Decision needed: alpha-gated managed MCP servers awaiting a tier call (live queue)

[micheleRP]

Filed by the scheduled cloudv2→adp-docs sync routine (2026-06-20). No PR was opened — see why below.

What landed in cloudv2

In the last 24h, three new managed MCP server types were merged to cloudv2 main:

Server	Display name	Category	cloudv2 PR	Feature commit
Spotfire	Spotfire	Utility	#27307	14315bbaa
Navan	Navan	Utility	#26992	d09dc692e
incident.io	incident.io (Read-only)	Communication	#27289	9bc38d1d5

Why no docs PR

All three set FeatureGate: "alpha" in their register_mcp.go (verified on main):

• apps/aigw/internal/mcp/managed/mcps/spotfire/register_mcp.go
• apps/aigw/internal/mcp/managed/mcps/navan/register_mcp.go
• apps/aigw/internal/mcp/managed/mcps/incident_io/register_mcp.go

Per the maturity HARD RULE in CLAUDE.md, alpha-gated servers are an early-access human/product decision, not a docs label. The routine must not add, update, or label their pages, and never writes "alpha" as a maturity. So nothing was published this run.

Decision for Michele / docs team

For each server, decide whether to:

1. Ship it documented as beta — :page-beta: true page header + badge:beta[label=beta] row in modules/connect/pages/managed/managed-catalog.adoc; or
2. Leave it out of the docs until the alpha gate is lifted.

If you green-light any of them as beta, I can draft the catalog row + setup page on a follow-up run (grounded in cloudv2 source). Source notes already gathered:

• Spotfire — "Browse and search the Spotfire library (analyses, data files, folders) on a Spotfire Server." Auth: service_account_oauth (client-credentials) or user_oauth (per-user OAuth). Requires base_url.
• Navan — "Read company expense transactions, receipts, and travel bookings from Navan." Auth: company-level OAuth 2.0 client-credentials only (api_credentials: client_id, client_secret_ref, token_url, optional scopes); no per-user delegation. Requires base_url. Read-only.
• incident.io — "Read incidents, follow-ups, severities, and statuses." Auth: static API key (api_key). Read-only — no write access.

Other ADP changes this window (no docs action)

• AI Agent: Anthropic prompt caching enabled by default (cloudv2 #27306, 53143939d) — always-on internal cost optimization, no user-facing config knob. Nothing to document.
• ServiceNow "schema MCP" (cloudv2 #27214) — a GlobalFoundries customer-specific custom JavaScript MCP under adp/customers/, not a managed server type. Not public-docs material.

cc @micheleRP — this isn't blocking anything; it just needs a tier call before docs can move.

[micheleRP]

Decision queue refresh — alpha-gated managed MCP servers as of 2026-06-24

Bringing this queue current. Since this issue was filed (2026-06-20, the Spotfire/Navan/incident.io trio), more alpha-gated managed MCP server types have landed in cloudv2 main and need a tier call. Every server below sets FeatureGate: "alpha" in its register_mcp.go (re-verified against main on 2026-06-24), so per the maturity HARD RULE in CLAUDE.md none can be published or labeled by the sync routine. Each needs a human decision: ship documented as beta (:page-beta: true page + badge:beta[label=beta] catalog row) or leave out until the gate lifts.

Full current queue

Server	Display name	Category	Access / tools	Auth	In original #106?
Spotfire	Spotfire	Utility	Browse and search the Spotfire library (analyses, data files, folders)	service_account_oauth (client-credentials) or user_oauth; requires base_url	Yes
Navan	Navan	Utility	Read expense transactions, receipts, travel bookings (read-only)	Company OAuth 2.0 client-credentials only; requires base_url	Yes
incident.io	incident.io (Read-only)	Communication	Read incidents, follow-ups, severities, statuses (read-only)	Static API key	Yes
AWS Redshift	AWS Redshift	Database	Run read-only SQL queries against a Redshift warehouse	AWS session (static creds or assume-role); connection = provisioned cluster or Serverless workgroup; DB auth = Secrets Manager ARN or temporary IAM creds	New (cloudv2 #27350, Jun 23)
Microsoft Dynamics 365	Microsoft Dynamics 365	Utility	Query, create, update, delete Dataverse records via the OData Web API (read-write)	Microsoft Entra ID OAuth: service_account_oauth (client-credentials) or user_oauth (per-user token vault); requires organization_url	New (cloudv2 #27363, Jun 23)
Bitdefender GravityZone	Bitdefender GravityZone	Utility	Read endpoint inventory, security incidents, quarantine items (read-only)	Static API key	New
Neo4j	Neo4j	Database	Query a Neo4j graph with Cypher: schema introspection, read and write queries, GDS procedure discovery (read-write)	Password (secret ref)	New
Neo4j Aura	Neo4j Aura	Database	Manage Aura cloud instances: list, inspect, pause, resume instances, projects, snapshots	OAuth 2.0 client-credentials	New
OData	OData	Utility	Generate MCP tools dynamically from an OData service $metadata (for example SAP Gateway)	NoAuth, Bearer, API key, Basic, or per-user OAuth	New
JavaScript	JavaScript	Utility	Define an MCP in JavaScript using the @redpanda-data/mcp-types SDK (executes customer-authored JS)	n/a (code-defined)	New

Notes for the tier call

• JavaScript overlaps conceptually with the already-documented code mode (modules/connect/pages/code-mode.adoc). Its source DocsURL points at the self-managed ai-gateway/javascript-mcp page, not the managed catalog. Confirm positioning before deciding whether it belongs in the managed catalog at all.
• Excluded from this queue (alpha-gated in source but already have a docs decision): SharePoint (ships beta, has a page) and AWS S3 (already in the managed catalog).
• If you green-light any server as beta, I can draft the catalog row + setup page on a follow-up, grounded in each server's register_mcp.go and proto config (auth variants, required fields, tool list).

Why no docs PR for any of these

Same reason as the original filing: alpha-gated servers are an early-access product decision, not a docs label. The sync routine correctly published nothing and surfaces them here for a tier call.

cc @micheleRP