Enterprise MCP Health Gateway
Allows storing and managing Garmin OAuth credentials for accessing health data via the MCP server.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Enterprise MCP Health GatewayPrepare a prevention brief for member 12345"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Enterprise MCP Health Gateway
A runnable MVP for onboarding enterprise tenants and agents, exposing governed health capabilities through MCP, storing downstream credentials, and monitoring tool activity from an analytics dashboard.
Included
Multi-tenant enterprise onboarding
One-time admin and agent keys, stored only as SHA-256 hashes
Per-agent tool and purpose permissions
Encrypted downstream credential vault using Fernet
Streamable HTTP MCP server using the stable official Python SDK line
Deterministic policy enforcement outside the model
Provider-neutral demo health tools
Pseudonymized, structured audit events
Dashboard for calls, success rate, denials, p95 latency, active agents and tool usage
Docker Compose deployment
Unit tests
Related MCP server: production-grade-mcp-agentic-system
Architecture
Enterprise agent
|
| Bearer token
v
MCP service :8001
| identity + tool/purpose policy + audit
v
Health capability services
v
Provider adapter interface
Admin browser / enterprise control plane
|
v
Admin API + dashboard :8000
|
v
Shared database and encrypted credential storeThe included health connector is synthetic and deterministic. Replace app/connectors/demo.py with a production adapter for Thryve or another health data provider.
Run with Docker
cp .env.example .env
docker compose up --buildOpen the dashboard at http://localhost:8000.
Local demo credentials:
Admin key: adm_demo_change_me
Agent token: mcp_demo_change_me
MCP endpoint: http://localhost:8001/mcpChange all demo keys and SECRET_KEY before using the project outside local development.
Test the MCP service
MCP_AGENT_TOKEN=mcp_demo_change_me python examples/client.pyThe example client lists tools and calls prepare_prevention_brief for a synthetic member. The tool call appears in the dashboard within the next refresh.
Run without Docker
python -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
mkdir -p data
cp .env.example .env
uvicorn app.api:app --reload --port 8000
python -m app.mcp_serverAdmin API examples
Create a tenant:
curl -X POST http://localhost:8000/api/v1/onboard \
-H 'Content-Type: application/json' \
-d '{"organization_name":"Example Insurer","admin_email":"admin@example.com"}'Create an agent:
curl -X POST http://localhost:8000/api/v1/agents \
-H 'Content-Type: application/json' \
-H 'X-Admin-Key: adm_demo_change_me' \
-d '{
"name":"Prevention Agent",
"environment":"production",
"allowed_tools":["list_authorized_capabilities","get_member_activity_summary","assess_data_quality","prepare_prevention_brief"],
"allowed_purposes":["operational","prevention"]
}'Store a downstream credential:
curl -X POST http://localhost:8000/api/v1/credentials \
-H 'Content-Type: application/json' \
-H 'X-Admin-Key: adm_demo_change_me' \
-d '{"provider":"garmin","name":"production-oauth","secret":"replace-me"}'Production hardening still required
This repository is an MVP, not a compliance certification. Before production, add:
An external OAuth 2.1 / OIDC authorization server and protected-resource metadata
Workload identity or signed JWT validation instead of opaque demo bearer keys
PostgreSQL, schema migrations, backups and tenant-level database controls
A managed KMS or secret manager instead of application-derived Fernet keys
Consent and legal-basis records linked to each member and purpose
Retention, deletion, data-subject request and regional processing workflows
Signed tool manifests and deployment approvals
Immutable or tamper-evident audit storage and SIEM export
Rate limits, circuit breakers, batch limits and human approval services
Provider-specific OAuth and token refresh handling
Security testing for prompt injection, tool poisoning, SSRF and confused-deputy attacks
Important design choices
The model never authorizes itself. Tool and purpose policy is checked by deterministic code.
Provider credentials never enter MCP tool output or model context.
Member identifiers are hashed before audit storage.
Tools return evidence, confidence, limitations and explicit non-diagnostic boundaries.
Reward and prevention outputs require human review in this MVP. Triggering redeploy to clear Dockerfile validation cache.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/princeofmars/mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server