Ithena | Production-Ready Governance for MCP

The Missing Layer for Production MCP

While the core MCP SDK handles communication, deploying it to production demands critical governance capabilities:

Authentication: Verifying who is making a request.
Authorization (RBAC): Defining and enforcing what authenticated users or services can do.
Credential Management: Securely providing secrets to MCP handlers only when needed.
Auditing & Compliance: Recording what happened for security monitoring, debugging, and compliance.
Consistency: Implementing these features uniformly without duplicating security-sensitive code.

The Ithena Solution: SDK + Optional Platform

Ithena streamlines MCP governance with a flexible, two-part approach:

Open-Source SDK (@ithena-one/mcp-governance): A TypeScript library providing a robust governance pipeline and pluggable interfaces (Identity, Roles, Permissions, Credentials, Audit, Logging) to wrap your base MCP server.
Ithena Managed Platform (Waitlist Open): A secure, scalable cloud service providing production-ready backend implementations for the SDK's interfaces. Skip the infra setup and offload the complexity of operating audit logs, RBAC engines, and secret stores.

Grounded in AWS Security Research

Ithena provides the practical framework and actionable security patterns identified by AWS researchers as essential for enterprise MCP adoption. Our implementation addresses key controls for RBAC, secrets, and auditing outlined in their analysis (arXiv:2504.08623).

Who Needs Ithena?

Role	Pain Points	Ithena Solution
AI/Backend Engineers	Security boilerplate in every handler	Focus on tool/resource logic; governance handled by SDK
Platform/DevOps	Inconsistent governance across deployments	Standardized pipeline, logs, metrics across all MCP servers
Security Engineers	No audit trails, loose access controls	Fine-grained RBAC, comprehensive audit records
Enterprises	Compliance, governance silos	Standardized controls, SSO integration, audit exports

SDK Key Features

Core Governance Interfaces

IdentityResolver: JWT validation, API key lookup
RoleStore: Map identities to roles (LDAP, DB)
PermissionStore: Define what roles can do
CredentialResolver: Fetch secrets securely
AuditLogStore: Record detailed audit events
Logger: Structured logging with trace context

Pipeline Features

Request-scoped identity & authorization
Fine-grained permission control
Just-in-time secret resolution
Auto-sanitized audit records
Distributed tracing support
Configurable denial policies

Easy Integration: Get Started Quickly

Integrating Ithena is straightforward. Follow these steps to add robust governance to your MCP server without the boilerplate:

Install the SDK

Add the core package to your project.

npm install @ithena-one/mcp-governance

Import Necessary Components

Import the GovernedServer and your base MCP server.

import { GovernedServer } from '@ithena-one/mcp-governance';

Instantiate & Configure

Instantiate GovernedServer, passing your base server and your chosen implementations for the governance interfaces (e.g., JWT, DB roles) or simply use the Ithena Platform clients.

const governedServer = new GovernedServer(baseServer, { ...config });

Register Your Handlers

Register handlers using setToolHandler or setRequestHandler. Focus on your tool's logic; the pipeline automatically enforces governance.

governedServer.setToolHandler('myTool', ..., handlerFn);

Connect Transport

Attach your MCP transport layer as usual.

governedServer.connect(transport);

Read the Full Integration Guide

Focus on Features, Not Boilerplate

Compare adding robust governance manually within each handler versus letting the Ithena SDK manage the complexity.

BEFORE: Manual Governance (Complex & Repetitive!)

manual-handler.ts

// BEFORE: Handling slack_post_message Manually (Full Complexity)
import { SlackClient, MyAuth, MyRBAC, MySecrets, MyAudit, MySanitize } from './utils';
import { CallToolRequest } from '@modelcontextprotocol/sdk/types';

baseServer.setRequestHandler(
CallToolRequestSchema, // Assuming base schema validation
async (request: CallToolRequest, baseExtra) => {
if (request.params.name !== 'slack_post_message') return; // Basic routing

// --- Governance Boilerplate STARTS ---
const eventId = MyAudit.generateEventId();
const startTime = Date.now();
let userId = null;
let roles = [];
let outcome = 'failure';
let errorDetails = null;
let slackToken = null;
let handlerResult = null;

try {
  // 1. Manual Authentication
  const authToken = MyAuth.extractToken(baseExtra.transportContext?.headers);
  if (!authToken) { throw new MyAuth.AuthError('Missing token'); }
  const decoded = await MyAuth.validateToken(authToken); // Verify sig, expiry...
  userId = decoded.userId;
  if (!userId) { throw new MyAuth.AuthError('Invalid user'); }

  // 2. Manual Authorization (RBAC)
  roles = await MyRBAC.getUserRoles(userId); // Fetch roles
  const channelId = request.params.arguments?.channel_id;
  if (!channelId) { throw new Error('channel_id missing'); }
  const perm = `slack:channel:${channelId}:postMessage`; // Derive permission
  const isAllowed = await MyRBAC.checkPermission(roles, perm); // Check policy
  if (!isAllowed) { throw new MyRBAC.ForbiddenError(`Denied: ${perm}`); }

  // 3. Manual Argument Validation
  const args = request.params.arguments;
  if (!args || typeof args.text !== 'string' || !args.text) {
    throw new Error('Invalid or missing text argument');
  }

  // 4. Manual Credential Fetching
  try {
    // Potentially complex logic based on user/context
    slackToken = await MySecrets.getSlackTokenForUser(userId);
  } catch (credErr) {
    throw new Error(`Credential fetch failed: ${credErr.message}`);
  }
  if (!slackToken) { throw new Error('Credential not found'); }

  // --- FINALLY, Your Core Logic ---
  const slackClient = new SlackClient(slackToken);
  handlerResult = await slackClient.postMessage(
      args.channel_id, args.text
  );
  // --- End Core Logic ---

  outcome = 'success';
  return { content: [{ type:'text', text:JSON.stringify(handlerResult) }] };

} catch (err) {
  // 5. Manual Error Handling & Mapping
  console.error(`Handler failed [${eventId}]:`, err);
  errorDetails = { message: err.message, stack: err.stack, type: err.name };
  if (err instanceof MyRBAC.ForbiddenError) {
      outcome = 'denied';
      // Need to map to appropriate MCP error response
      throw new McpError(ErrorCode.InternalError, "Access Denied", errorDetails);
  }
  // ... more error mapping ...
  throw new McpError(ErrorCode.InternalError, "Handler Failed", errorDetails);

} finally {
  // --- Governance Boilerplate ENDS ---
  // 6. Manual Auditing Finalization (Complex!)
  const endTime = Date.now();
  const auditRecord = {
      eventId, timestamp: new Date().toISOString(),
      userId, roles, method: request.method, tool: request.params?.name,
      transport: baseExtra.transportContext,
      outcome, durationMs: endTime - startTime,
      // CRITICAL: Must sanitize *everything* manually & correctly!
      params: MySanitize.deepSanitize(request.params?.arguments),
      result: MySanitize.deepSanitize(handlerResult),
      error: MySanitize.deepSanitize(errorDetails),
  };
  try {
    await MyAudit.log(auditRecord); // Send to audit system
  } catch (auditErr) {
    console.error(`!! FAILED TO LOG AUDIT [${eventId}] !!:`, auditErr);
  }
}
}
);

AFTER: Using Ithena SDK (Cleaner Handler)

governed-handler.ts

// AFTER: Using Ithena SDK
import { GovernedServer, GovernedRequestHandlerExtra } from '@ithena-one/mcp-governance';
import { z } from 'zod';
import { SlackClient } from './utils'; // Your Slack logic

// --- Configuration (Once) ---
const governedServer = new GovernedServer(baseServer, {
  identityResolver: /*...*/, // Validates JWT/API keys
  roleStore: /*...*/,      // Maps identities to roles
  permissionStore: /*...*/, // Defines role permissions
  credentialResolver: /*...*/, // Securely provides secrets
  auditStore: /*...*/,      // Records audit events
  enableRbac: true,         // Enable authorization
  auditDeniedRequests: true, // Log denied requests
});

// Define Zod schema for validation
const postMessageSchema = z.object({
  jsonrpc: z.literal("2.0"),
  id: z.union([z.string(), z.number()]),
  method: z.literal('tools/slack_post_message'),
  params: z.object({
    arguments: z.object({
      channel_id: z.string(),
      text: z.string()
    })
  })
});

// --- Register Tool Handler (Clean & Focused) ---
governedServer.setRequestHandler(
  postMessageSchema,
  async (request, extra: GovernedRequestHandlerExtra) => {
    const { identity, roles, logger } = extra;
    logger.info(`Executing slack_post_message for ${identity?.id}`, { roles });

    // Get credential securely injected by pipeline
    const token = extra.resolvedCredentials?.slackBotToken;
    if (!token) throw new Error('Slack Token Missing');

    // ---> Focus ONLY on the core logic <---
    const slackClient = new SlackClient(token);
    const slackResponse = await slackClient.postMessage(
      request.params.arguments.channel_id,
      request.params.arguments.text
    );

    // Return result; Audit automatically logged
    return { content: [{ type: 'text', text: JSON.stringify(slackResponse) }] };
  }
);

The True Cost of DIY Governance

Building MCP governance features from scratch involves significant hidden engineering effort, security risks, and ongoing maintenance, diverting focus from core product development:

Feature	DIY Approach	Ithena Solution (SDK + Platform)
🔐 Identity & Auth	Build/integrate token validation, IdP logic, session mgmt. Effort: 1-3+ Weeks Risks: Auth bypass, protocol misuse.	✅ Plug in `IdentityResolver` (e.g., JWT, API Key). ✅ Managed Platform provides ready-to-use auth API. Benefit: Faster, secure, less code.
🔑 RBAC Engine	Design policy model, build evaluation engine, secure storage. Effort: 2-4+ Weeks Risks: Privilege escalation, logic errors.	✅ Plug in `RoleStore`/`PermissionStore`. ✅ Managed Platform provides RBAC API & UI. Benefit: Fine-grained control, reduced complexity.
🔏 Secret Management	Integrate secret managers, handle caching, rotation, injection. Effort: 1-2+ Weeks Risks: Secret leakage, insecure injection.	✅ Plug in `CredentialResolver` for JIT secrets. ✅ Managed Platform provides secure secret store API. Benefit: Secure access, eliminates hardcoding.
📜 Audit Logging	Build pipeline, ensure sanitization, manage storage/indexing. Effort: 3-6+ Weeks Risks: Compliance failure, data loss/tampering.	✅ Plug in `AuditLogStore`; pipeline handles sanitization. ✅ Managed Platform provides scalable audit storage & UI. Benefit: Reliable, compliant, easier debugging.
🔄 Consistency & Pipeline	Build custom request pipeline for consistent checks, context mgmt. Effort: 1-2+ Weeks Risks: Inconsistent security, complex logic.	✅ Use `GovernedServer` pipeline out-of-the-box. ✅ Ensures consistent application of all checks. Benefit: Standardized, less boilerplate.
🔧 Maintenance	Patching dependencies, updating security practices, fixing bugs, scaling. Significant Ongoing Cost Risks: Outdated security, bottlenecks, burden.	✅ SDK maintained by Ithena. ✅ Managed Platform handles all infra ops. Benefit: Reduced operational load & risk.
💰 Total	Est. 8-17+ Weeks Initial Build + Significant Ongoing Maintenance Cost & High Risk (Security breaches, compliance fines, slow dev)	✅ Rapid Integration (Hours/Days) ✅ Minimal Maintenance (SDK) or Zero (Platform) Reduced Risk, Faster Development

Accelerate your development, reduce security risks, and save months of engineering effort.

orStar the SDK on GitHub

Architecture Overview

The GovernedServer wraps the base MCP Server, intercepting requests with its GovernancePipeline. This pipeline sequentially runs your configured Identity, RBAC, and Credential resolution steps. If checks pass, it invokes your handler with enriched context (GovernedRequestHandlerExtra), automatically generating and logging detailed audit records.

Client Request

↓

Transport Layer

↓

GovernedServer (Ithena SDK) Wraps Base Server & Runs Pipeline:

Governance Pipeline

1Context SetupEventID, LoggerLog

→

2Identity IDResolve User

→

3RBAC RBACCheck Access

→

4Post-Auth Hook(Optional)

→

5Credentials CredLoad Secrets

→

6Your HandlerExecute Code

→

7Audit Log AuditRecord Activity

↓ Pipeline steps call corresponding Interface implementations below ↓

Your Backend Implementations

IDIdentityResolver (e.g., JWT)
RBACRoleStore (e.g., DB)
RBACPermissionStore (e.g., OPA)
CredCredentialResolver (e.g., Vault)
AuditAuditLogStore (e.g., SIEM)
LogLogger (Your Choice)

Ithena Managed Platform

IDManaged Identity API
RBACManaged RBAC API
CredManaged Credential API
AuditManaged Audit Log API
(Provides API implementations for SDK interfaces)

↓

Response to Client

Shape the Ithena Managed Platform (Early Adopter Program)

While the open-source SDK provides the core governance framework, implementing and operating the required backend services (audit logs, RBAC engines, secret stores) involves significant infrastructure effort.

Want a production-ready managed solution without the operational burden? The Ithena Managed Platform is currently under active development, driven by feedback from our partners. Join the Early Adopter Program to influence its direction, get early access, and secure exclusive benefits.

Platform Vision (Shaped by Early Adopters):

Planned Service	Will Provide Managed Backend For:	Target Features
Audit Service	`AuditLogStore`	Secure ingestion, configurable retention, UI exploration, forwarding (Datadog/Splunk/etc.).
RBAC Service	`RoleStore`, `PermissionStore`	UI/API for roles/permissions, low-latency authz API, config audit trail.
Secrets Service	`CredentialResolver`	Encrypted storage, context-based retrieval, access auditing.
Console + SSO	Management & Teams	Web UI for config, enterprise SSO, team controls.

Learn About the Early Adopter Program

Production-Ready Governance for MCP Servers