MCP Proxy

A bidirectional proxy that bridges stdio and SSE/Streamable HTTP MCP transports, enabling clients like Claude Desktop (which only speak stdio) to connect to remote HTTP-based MCP servers, and vice versa.

Evaluated Mar 07, 2026 (0d ago) vlatest
Homepage ↗ Repo ↗ Other proxy stdio sse streamable-http transport bridge oauth2
⚙ Agent Friendliness
77
/ 100
Can an agent use this?
🔒 Security
79
/ 100
Is it safe for agents?
⚡ Reliability
72
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
75
Documentation
80
Error Messages
60
Auth Simplicity
78
Rate Limits
72

🔒 Security

TLS Enforcement
92
Auth Strength
78
Scope Granularity
72
Dep. Hygiene
80
Secret Handling
75

MCP protocol proxy/multiplexer. Security depends on proxied servers. Proxy sees all tool calls — treat as high-trust infrastructure. Use TLS for transport. Auth per proxied server.

⚡ Reliability

Uptime/SLA
72
Version Stability
75
Breaking Changes
70
Error Recovery
72
AF Security Reliability

Best When

Your MCP client only supports stdio but your servers speak HTTP/SSE, or you need to expose a local stdio server to remote consumers.

Avoid When

Client and server already support the same transport natively; the proxy layer adds latency and an extra failure point.

Use Cases

  • Connect Claude Desktop to a remote SSE-based MCP server that it cannot natively reach
  • Expose a local stdio MCP server over SSE so remote clients can consume it
  • Run multiple named MCP servers through a single proxy with a JSON config file
  • Add OAuth2 or bearer token authentication in front of MCP servers that lack built-in auth

Not For

  • Scenarios where client and server already share the same transport — adds unnecessary complexity
  • Teams needing domain-level tool routing (use a dedicated MCP gateway instead)
  • Users who need the proxy to transform or inspect MCP message content

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: bearer_token api_key oauth2 custom_headers
OAuth: Yes Scopes: No

Supports bearer token via API_ACCESS_TOKEN env var, custom headers via --headers flag, and full OAuth2 flow (client ID, secret, token URL). SSL verification can be disabled for self-signed certs.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT licensed. Available via PyPI, pipx, uv, or Docker at no cost.

Agent Metadata

Pagination
none
Idempotent
Unknown
Retry Guidance
Not documented

Known Gotchas

  • Stateless mode for Streamable HTTP may cause issues with servers that rely on session state
  • SSL verification disabled by default in some configurations — verify settings in security-sensitive environments
  • CORS must be explicitly configured via --allow-origin; open CORS is a security risk
  • OAuth2 token refresh behavior under long-running agent sessions is not clearly documented

Alternatives

mcp-router mcp-gateway supergateway

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for MCP Proxy.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered