MCP Harbor
Pricing

The gateway, registry, and audit log for your team's MCP servers.

Helm-deploy in 10 minutes. Self-hosted in your own EKS, AKS, or GKE cluster. Per-team token budgets, encrypted secrets, a signed registry, and an action log auditors will accept.

Pre-order at 50% off → Talk to founder

First 10 founding customers lock in $49.50/mo for 12 months. After that, $99.

Built for Claude Code Cursor Codex ChatGPT Enterprise internal agents

Why teams build this themselves and regret it

Three weeks ago, your security team asked what the AI did last quarter. You couldn't answer.

// the registry problem

Your team adopted Claude Code, Cursor, and Codex. There are 12 MCP servers in production. Half were deployed by individual devs, three by an automation team, two by security, and a couple nobody can trace. Nobody owns the registry.

// the budget problem

One dev burned $1,500 in Cursor calls in a long weekend trying to ship a CRM clone the fast way. There's no per-team budget, no anomaly alert, no per-developer attribution. Finance noticed a week later.

// the audit problem

Your auditor asked for an action log of every MCP tool call your agents made last quarter. There is no log. Three weeks reconstructing it from CloudWatch and provider invocation logs and you're still missing half the data.

What MCP Harbor does

One Helm chart. Five jobs. Self-hosted in your VPC.

MCP Harbor sits between your AI tools and your MCP servers. Every tool call goes through it before reaching the backend. Five jobs the gateway does, none of which any of your existing tools does well. Auth, audit, budget, secrets, registry. That's the whole product.

01 / audit

Audit log

Every tool call captured: who called it, which server, which tool, the arguments, the timestamp, the cost in tokens and dollars. Exportable to S3, ClickHouse, Splunk, or your existing SIEM. Run SELECT * WHERE actor = 'claude-code' AND ts > quarter_start and you have your audit response.

02 / budgets

Per-team token budgets

Sliding-window counters in Postgres. Hard caps per team, alerts at 80%, automatic shutoff at 100%. Per-developer anomaly detection so the next $1,500 weekend doesn't happen.

03 / vault

Secrets vault

AES-256-GCM encrypted, customer-supplied master key. Devs reference {{slack_token}}; the value gets injected server-side and never lands in a prompt, debug log, or chat export.

04 / registry

Signed registry

Checksum-verified MCP server registry. Admin-approved, version-pinned, swap-resistant. The "82% of MCP servers ship with path traversal" headline doesn't apply if you can't deploy one without admin sign-off.

05 / helm

Helm chart

helm install mcpharbor ./chart on your EKS, AKS, or GKE. Read-only IRSA on the cluster. Data never leaves your VPC. We don't see your traffic, your secrets, or your audit log.

Pricing

Published pricing. No "schedule a demo."

Stacklok, Composio Enterprise, Snyk Ignite. Every direct competitor gates pricing behind a sales call. We don't. First 10 founding customers get 50% off for 12 months.

SMB

$49.50/mo

$99/mo · founding rate

  • 1 cluster
  • 5 MCP servers
  • 10 developers
  • Audit log to bundled Postgres (in your cluster)
  • Email + Slack support
Pre-order →
most teams pick this

Team

$249.50/mo

$499/mo · founding rate

  • 3 clusters
  • Unlimited MCP servers
  • 50 developers
  • Audit log export to your S3, ClickHouse, or SIEM
  • SAML SSO, RBAC, audit-export API
  • Direct line to founder
Pre-order →

MSP white-label

$999/mo

$2,000/mo · founding rate

  • Your branding
  • Billed to your clients
  • Multi-tenant deployment
  • White-label admin UI
  • Founder direct support
Talk to founder

Founding price locks for 12 months. Cancel anytime in your Stripe dashboard.

Five things people ask before they buy.

If you have a sixth, email me. zach@mcpharbor.io. I read everything.

Why is the founding-customer price 50% off?
The first 10 customers get $49.50/mo (or $249.50/mo Team) locked in for 12 months. After that, founding pricing closes and the public rate starts at $99/mo. The deal: you take a chance on a v0.1 product, I commit my next year to making it the best gateway you've used.
Do I install this in my own cluster?
Yes. MCP Harbor is a Helm chart. helm install mcpharbor ./chart in your EKS, AKS, GKE, or self-hosted Kubernetes. The gateway runs with read-only IRSA. Your traffic, secrets, and audit log never leave your VPC. We don't see them and don't want to.
What does the audit log capture?
Every tool call, structured: caller identity, MCP server, tool name, arguments, timestamp, response status, token count, dollar cost. Exportable to S3, ClickHouse, Splunk, Datadog, or any SIEM that ingests JSON. The schema is open and documented; you own your audit data forever.
What if my team uses Cursor and Claude Code together?
Both clients connect to the same MCP Harbor endpoint. Per-team budgets, audit log, and the registry work across every MCP-speaking client: Claude Code, Cursor, Codex, ChatGPT Enterprise, your own internal agents. One control plane, every tool.
Who built this?
Zach Gonzales. Senior platform engineer at zargo. I shipped Senken (an LLM-powered security agent) and the Senken portal (a unified analyst console pulling threat intel, EDR signals, and breach-and-attack simulation into one workflow) into production last year. MCP Harbor is the tool I needed for our own MCP rollout. Reach me at zach@mcpharbor.io.