1mcp
1mcp is a central proxy/hub that aggregates multiple upstream MCP servers and exposes a unified streamable-http MCP interface to downstream clients. It discovers upstream tools/resources/prompts, prefixes capability names (e.g., serverName___toolName), routes downstream requests to the correct upstream server, and supports dynamic hot-reloading of the upstream server configuration with live capability updates.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Hub access control is not clearly documented; relying on network controls is likely. TLS enforcement is not specified in the README. Upstream connections may include Authorization/API-key headers, but there’s no guidance on secret storage/logging practices. Dependency list is small and includes core libraries (@modelcontextprotocol/sdk, express, eventsource), but no vulnerability/patching policy is stated.
⚡ Reliability
Best When
You want an MCP “hub” that consolidates tools from multiple upstream MCP servers and you’re comfortable managing upstream connections through a local configuration file.
Avoid When
You need a hosted SaaS with SLAs, explicit rate limiting, and documented security guarantees for external clients hitting the hub.
Use Cases
- • Unifying multiple MCP servers behind a single HTTP endpoint for downstream MCP clients
- • Capability discovery/aggregation across heterogeneous upstream transports (stdio/SSE/streamable-http)
- • Dynamic operations where upstream servers can be added/removed/updated without restarting the hub
- • Simplifying tool calling by standardizing capability naming via prefixes
Not For
- • Production deployments requiring strong, documented access control on the hub itself (auth is not clearly specified for /mcp)
- • Environments where you cannot run/allow upstream server processes (stdio via command)
- • Use as a general-purpose API gateway beyond MCP proxying/routing
Interface
Authentication
Authentication/authorization for 1mcp’s downstream interface (/mcp) is not explicitly documented. The README only shows examples of upstream headers for SSE/streamable-http upstream connections, which does not guarantee the hub enforces auth for clients.
Pricing
Self-hosted open-source package (MIT per README). No pricing model described.
Agent Metadata
Known Gotchas
- ⚠ Capability names are prefixed with serverName___, so agents must use the prefixed name when calling through the hub.
- ⚠ Upstream reconnection and dynamic capability updates can change available capabilities during runtime.
- ⚠ Session management is described as having a 30-minute timeout/inactivity cleanup in places, but the README also contains an apparent inconsistency saying sessions persist indefinitely; agents should be prepared for session expiration/cleanup.
- ⚠ Dynamic config hot-reload may briefly invalidate/refresh capability mappings during changes.
- ⚠ Upstream servers that are unreachable will prevent certain capabilities from being routed successfully; agents should handle tool-not-found/connection errors.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for 1mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.