peta-core
Peta Core is a self-hosted control-plane/runtime for MCP (Model Context Protocol): it proxies MCP calls through a gateway, manages downstream server lifecycles, encrypts/stores credentials in a vault, enforces RBAC/ABAC policies (optionally with human-in-the-loop approvals), and writes structured audit logs. It also provides an embedded OAuth 2.0 authorization server and can expose anonymous/public access for selected servers.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
README claims credentials are encrypted at rest (PBKDF2 + AES-GCM) and injected server-side at execution time, and that secrets are excluded from logs. It also describes RBAC/ABAC with optional human-in-the-loop approvals and audit logging. Dependency hygiene score is estimated due to lack of explicit vulnerability/SBOM/CVE remediation data in the provided manifest/README excerpt.
⚡ Reliability
Best When
You need a production-grade MCP control plane with authentication/authorization, credential vaulting, auditability, and managed downstream connectivity.
Avoid When
You only require local/dev experimentation where the additional operational complexity (OAuth server, DB, supervision, vault keys) isn’t justified.
Use Cases
- • Run MCP in production with a centralized gateway/proxy for multiple downstream MCP servers
- • Centralize and enforce per-user, per-tool authorization (RBAC/ABAC) before tool execution
- • Store and inject downstream credentials securely at execution time
- • Provide audit trails for every tool call (without logging secrets)
- • Implement approval workflows for high-risk tool actions
- • Expose REST endpoints as MCP tools via a REST-to-MCP adapter
Not For
- • Building a simple single-purpose MCP server without gateway/vault/policy needs
- • Environments that cannot run/operate a self-hosted backend component (deployment, DB, keys, etc.)
- • Use as a generic credential store without the surrounding policy/audit gateway context
Interface
Authentication
Auth is described as including an embedded OAuth2 server and capability/policy-based filtering. Exact scope model and enforcement details are not included in the provided README excerpt.
Pricing
Open-source/self-hosted component (no SaaS pricing described).
Agent Metadata
Known Gotchas
- ⚠ Approval-gated or cached results may change tool execution semantics (tool might not run immediately if human-in-the-loop is required).
- ⚠ Public/anonymous access is available only for selected servers on a separate endpoint; ensure the agent targets the correct route.
- ⚠ Downstream retries (up to two reconnect/retry attempts) may still cause non-idempotent side effects depending on the downstream tool.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for peta-core.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.