mcp-server-as-http

Runs an HTTP server that exposes a REST endpoint to forward requests to one or more Model Context Protocol (MCP) servers. It supports bearer-token authentication (optionally disabled), loads MCP server commands from a JSON configuration file, and includes a health check and logging.

Evaluated Apr 04, 2026 (16d ago)

Repo ↗ API Gateway mcp http rest api-gateway authentication docker rust json-rpc

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

README indicates optional bearer-token auth and non-root execution, but does not describe TLS enforcement details, token hashing/rotation, audit logging, or fine-grained scopes. The system also runs MCP servers via Node/npx commands configured in JSON; this increases risk if configuration is untrusted or if npm packages are pulled at runtime without pinning.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You want a simple HTTP façade over MCP tools and can deploy/control the service (including the MCP server processes it launches).

Avoid When

You cannot accept that request payloads may contain raw MCP JSON-RPC commands without additional validation/sanitization, or you require strict rate limiting/pagination/retry semantics documented for clients.

Use Cases

• Expose MCP server tools over HTTP so non-MCP clients can call them
• Integrate MCP tool execution into existing REST-based systems
• Use Dockerized deployment for local or production environments

Not For

• Highly regulated environments requiring strong, standardized enterprise auth and audit guarantees
• Use cases needing a fully specified API contract (OpenAPI/SDK) for all endpoints
• Mission-critical reliability without additional monitoring and resilience engineering

Interface

REST API

Yes

GraphQL

gRPC

MCP Server

Yes

SDK

Webhooks

Authentication

Methods: Bearer token in Authorization header

OAuth: No Scopes: No

Authentication can be disabled via DISABLE_AUTH=true. No scope granularity is described; the README treats the API key as a single shared bearer secret.

Pricing

Free tier: No

Requires CC: No

Open-source repository; costs depend on your deployment/runtime and any MCP server dependencies you run/install.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ API accepts a 'command' field that appears to pass through raw MCP JSON-RPC; agents must format it precisely.
⚠ Authentication can be disabled; ensure the correct environment variables are set when running in automated contexts.
⚠ MCP servers are started via commands/args from a JSON config; misconfiguration can cause startup/tool-call failures that may not be machine-readable.

Alternatives

Use an MCP-native client/library directly (no HTTP façade) Build a small reverse proxy/adapter service tailored to a specific MCP server/toolset Use existing MCP-to-HTTP gateway solutions (if available) with OpenAPI/SDK support

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-server-as-http.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.