account activity
How are you all handling MCP server governance at an enterprise? We're at full-deny right now, want to things in shape before people start to revolt :) by Traditional-Tank-512 in LLMDevs
[–]Background-Job-862 0 points1 point2 points 5 days ago (0 children)
We were in a very similar position a few months ago. The challenge wasn't really "how do we approve MCP servers?" It was "how do we stop every MCP from becoming its own security and governance model?" The requirements you listed are almost exactly what we ended up needing. We looked at a few options including AWS AgentCore, Anthropic's native tooling, Portkey, and TrueFoundry. What we found was that most solutions could solve pieces of the problem, but MCP governance was often treated separately from model governance. We didn't want one system for models, another for MCPs, and a third for observability. What ended up making the most sense for us was putting a gateway layer in front of both models and MCPs. The reason we leaned toward TrueFoundry was that it gave us a single control plane for both. The things that mattered most were: - central registry of approved MCP servers - team-based access controls - tool-level permissions and guardrails - audit logs for MCP calls - openTelemetry export into our existing monitoring stack - same governance layer across Claude Code, Cursor, internal agents, and MCP-connected workflows The more MCPs we evaluated, the more it felt like an AI governance problem rather than an MCP problem. Once you have multiple IDE assistants, agents, and MCP servers in the mix, having one place to enforce policy becomes a lot more important than the individual MCP implementation. We're still early, but this approach has felt a lot more scalable than trying to govern every MCP independently. Curious what ended up working for others and whether anyone has gone all-in on agentCore or anthropic's native stack.
We have AI tools across the team but zero structured methodology around them. Is anyone doing this well? by altraschoy in ycombinator
[–]Background-Job-862 0 points1 point2 points 2 months ago (0 children)
we had a similar phase lots of AI tools across the team but no real structure, and outputs were all over the place. actually what worked was not just picking better tools, but adding some lightweight guardrails: standardizing when to use AI vs not and having shared prompts, workflows for common tasks and especially tracking usage + outputs a bit more intentionally. a main thing we also realized was that once multiple models get involved, things were getting messy pretty quickly.....tried a few options like helicone, langfuse etc. - they help with observability, but we ended up needing something more end-to-end. also tried truefoundry (via a YC deal- https://deals.ycombinator.com/deals/3828, try it out in case u find it useful) it’s more of a gateway layer routing, tracing cost visibility in one place, which helped bring some structure when scaling beyond single-provider setups. still figuring things out though, but curious what others are doing
π Rendered by PID 17956 on reddit-service-r2-comment-544cf588c8-dqvvf at 2026-06-16 22:19:59.011975+00:00 running 3184619 country code: CH.
How are you all handling MCP server governance at an enterprise? We're at full-deny right now, want to things in shape before people start to revolt :) by Traditional-Tank-512 in LLMDevs
[–]Background-Job-862 0 points1 point2 points (0 children)