the MCP servers your team is approved to use. Each server is risk-classified (READ_ONLY, READ_WRITE, EXECUTES_COMMANDS, NETWORK_EGRESS) so you know what it can do before approving.

Without this: every developer pulls whatever MCP they find on GitHub. There's no inventory, no risk review, and no shared approved list.
2

Invite your team

From the Members tab, invite developers by email. OWNER and ADMIN roles can manage the registry (add/remove servers, mint keys); MEMBER role has read-only access. Seat limits are enforced per plan.

Without this: no team concept. If a developer leaves, their MCPs keep working on their personal laptop forever.
3

Mint an API key

From the API Keys tab, create a bearer key (FREE plan blocks key creation — upgrade to Starter or above). The raw key is shown ONCE — copy it immediately. You can mint one shared key per team, or one per developer for fine-grained revocation.

Without this: no authentication. Anyone with the URL of your config file could read every MCP and its env var template.
4

Share the connect command with developers

Each developer installs the CuratedMCP Launcher and runs one login command. Their AI client (Claude Code, Cursor, Windsurf, Copilot) only sees the servers on your allowlist — everything else is blocked at the proxy level.

Without this: every developer manually edits claude_desktop_config.json, then a different file for Cursor, then another for Windsurf. No consistency.

For developers

Your team admin sent you here. One command connects your AI client to your team's allowlist.

Connect your laptop

1. Install the agent
npm install -g curatedmcp
2. Sign in (paste the registry key your admin gave you)
curatedmcp login
3. Pull your team's allowlist
curatedmcp sync --team YOUR_TEAM

Restart your AI client — Claude Code, Cursor, Windsurf, or Copilot will now show only the MCP servers your team has approved. Run curatedmcp list anytime to see what synced. If a server is missing, ask your admin to add it on the Servers tab.

What you get vs. raw MCP setup

Side-by-side: doing MCP without a registry, vs. with CuratedMCP.

CapabilityRaw Claude / Cursor / WindsurfCuratedMCP Registry
Allowlist of approved servers❌ Each dev installs anything✅ Central allowlist, enforced at launcher
Multi-IDE consistency❌ Different JSON files per IDE✅ One URL feeds all MCP clients
Audit log of tool calls❌ No log exists✅ Every fetch + (Pro+) every tool call
Revoke when dev leaves❌ MCPs run forever on their laptop✅ Revoke key — access stops in minutes
Risk classification❌ Spec doesn't require disclosure✅ Every catalog entry tagged
Self-hosted option❌ N/A✅ Enterprise plan, on your infra
SSO / RBAC❌ No team concept✅ Email invite + 3 roles
Per-seat pricing❌ N/A✅ $500 / $1500 / Custom / month

Frequently asked questions

What happens when I remove a server from the allowlist?

On the developer's next launcher restart (or within minutes on most setups), that server disappears from their AI client. Active tool calls in progress are not interrupted, but new calls are blocked.

Can a developer bypass the allowlist by editing their local config?

If they uninstall the CuratedMCP Launcher and configure their AI client directly, yes — at which point your registry won't show usage telemetry. The audit log will flag this as 'launcher disconnected' so you know when it happens. Sentinel (per-machine firewall, separate product) closes this last gap with policy-enforced blocking.

Does this work with self-hosted MCP servers we built internally?

Yes. Submit your internal server to the registry as 'private' (Professional/Enterprise plans only). It won't appear in the public catalog but will be available to add to your allowlist.

How is this different from Claude's enterprise console?

Anthropic's console only governs Claude. We govern Claude Code, Cursor, Windsurf, Copilot, and any future MCP client. That cross-vendor scope is the entire reason we exist — Anthropic is structurally incentivized to lock you into their stack, we're not.

What's logged in the audit trail?

Every manifest fetch (who pulled the allowlist, when, from where), every membership change (who invited/removed whom), every key event (created/revoked), every server allowlist change. With Professional plan and above, every individual tool call routed through the launcher is also logged.

Can I export the audit log for SOC 2 / ISO 27001?

Yes — JSON and CSV export available on all paid plans. Retention is 30 days on Starter, 180 days on Professional, 2 years on Enterprise.

Does CuratedMCP scrub PII before tool responses reach Claude or GPT-4o?

Not yet — PII redaction is on the Enterprise roadmap for Q3 2026. This is a gap we're actively closing. Enterprise plan customers can request early preview access. In the meantime, we recommend treating MCP tool responses as potentially containing PII and configuring your AI client's system prompt to avoid echoing sensitive data.

We run autonomous AI agents (not just developer tools) — does this work for that use case?

Yes, and this is the fastest-growing use case. As agent platforms proliferate, they make MCP tool calls 24/7 without a human in the loop — which makes governance more critical, not less. Any agent that authenticates with your registry API key will only see your approved allowlist. Every fetch is logged. If an agent misbehaves or you need to cut off a pipeline, revoke its key from the dashboard — access stops on the next call.

Ready to set up your team?

Free plan: 3 members, 3 servers. Upgrade when you outgrow it.