MetaMCP

MetaMCP is a self-hosted MCP aggregator and gateway that groups multiple MCP servers into namespaces, exposes them as unified endpoints with configurable auth and rate limiting, and supports tool customization, middleware, and OpenAPI output in a single Docker deployment.

Evaluated Mar 06, 2026 (0d ago) vlatest
Homepage ↗ Repo ↗ Other gateway aggregator middleware docker postgresql sse streamable-http openapi rate-limiting multi-tenancy oauth api-key pnpm turbo
⚙ Agent Friendliness
77
/ 100
Can an agent use this?
🔒 Security
79
/ 100
Is it safe for agents?
⚡ Reliability
70
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
80
Documentation
78
Error Messages
68
Auth Simplicity
78
Rate Limits
72

🔒 Security

TLS Enforcement
90
Auth Strength
78
Scope Granularity
72
Dep. Hygiene
80
Secret Handling
75

Meta/aggregator MCP server. Wraps multiple MCP servers — security depends on each upstream. Gateway-level auth. Audit all tool calls passing through.

⚡ Reliability

Uptime/SLA
72
Version Stability
72
Breaking Changes
68
Error Recovery
70
AF Security Reliability

Best When

You need a full-featured self-hosted MCP gateway with namespace grouping, per-endpoint rate limiting, multi-tenancy, tool overrides, and OpenAPI compatibility in one Docker Compose deployment.

Avoid When

You want a lightweight single-binary gateway, a managed cloud service, or your needs are covered by connecting one MCP server directly to one client.

Use Cases

  • Dynamically composing and remixing tools from multiple MCP servers into named endpoints consumed by Claude Desktop or Cursor
  • Applying middleware transformations (e.g., filtering inactive tools) to optimize token usage when serving LLMs
  • Multi-tenant deployments where different users or teams each get isolated namespaces with their own API keys and tool selections

Not For

  • Users who need a simple single-server setup without aggregation
  • Teams without Docker or Node.js operational capabilities
  • Use cases requiring an on-premise install without any external network calls (PostgreSQL and Docker required)

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: api-key session-cookie oauth2
OAuth: Yes Scopes: Yes

API key via Authorization Bearer header (sk_mt_... format). Session cookies for internal TRPC. MCP OAuth per spec 2025-06-18. Note: query parameter API key auth does not work with SSE transport.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT licensed. No cost. PostgreSQL infra cost is operator-supplied.

Agent Metadata

Pagination
none
Idempotent
Unknown
Retry Guidance
Not documented

Known Gotchas

  • Query parameter API key auth is broken for SSE transport; agents must use Authorization header instead
  • Rate limit counters are in-memory per machine in clustered deployments, so limits are not globally enforced across nodes
  • stdio-based MCP servers require mcp-proxy wrapper for clients that only support stdio
  • Pre-allocated idle sessions reduce cold start latency but consume resources when namespaces have many servers

Alternatives

mcpjungle mesh mcpo

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for MetaMCP.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5178
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered