mcp-bridgekit
MCP BridgeKit is an embeddable bridge that exposes MCP stdio (JSON-RPC over stdin/stdout) tools as HTTP endpoints for web/mobile clients. It provides per-user MCP session management, timeout handling with Redis/RQ background job fallback, job polling/SSE updates, tool discovery, and a live dashboard via FastAPI.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS enforcement is not explicitly detailed in the README. Auth is optional X-API-Key (disabled by default) with no fine-grained scopes described. Redis is required, increasing the need to secure internal network access and environment variables. Structured error codes exist but details on sanitization/redaction and logging of secrets are not provided.
⚡ Reliability
Best When
You need to run MCP stdio tools for many concurrent web users while surviving 30s gateway/function timeouts, and you can provide/manage a Redis instance for job/session state.
Avoid When
You cannot deploy/manage Redis (for the queue/session pooling) or you cannot accept that auth is optional and basic (API key header) rather than a full OAuth-based authorization model.
Use Cases
- • Web chatbots that need to call local MCP stdio tools over HTTP
- • Multi-tenant SaaS where each tenant/user runs different MCP tool commands
- • Handling long-running MCP tool calls behind web/CDN timeouts using queued background jobs
- • Unified HTTP access to internal developer tools implemented as MCP servers
- • Integrations (Slack/Zapier/n8n/etc.) that can only call HTTP but need MCP tool execution
- • Mobile apps that cannot spawn local subprocesses but can call an HTTP backend
Not For
- • Use cases where MCP servers already offer an HTTP transport (no bridge needed)
- • Single-user desktop/CLI scenarios where direct MCP stdio usage is simpler
- • Security-sensitive deployments that require robust auth/authorization beyond an optional X-API-Key header
Interface
Authentication
Authentication is described as an optional API key header in v0.8. No OAuth or fine-grained authorization scopes are described.
Pricing
No pricing model is described; as a self-hosted MIT-licensed project, costs are primarily infrastructure (e.g., Redis and compute).
Agent Metadata
Known Gotchas
- ⚠ POST /chat can auto-queue on timeout; clients may need to poll GET /job/{job_id} or use SSE events
- ⚠ Requires Redis for job queue/session pooling; without it, background jobs and/or session persistence will not function
- ⚠ API key auth is optional and disabled by default—ensure you enable it in production
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-bridgekit.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.