Lunar.dev MCPX is the enterprise gateway for AI agent governance. Govern AI agent identity, access, audit, and observability from a single self-hosted gateway, so your organization can scale AI adoption without losing accountability.
Every user has an identity. So should every agent.
Security and IT teams can name every user in their identity provider and what those users can access. Almost none can do the same for their agents.
Lunar.dev MCPX gives every agent its own Agent Environment: a dedicated gateway instance with its own identity, MCP access, and tool permissions. Agents get exactly the tools they need and nothing more.
Every AI interaction has two identities: the user behind the request and the agent that carried it out. Lunar.dev MCPX captures both, so admins can trace who did what across every MCP tool call.
Who initiated the request, which agent they triggered, and what tools and resources were accessed on their behalf.
Which agent identity made the call, which tools it used, and which user it was acting on behalf of.
Agent Inventory
Centralized inventory of every AI agent across teams and environments.
Lunar.dev MCPX gives you a centralized view of every agent connected to the gateway. Each agent in the inventory has:
Lunar.dev MCPX is available in two tiers. Both run self-hosted in your VPC.
Capability
Connected agent view
Per-agent access control
Audit logs
Observability Metrics
Agent and user identity management
MCP Evaluation Sandbox
MCPX (open source)
Single instance
Tool Groups and Consumer Tags
Audit Log Screen
Metrics endpoint
Single deployment
—
MCPX Enterprise
Organization-wide
Plus Profiles and IdP Groups
Plus per-instance Logs UI and export
Plus Agent Metrics dashboard
User identities, Agent Connectors, IdP sync
Per-tool LLM risk scoring
Frequently asked questions
What is AI agent governance?
Treating each AI agent as a managed identity: scoped permissions, recorded activity, ongoing monitoring. Lunar.dev MCPX delivers all four through agent inventory, access control, audit logs, and observability in one self-hosted gateway.
How does Lunar.dev tell agents apart from users?
Each agent connects through its own Agent Environment with a dedicated identity, MCP server access, and tool permissions. Admins grant, scope, and revoke each agent's access independently of the user who deployed it.
What gets recorded in the MCPX audit log?
Every tool call, including the tool name, MCP server, and agent identity that made the call. MCP servers added or removed, agent permission changes, and catalog updates are also recorded as separate events.
Can I send agent metrics to my existing monitoring stack with MCPX?
Yes. MCPX exposes a metrics endpoint that platform teams can scrape into existing observability tooling. Metrics break down per tool, agent, model, and user.
How does Lunar.dev MCPX accelerate AI adoption?
By giving security and IT teams the governance layer they need to scale AI agents safely. Inventory, identity, audit, and observability run from day one, so organizations can adopt MCP tools across teams without re-architecting access control or audit reporting.
How does Lunar.dev MCPX defend against shadow agents and excessive agency?
Every agent connects through a scoped Agent Environment with its own identity and tool permissions. Shadow agents become visible the moment they connect; excessive agency is prevented at the access control layer, since agents only get the tools admins explicitly approve.
Govern your agents like you govern your users.
Book a demo to see Agent Inventory, agent identity, audit, and observability running in your own environment.
%20(1).avif)
%20(1).avif){kind=small}
