peta-core
Peta core: The Control Plane for MCP — secure vault, managed runtime, audit trail, and policy-based approvals.
claude mcp add --transport stdio dunialabs-peta-core node dist/server.js \ --env PORT="3300 or 3000 (default)" \ --env NODE_ENV="production" \ --env REDIS_URL="Redis connection string for caches" \ --env DATABASE_URL="PostgreSQL connection string" \ --env OAUTH2_CLIENT_ID="OAuth client ID for downstream access" \ --env OAUTH2_CLIENT_SECRET="OAuth client secret" \ --env VAULT_ENCRYPTION_KEY="Key used for vault encryption (PBKDF2 + AES-GCM)"
How to use
Peta Core acts as a gateway, vault, policy engine, and audit runtime for MCP-based tool calls. It sits between MCP clients (such as Claude, ChatGPT, Cursor, or other MCP-compatible clients) and downstream MCP servers, routing calls with per-user and per-tool RBAC/ABAC policies, injecting credentials on the server side, and logging detailed audit trails. Use Peta Core to centralize authentication (OAuth2), control which tools users can access, pause and approve high-risk actions, and ensure credentials never leave the vault in plaintext. The REST API adapter lets you expose HTTP endpoints as MCP servers, so you can connect existing HTTP services into the MCP ecosystem without implementing a new MCP server.
How to install
Prerequisites:
- Node.js >= 18
- npm or pnpm
- PostgreSQL 15+ for metadata and audit storage
- Install prerequisites
- Ensure PostgreSQL is up and running and accessible
- Have a Redis instance if you plan to use caching
- Clone the repository
- git clone https://github.com/dunialabs/peta-core.git
- cd peta-core
- Install dependencies
- npm install
- Build the project (if applicable)
- npm run build
- Configure environment
- Create a .env file (examples below) or set env vars in your deployment environment
Example .env: PORT=3000 NODE_ENV=production DATABASE_URL=postgresql://user:password@host:5432/dbname REDIS_URL=redis://host:6379/0 OAUTH2_CLIENT_ID=your-client-id OAUTH2_CLIENT_SECRET=your-client-secret VAULT_ENCRYPTION_KEY=your-crypto-key
- Run the server
- npm run start
- or
- node dist/server.js
- Optional: Deploy with PM2 or Docker (see docs/deployment.md in the repo for details)
Additional notes
Notes:
- The gateway supports OAuth 2.0 for client authorization, token introspection, and revocation. Ensure your OAuth provider is configured and the client IDs/secrets are correctly set in the environment.
- Secrets are only injected server-side; avoid exposing vault credentials in client configurations.
- Audit logs do not include secret payloads; ensure log transport is secured and compliant with your policy.
- If you enable human-in-the-loop approvals, expect approval prompts to appear via the real-time notification channel (Socket.IO) and handle them in your admin UI or workflow.
- For reliability, configure health checks and automatic recovery as described in the deployment docs; downstream timeouts trigger reconnection logic and request retries.
- Use the REST API adapter to quickly expose non-MCP HTTP services as MCP endpoints without implementing a custom MCP server.
Related MCP Servers
lunar
lunar.dev: Agent native MCP Gateway for governance and security
agent
A unified Model Context Protocol server implementation that aggregates multiple MCP servers into one.
forgemax
Code Mode inspired local sandboxed MCP Gateway - collapses N servers x M tools into 2 tools (~1,000 tokens)
mcp-center
A centralized platform for managing and connecting MCP servers. MCP Center provides a high-performance proxy service that enables seamless communication between MCP clients and multiple MCP servers.
agent
MCPAgent for Grupa.AI Multi-agent Collaboration Network (MACNET) with Model Context Protocol (MCP) capabilities baked in
mcp_documents_reader
Model Context Protocol (MCP) server exposes tools to read multiple document types including DOCX, PDF, Excel, and TXT. This has been tested on Trae Desktop.
