The Enterprise MCP Framework acts as a production-grade proxy layer that wraps any existing MCP server to provide security, observability, governance, and cost management without requiring changes to your MCP server code. After installation, you run the framework as a Python module which starts a proxy that intercepts MCP protocol traffic between your LLM applications and your MCP backends (e.g., PostgreSQL MCP, Slack MCP, AWS MCP). The framework includes built-in authentication providers, RBAC, audit logging, policy enforcement via Open Policy Agent, metrics via Prometheus-compatible endpoints, and dashboards for monitoring and governance. You configure these capabilities via YAML-based configuration files, enabling you to tailor security policies, observability, governance workflows, and cost controls to your organization's needs. You can wrap existing MCP servers to enforce access control, log all actions, and route traffic through the proxy while keeping the MCP client and server interfaces intact. Tools exposed by the library allow you to enable OAuth, API keys, and LDAP authentication, RBAC, TLS encryption, and observability hooks for metrics, traces, and logs, as well as governance workflows and approval processes for sensitive operations.

Prerequisites:

• Python 3.10+ installed on the host
• Internet access to install Python packages
• Optional: a running MCP server to wrap (e.g., PostgreSQL MCP)

Installation steps:

1. Create a virtual environment (recommended): python -m venv venv source venv/bin/activate # on Windows use: venv\Scripts\activate

2. Install the Enterprise MCP Framework package: pip install enterprise-mcp-framework

3. Prepare configuration files (examples provided in the repo):

   • config/security.yaml
   • config/observability.yaml
   • config/governance.yaml

4. Run the framework as a module (example): python -m enterprise_mcp

   or pass specific args if supported by the package (consult docs)

5. Point your MCP clients to the proxy endpoint and ensure network routing is configured so that traffic flows through the Enterprise MCP Framework.

6. (Optional) Set environment variables for your providers, e.g., OAuth, TLS certs, and keys: export OKTA_CLIENT_ID=your-client-id export KMS_KEY_ID=your-kms-key-id export DD_API_KEY=your-datadog-api-key

Note: If you prefer containerized deployment, you can containerize the same module run command in a Docker image following the Docker guidance in your environment.

Tips and common issues:

• Ensure your TLS certificates are valid and accessible by the proxy when enabling TLS in transit.
• If RBAC or policy decisions fail, check your Open Policy Agent configurations and ensure that the policy endpoints are reachable by the proxy.
• Enable observability features progressively (metrics and tracing) to avoid overwhelming your system during initial rollout.
• Audit logs retention should align with your governance policies; configure retention days in the governance/audit settings.
• When wrapping disparate MCP servers, verify that the target_server identifiers in your configuration match your actual MCP endpoints.
• Use the provided YAML templates as starting points and customize to your compliance requirements (SOX, HIPAA, GDPR).
• For deployments with multiple tenants, enable tenant isolation and per-user quotas in the cost management configuration to prevent cross-tenant access.
• If running inside a container, ensure your volume mounts include TLS certs and any needed secret stores for keys and credentials.