nexus

Nexus is a self-hosted router/aggregation layer for AI tooling: it unifies access to multiple Model Context Protocol (MCP) servers and LLM providers behind a single endpoint, with optional governance features like authentication, OAuth2 protection, CORS/CSRF protections, access control, and rate limiting (request- and token-based).

Evaluated Mar 30, 2026 (21d ago)
Homepage ↗ Repo ↗ Infrastructure ai llmops mcp llm-routing gateway security rate-limiting rust docker
⚙ Agent Friendliness
62
/ 100
Can an agent use this?
🔒 Security
60
/ 100
Is it safe for agents?
⚡ Reliability
21
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
80
Documentation
70
Error Messages
0
Auth Simplicity
70
Rate Limits
75

🔒 Security

TLS Enforcement
65
Auth Strength
75
Scope Granularity
40
Dep. Hygiene
45
Secret Handling
70

README claims TLS support and describes OAuth2 JWT bearer protection, CSRF/CORS, access control for MCP servers/tools, and token-based auth for downstream MCP servers. Secret handling appears to use environment-variable substitution in TOML. However, fine-grained authorization scopes and detailed security posture (e.g., secure defaults, logging redaction, dependency scanning/CVEs) are not evidenced in the provided text.

⚡ Reliability

Uptime/SLA
0
Version Stability
35
Breaking Changes
20
Error Recovery
30
AF Security Reliability

Best When

You want a unified control plane for MCP + LLM provider routing and you can manage a Rust service deployment (binary or Docker) with a TOML configuration and external provider credentials.

Avoid When

You require documented HTTP API specifics (schemas, error codes, retries) and published operational guarantees (SLA, versioning policy) from the README alone.

Use Cases

  • Consolidate multiple MCP tool servers (STDIO/SSE/streamable HTTP) behind one gateway endpoint
  • Route tool-calling/chat requests to multiple LLM providers through a consistent interface
  • Centralize governance: OAuth2-protected endpoints, per-group access control, and rate limiting
  • Provide fuzzy search across tools to improve tool selection
  • Use as a local development or production edge component for LLMOps-style workflows

Not For

  • Environments where self-hosting and operating an additional gateway service is not feasible
  • Teams needing a fully specified, standardized public API contract (e.g., OpenAPI/SDKs) for third-party client integrations
  • Use cases requiring strict guarantees about idempotency semantics without verifying endpoint behavior

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: OAuth2 (JWT bearer tokens for protected endpoints) Service token auth for MCP servers (static token / env var substitution) Forwarded auth (forward access token to downstream MCP servers) Client identification for rate limiting (JWT claim or HTTP header)
OAuth: Yes Scopes: No

README describes OAuth2 JWT validation and MCP server token auth, but does not detail fine-grained scopes/permissions at the Nexus endpoints.

Pricing

Free tier: No
Requires CC: No

README indicates self-hosting via Docker/binary; no commercial pricing model is described.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Rate limiting (especially token-based) requires enabling client identification; otherwise configuration will fail.
  • Tool access control uses allow/deny semantics with group identification requirements depending on allow/deny configuration.
  • STDIO MCP servers must output valid JSON-RPC messages on stdout; misbehavior can break tool connectivity.
  • MCP header insertion supports static values only and only for HTTP-based MCP servers.

Alternatives

Direct MCP client integration per tool/provider without a gateway API gateways/proxy setups combined with provider SDKs (custom orchestration) Other LLM gateway/routing products (managed or self-hosted) that offer OpenAPI/SDK-first integration

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for nexus.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered