User guide
What is ATLAS?
ATLAS is WWT's enterprise context engine and MCP registry. It's a single control plane that connects developers, applications, and AI assistants to approved enterprise capabilities — with governance, ownership, and audit built in from day one.
Two audiences, two paths
Most people who land in ATLAS are doing one of two things. The quickest way to get value is to know which one you are.
Connect an AI assistant
Cursor, Windsurf, Claude Code, GitHub Copilot, ChatGPT, custom MCP clients. Pick your assistant, declare a purpose, attach approved context packs and tools, copy the generated config. One endpoint, governed access.
Open the connection wizard
Register a capability
I have an API, MCP server, GraphQL endpoint, agent, or runbook I want others (and AI assistants) to find. New entries land in draft and metadata-only enforcement until reviewed.
Open the registration form
What ATLAS owns vs what it wraps
ATLAS doesn't reinvent agent execution or the MCP runtime. It layers a control plane on top of two open-source pieces and fills the gap between them with its own catalog, governance, and UX.
| Feature | Implemented by | Upstream |
|---|---|---|
| Capability catalog · /catalog · /ask | ATLAS | — |
| Governance overlay (owner / risk / classification / enforcement) | ATLAS | — |
| Context packs and organizational memory · /context | ATLAS | — |
| Intent resolution (keyword + tsvector + pgvector ANN) | ATLAS | — |
| Connect AI assistant wizard · /connect | ATLAS | — |
| Register a capability · /register | ATLAS | — |
| Audit log with trace IDs · /audit | ATLAS | — |
| ATLAS-as-MCP streamable endpoint · :8081/mcp | ATLAS | — |
| Runtime plan rendering · /runtime | ATLAS | — |
| Policy simulation UI · /governance/simulator | ATLAS | — |
| Per-call policy enforcement (Cedar) | Upstream | agentgateway |
| Apply ATLAS runtime plans to the data plane | Bridge | agentgateway |
| Per-call access logs (ingested into /audit) | Upstream | agentgateway |
| Source of truth for agents/MCP tools (developer CLI) | Upstream | agentregistry / arctl |
| Sync agentregistry → ATLAS catalog (local-dev only) | Bridge | agentregistry / arctl |
Every record carries an enforcement_status (metadata_only · simulated · enforced · disabled) so consumers always know which features are actually wired up versus documented for future implementation.
Problems ATLAS solves
MCP server sprawl
AI tooling is spreading across the org. MCP servers multiply with no way to discover what exists, how to connect, or which one fits a task.
How ATLAS helps: ATLAS catalogs every MCP server and exposes itself as an MCP server — any AI host plugs it in and instantly gets discovery + context.
Scattered institutional context
Apps, services, teams, runbooks, and datasets live across wikis, repos, chat, and tribal knowledge.
How ATLAS helps: ATLAS provides a single searchable home with owner, links, governance posture, and audit trail per entry.
No governance for AI tools
AI assistants can call any tool they discover — no visibility into risk, data classification, or who approved access.
How ATLAS helps: Every capability in ATLAS carries risk level, data classification, enforcement status, and approval requirements. Policy simulation lets you test before enforcing.
Ownership gaps
When something breaks at 2 AM, nobody knows who owns the service, where the runbook is, or who's on call.
How ATLAS helps: ATLAS links every capability to an owner team with support contacts, escalation paths, and on-call info. The governance dashboard highlights gaps.
What you can do in ATLAS
Search the catalog
Find APIs, MCP servers, MCP tools, AI agents, applications, services, and runbooks. Filter by type, team, risk, classification, or lifecycle status. Keyword search plus semantic matching finds what you need even if you don't know the exact name.
Ask ATLAS
Type a plain-language question like 'Who owns the certificate management platform?' or 'How do I create a ServiceNow incident from my AI assistant?' ATLAS resolves your intent, identifies the right capability, and shows you the owner, risk, approval path, and setup instructions.
Connect an AI assistant
Generate a ready-to-paste MCP configuration for Cursor, Windsurf, Claude Code, or any MCP-compatible client. One connection gives your assistant access to every governed capability in the catalog.
Browse context packs
Context packs bundle related capabilities, runbooks, teams, and organizational context into curated sets. They're designed for specific audiences — an SRE pack, a security review pack, an onboarding pack — so AI assistants get the right context without seeing everything.
Review governance posture
See at a glance: how many capabilities are high-risk, AI-accessible, metadata-only, missing owners, or stale. Simulate access policies before enforcing them. Every capability shows its enforcement status honestly.
Inspect runtime plans
Runtime plans are rendered, vendor-neutral manifests that describe exactly which capabilities an AI agent or workflow has been granted. The agentgateway bridge applies them and monitors for drift.
Explore teams
Every capability has an owner team. Browse teams to see who owns what, find support contacts, and understand the organizational structure behind the catalog.
Review audit log
Every capability view, access request, policy simulation, context pack attachment, and runtime plan render is recorded with trace IDs. Use this for compliance, debugging, and understanding usage patterns.
Register a capability
Service owners register APIs, MCP servers, tools, agents, applications, services, or runbooks. Records start as draft/metadata-only and must be reviewed before going active. The secret scanner blocks any payload that looks like a raw credential.
Manage API tokens
Create and manage API tokens for programmatic access to the ATLAS API. Tokens are scoped and audited.
How capabilities enter the system
- 1
Registration
Capabilities can enter via the web UI form, the REST API, GitOps YAML files (reconciled automatically), Backstage import, or bridge sync from external registries.
- 2
Enrichment
The embeddings worker computes vector representations for semantic search. Relationship edges (depends-on, exposes, delegates-to) are declared or inferred.
- 3
Discovery
Users and AI assistants search by keyword + semantic similarity. Intent resolution combines both signals with governance awareness.
- 4
Governance evaluation
Access policies are evaluated at query time. Every action is audit-logged. Enforcement status is always shown honestly.
- 5
Runtime rendering
Selected capabilities are rendered into vendor-neutral runtime manifests. The agentgateway bridge applies them and monitors for drift.
Enforcement honesty
ATLAS never pretends to enforce something it doesn't. Every capability carries one of four enforcement statuses:
metadata_only
The catalog records governance intent, but no runtime enforcement exists yet. This is the default for new registrations.
simulated
Policy decisions are evaluated and logged, but not enforced. Use this to test policies before flipping to enforced.
enforced
Access policies are actively evaluated and enforced at runtime. Unauthorized requests are blocked.
disabled
Enforcement is explicitly turned off. The capability is visible but unprotected.
ATLAS as an MCP server
ATLAS is both an MCP registry and an MCP server. When you connect your AI assistant to ATLAS, it gets these tools:
| Tool | What it does |
|---|---|
| resolve_intent | Resolve a plain-language intent into a recommended capability + governance posture. |
| search_context | Hybrid search across the ATLAS catalog (capabilities + extensions). |
| get_entry | Fetch a single capability by slug. |
| find_mcp | Locate MCP servers and tools by capability/name/tag. |
| get_context_pack | Fetch a context pack with included capabilities/runbooks/teams. |
| list_context_packs | List context packs filtered by team/purpose/assistant type. |
| list_runbooks | List runbooks, optionally for a specific capability. |
| list_capability_dependencies | Return inbound + outbound relationship edges for a capability. |
| explain_capability | Plain-language explanation including governance posture and warnings. |
| whoami | Return the principal ATLAS sees for this session. |
Quick start
Run docker compose up to start the full stack (API, Web, MCP, Postgres, Redis, 5 mock services).
Seed the database: docker compose --profile seed up
Open http://localhost:3000 to see the catalog, governance dashboard, and all pages.
Connect your AI assistant: go to Assistant Setup and copy the MCP config.
Try Ask ATLAS — type "Who owns the certificate management platform?" and see intent resolution in action.