OpenA2A/AIM Docs

MCP Discovery Dashboard

AIM automatically detects MCP servers your agents are connecting to, even if they haven't been registered yet. The Discovery Dashboard helps you maintain visibility over your MCP server ecosystem and streamline registration.

Why MCP Discovery?

In the "MCP wild west," agents can connect to any MCP server without oversight. Discovery gives you visibility:

Shadow IT Detection

Find MCP servers agents are using that haven't been approved

Streamlined Registration

One-click registration with pre-filled server details

Security Alerts

Automatic alerts when agents connect to unregistered MCPs

How Discovery Works

Step 1: Agent connects to MCP server
Agent → MCP Server (filesystem-tools)
Step 2: SDK detects and reports connection
SDK → POST /api/v1/sdk-api/mcp/discovered
Step 3: AIM checks registration status
Registered → Link to existing|Not registered → Add to Discovery queue
Step 4: Admin reviews Discovery Dashboard
Register| Ignore

Detection Sources

SDK Runtime

The AIM SDK automatically detects MCP connections during agent operations.

Detected via @agent.perform_action calls

Claude Desktop

Reads claude_desktop_config.json to find configured MCP servers.

Location: ~/Library/Application Support/Claude/

Manual Import

Admin uploads MCP configuration files for bulk discovery.

Supports JSON and YAML configs

Using the Discovery Dashboard

Navigate to: MCP Servers → Discovery tab

View Detected MCPs

See all MCP servers detected by your agents including name, URL, detection source, and which agents detected it.

Register

Click "Register" to open a pre-filled registration form. Server name, URL, and detected capabilities are auto-populated.

Ignore

Click "Ignore" to dismiss false positives or MCPs you don't want to register. They won't appear again unless re-detected.

Security Alerts for Unregistered MCPs

Configuration Drift Alert

When an agent connects to an unregistered MCP server, AIM automatically creates a Configuration Drift alert:

  • Severity: Medium
  • Category: Configuration Drift
  • Auto-Resolve: Alert clears when MCP is registered

API Reference

List Discovered MCP Servers

curl -X GET https://aim.example.com/api/v1/mcp-servers/discovered \
  -H "Authorization: Bearer {access_token}"

# Response
{
  "discovered": [
    {
      "name": "filesystem-tools",
      "url": "http://localhost:4000",
      "detectedBy": ["agent-123", "agent-456"],
      "detectionMethod": "sdk_runtime",
      "firstDetectedAt": "2024-01-15T10:00:00Z",
      "lastDetectedAt": "2024-01-15T14:30:00Z",
      "capabilities": ["tools:filesystem_read", "tools:filesystem_write"],
      "isRegistered": false,
      "matchingServerId": null
    },
    {
      "name": "github-mcp",
      "url": "http://localhost:4001",
      "detectedBy": ["agent-789"],
      "detectionMethod": "claude_desktop",
      "firstDetectedAt": "2024-01-14T09:00:00Z",
      "lastDetectedAt": "2024-01-15T14:30:00Z",
      "capabilities": ["tools:github_read"],
      "isRegistered": true,
      "matchingServerId": "550e8400-e29b-41d4-a716-446655440000"
    }
  ],
  "total": 2,
  "unregisteredCount": 1
}

Report MCP Discovery (SDK)

curl -X POST https://aim.example.com/api/v1/sdk-api/mcp/discovered \
  -H "Authorization: Bearer {sdk_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "agentId": "550e8400-e29b-41d4-a716-446655440001",
    "mcpServers": [
      {
        "name": "filesystem-tools",
        "url": "http://localhost:4000",
        "capabilities": ["tools:filesystem_read", "tools:filesystem_write"],
        "detectionMethod": "sdk_runtime"
      }
    ]
  }'

# Response
{
  "processed": 1,
  "newDiscoveries": 1,
  "alreadyKnown": 0
}

Register from Discovery

curl -X POST https://aim.example.com/api/v1/mcp-servers/register-from-discovery \
  -H "Authorization: Bearer {access_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "discoveredUrl": "http://localhost:4000",
    "name": "filesystem-tools",
    "description": "Local filesystem access MCP",
    "capabilities": ["tools:filesystem_read", "tools:filesystem_write"]
  }'

# Response
{
  "id": "550e8400-e29b-41d4-a716-446655440002",
  "name": "filesystem-tools",
  "status": "pending",
  "registeredFromDiscovery": true,
  "createdAt": "2024-01-15T15:00:00Z"
}

Ignore Discovered MCP

curl -X POST https://aim.example.com/api/v1/mcp-servers/discovered/ignore \
  -H "Authorization: Bearer {access_token}" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "http://localhost:4000",
    "reason": "Internal testing server, not for production"
  }'

# Response
{
  "ignored": true,
  "url": "http://localhost:4000",
  "ignoredAt": "2024-01-15T15:00:00Z"
}

SDK Auto-Detection

The AIM SDK includes powerful auto-detection capabilities with confidence scoring:

Quick Detection

from aim_sdk import secure, auto_detect_mcps

agent = secure("my-agent")

# One-liner: Detect all MCP servers (config + imports)
detections = auto_detect_mcps()

print(f"Found {len(detections)} MCP servers:")
for d in detections:
    print(f"  [{d['detectionMethod']}] {d['mcpServer']} ({d['confidence']}% confidence)")

# Report to AIM backend
agent.report_detections(detections)

Runtime Call Tracking

Track MCP calls in real-time for 100% accurate detection:

from aim_sdk import track_mcp_call, MCPDetector

# Track each MCP call as it happens
track_mcp_call("filesystem", "read_file")
track_mcp_call("github", "search_repos")
track_mcp_call("slack", "send_message")

# Get runtime detections (100% confidence - observed actual usage)
runtime_detections = MCPDetector.get_runtime_detections()
for d in runtime_detections:
    print(f"  {d['mcpServer']}: {d['details']['call_count']} calls")

Deep Capability Discovery

Connect to an MCP server and enumerate all its tools, resources, and prompts:

from aim_sdk.integrations.mcp import discover_capabilities

# Discover what an MCP server can do
result = discover_capabilities("npx -y @modelcontextprotocol/server-filesystem /tmp")

if not result.error:
    print(f"Server: {result.server_name} v{result.server_version}")
    print(f"Protocol: {result.protocol_version}")
    print(f"Latency: {result.connection_latency_ms:.1f}ms")
    print()
    print(f"Tools ({len(result.tools)}):")
    for tool in result.tools:
        print(f"  - {tool.name}: {tool.description}")
    print()
    print(f"Resources ({len(result.resources)}):")
    for resource in result.resources:
        print(f"  - {resource.uri}")
else:
    print(f"Discovery failed: {result.error}")

Detection Confidence Levels

100% Confidence
  • Claude Config: Definitive config file
  • Runtime Tracking: Observed actual usage
90% Confidence
  • SDK Import Scan: Package installed
Variable Confidence
  • Manual Import: Depends on source

Best Practices

Do

  • • Review Discovery Dashboard weekly
  • • Register legitimate MCP servers promptly
  • • Investigate unknown servers before ignoring
  • • Set up alerts for new discoveries
  • • Document reasons when ignoring servers

Don't

  • • Ignore all discoveries without review
  • • Allow agents to use unregistered MCPs long-term
  • • Disable discovery alerting
  • • Skip verification for discovered servers
  • • Register without checking server legitimacy

Related Documentation

MCP Servers →MCP Attestation →MCP Trust Scoring →Security Policies →