Mesh

Mesh is an open-source MCP control plane that routes all MCP traffic through a single governed endpoint, providing RBAC, OAuth 2.1, credential vaulting, OpenTelemetry observability, and multi-tenant workspace isolation for teams managing multiple MCP servers.

Evaluated Mar 07, 2026 (0d ago) vlatest
Homepage ↗ Repo ↗ Other gateway rbac oauth2 opentelemetry multi-tenancy bun typescript react sqlite postgresql docker kubernetes sustainable-use-license
⚙ Agent Friendliness
73
/ 100
Can an agent use this?
🔒 Security
77
/ 100
Is it safe for agents?
⚡ Reliability
68
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
78
Documentation
72
Error Messages
65
Auth Simplicity
75
Rate Limits
68

🔒 Security

TLS Enforcement
90
Auth Strength
75
Scope Granularity
68
Dep. Hygiene
80
Secret Handling
72

Service mesh / multi-agent coordination MCP. Controls agent communication paths. Security critical — mesh intercepts all agent communications. mTLS between services recommended.

⚡ Reliability

Uptime/SLA
68
Version Stability
70
Breaking Changes
65
Error Recovery
68
AF Security Reliability

Best When

You need enterprise-grade governance over MCP tool access: fine-grained permissions, audit logs, credential vaulting, and observability across multiple teams and servers.

Avoid When

Your needs are simple (one server, one user, no compliance requirements), or you cannot self-host and need a managed SaaS gateway.

Use Cases

  • Enterprise teams consolidating many MCP servers behind a single audited, access-controlled endpoint for AI clients
  • Agencies deploying client projects that each need isolated MCP toolsets with independent credentials and audit logs
  • Organizations requiring full OpenTelemetry tracing and RBAC over AI agent tool access without building a custom gateway

Not For

  • Individual developers needing simple tool access without governance overhead
  • SaaS products built on top of Mesh (requires commercial license under SUL)
  • Teams without Bun or Node.js operational experience for self-hosting

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: oauth2 api-key
OAuth: Yes Scopes: Yes

Better Auth framework providing OAuth 2.1 with fine-grained permissions per workspace/project. API key management with RBAC. Credential vault for secure token storage.

Pricing

Model: sustainable_use
Free tier: Yes
Requires CC: No

Sustainable Use License (SUL). Contact contact@decocms.com for commercial licensing.

Agent Metadata

Pagination
none
Idempotent
Unknown
Retry Guidance
Not documented

Known Gotchas

  • SUL licensing means commercial users must obtain a paid license before building revenue-generating products on Mesh
  • OAuth 2.1 setup complexity may be a barrier for small teams accustomed to simple API key auth
  • Multi-tenancy workspace configuration requires upfront planning; changing workspace structure post-deployment is non-trivial
  • Virtual MCP strategies (full-context, smart selection) need tuning per use case to optimize token consumption

Alternatives

metamcp mcpjungle mcpo

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Mesh.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered