PlexMCP-OSS

PlexMCP is an MCP (Model Context Protocol) gateway that orchestrates MCP servers behind a unified API/dashboard. It provides multi-tenant isolation, authentication (API keys and TOTP 2FA), audit logging, and usage analytics/billing, with a Rust/Axum backend and Next.js/TypeScript frontend.

Evaluated Apr 04, 2026 (16d ago)

Homepage ↗ Repo ↗ Infrastructure mcp api-gateway orchestration multi-tenant authentication audit-logging self-hosted rust nextjs rbac docker

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

README claims encryption in transit and at rest, API-key scoped permissions with rate limiting, TOTP 2FA, and row-level security (RLS) on all database tables. Dependency and secret-handling specifics, CVE posture, and whether secrets are exposed in logs are not verifiable from the provided content.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You need a gateway layer for MCP servers with multi-tenant security, auditing, and operational controls (including self-hosting via Docker).

Avoid When

You only need direct access to a single MCP server and do not require routing, isolation, or API management.

Use Cases

• Centralize and route requests to multiple MCP servers
• Run multi-tenant AI apps with tenant isolation and RBAC-style controls
• Require API-key-based access with scoped permissions and rate limiting
• Provide audit logs and usage analytics for compliance/debugging/billing
• Self-host an MCP gateway with Docker

Not For

• A lightweight single-user proxy with minimal setup/overhead
• Environments that need instant managed hosting without self-hosting complexity (unless using PlexMCP Cloud)
• Use cases requiring only direct MCP server access without an intermediary gateway

Interface

REST API

Yes

GraphQL

gRPC

MCP Server

SDK

Webhooks

OpenAPI Spec ↗

Authentication

Methods: API keys Two-factor authentication (TOTP) for interactive users (per docs claims) Likely session-based auth for dashboard (implied by dashboard, not explicitly detailed in provided README)

OAuth: No Scopes: Yes

README claims scoped permissions for API keys and TOTP 2FA support; specific OAuth/SAML/SSO flows are not mentioned in the provided content.

Pricing

Model: Self-hosted open-source (code under FSL-1.1-Apache

Free tier: Yes

Requires CC: No

PlexMCP Cloud is described as usage-based billing with a free tier; exact pricing/limits and whether credit cards are required are not provided in the README excerpt.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ No details provided on API error response formats, idempotency semantics, pagination conventions, or retry guidance in the supplied README text.
⚠ Auth flow details beyond API keys and claimed TOTP are not specified here; automation may require inspecting the REST API reference.

Alternatives

Directly connecting clients to MCP servers without a gateway/orchestrator Other MCP gateway/orchestration projects in the MCP ecosystem (if compatible with your auth/audit needs)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for PlexMCP-OSS.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.