MCP tool catalog
View discovered tools, assign risk levels, and enable approval requirements.
Overview
The Tool Catalog shows every MCP tool discovered across all your registered servers. It's the central place to see what your agents can do, assign risk levels, and decide which tools need human approval before execution.
You'll find it at AI Gateway > MCP Gateway > Tools.
Tool list
Tools are grouped by the server they belong to. Each server section shows the server name and tool count. Each tool row displays:
- Tool name: The name exposed by the MCP server (e.g.,
search,run_query,get_weather). - Risk level badge: Color-coded: green for low, amber for medium, red for high.
- Approval required chip: Shows "Approval required" in orange when the tool needs human sign-off before execution.
- Description: The tool's description as reported by the server.
- Approval toggle: Quick toggle on the right side to enable or disable approval requirements.
Filtering tools
Two dropdown filters appear above the tool list when you have tools:
- Filter by server: Show tools from a specific server or all servers.
- Filter by risk: Show tools at a specific risk level (low, medium, high) or all.
Filters work together. Select both a server and a risk level to narrow down to exactly the tools you're looking for.
Risk levels
Every tool has a risk level that you assign. It doesn't affect routing directly, but it drives governance decisions and shows up in the audit trail.
| Level | Color | When to use |
|---|---|---|
| Low | Green | Read-only tools that don't access sensitive data. Examples: search, get_weather, list_items. |
| Medium | Amber | Tools that modify data or access internal systems. Examples: update_record, send_email, create_ticket. |
| High | Red | Tools that delete data, access PII, or perform irreversible actions. Examples: delete_record, drop_table, transfer_funds. |
New tools default to "low" risk. You should review and classify them as part of your onboarding process.
Approval requirements
When you enable "Requires approval" on a tool, every invocation of that tool goes through a human review step:
- An agent calls the tool through the gateway.
- The gateway creates an approval request and returns an error to the agent with the approval ID and a poll endpoint.
- The approval request appears on the Approvals page.
- An admin approves or denies the request.
- The agent polls the status endpoint and retries the call once approved.
You can toggle approval on and off directly from the tool list using the toggle, or from the edit modal.
Editing tool settings
Click any tool row or the pencil icon to open the edit modal. The modal shows:
- Tool info box: Read-only section showing the tool name, description, and which server it belongs to.
- Risk level: Dropdown to select low, medium, or high.
- Requires approval: Toggle with a description: "When enabled, tool invocations must be approved before execution."
Click Save changes to apply. Changes take effect immediately for the next tool call.
How tools are discovered
Tools appear in the catalog after the gateway runs tool discovery on a registered server. Discovery calls the server's tools/list MCP method and stores each tool with its name, description, and input schema.
You can't manually add tools. They always come from a server's discovery response. If a tool disappears from the server, it stays in the catalog until the server is deleted.
Tool input schema
Each tool can have a JSON Schema describing its expected input. This schema is stored during discovery and returned to agents in tools/list responses. The gateway doesn't validate inputs against the schema, but agents use it to construct correct tool calls.
Empty state
If no tools have been discovered yet, you'll see tips explaining how to get started:
- Register MCP servers and trigger tool discovery.
- Once tools appear, assign risk levels and enable approval for sensitive operations.
Permissions
Viewing the tool catalog is available to all authenticated users. Changing risk levels and approval settings requires the Admin role.