{"id":"aarora79-mcp-gateway","name":"mcp-gateway","homepage":null,"repo_url":"https://github.com/aarora79/mcp-gateway","category":"infrastructure","subcategories":[],"tags":["ai-agents","mcp","mcp-gateway","mcp-registry","nginx","fastapi","sse","websockets","tool-discovery"],"what_it_does":"Provides a deployable MCP Gateway (reverse-proxy via Nginx) and a MCP Registry/UI to register and govern MCP servers, discover tools (including schemas via ListTools), and route MCP client traffic to enabled backend MCP servers using per-service URL paths. Includes health checks and real-time UI updates via WebSockets.","use_cases":["Centralized discovery and management of approved MCP servers for agent tool use","Enterprise/governed access to curated MCP servers across teams or environments","Dynamic tool discovery in agents (query tools by natural language) and invocation via the gateway","Health monitoring of MCP services (SSE endpoint checks) and enabling/disabling services at runtime"],"not_for":["Production use where you cannot operate/manage your own infrastructure (Docker, Nginx, optional EC2/EKS)","Environments requiring OAuth/OIDC federation rather than a built-in username/password login","Use cases needing fine-grained per-tool authorization beyond what the gateway/registry provides"],"best_when":"You want to standardize and govern MCP server access behind a single endpoint with path-based routing and you can operate the gateway/registry stack.","avoid_when":"You need turnkey SaaS or vendor-managed scaling and SLAs, or you cannot risk that gateway self-signed cert defaults are used without proper TLS configuration.","alternatives":["Run a dedicated MCP server discovery directory you control (custom registry)","Use an API gateway/reverse proxy directly for individual MCP servers without a registry UI","Adopt an enterprise service catalog/SSO-based broker for tools, with custom routing to MCP servers"],"af_score":49.0,"security_score":47.2,"reliability_score":35.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:50:12.472043+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Basic/battery-included admin login for registry UI and API (ADMIN_USER/ADMIN_PASSWORD)","Optional upstream authorization for backend MCP servers (example notes mention 401 if Polygon API key missing)"],"oauth":false,"scopes":false,"notes":"Auth is described for securing the registry UI and API using ADMIN_USER/ADMIN_PASSWORD. No evidence in provided content of OAuth/OIDC, scoped tokens, or per-route authorization beyond enable/disable and service management controls."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source project; costs are infrastructure-related (EC2/EKS, load balancers, TLS certs, etc.)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":49.0,"security_score":47.2,"reliability_score":35.0,"mcp_server_quality":70.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":20.0,"tls_enforcement":70.0,"auth_strength":45.0,"scope_granularity":20.0,"dependency_hygiene":40.0,"secret_handling":60.0,"security_notes":"TLS is supported via HTTPS with cert/key mounting, but README also states self-signed cert default and HTTP is available; this reduces assurance if misconfigured. Authentication for registry UI/API uses username/password (ADMIN_USER/ADMIN_PASSWORD); no evidence of OAuth/OIDC, fine-grained authorization, or scope-based access. Project includes a large dependency list (including ML libraries), but no CVE/lockfile/security posture details are provided in the excerpt. Secrets are passed via environment variables (e.g., ADMIN_PASSWORD, POLYGON_API_KEY, SECRET_KEY) and not shown being logged, but the excerpt does not confirm no logging of secrets.","uptime_documented":20.0,"version_stability":30.0,"breaking_changes_history":40.0,"error_recovery":50.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Because it relies on per-service path routing, agents must use the correct gateway base URL and service path (e.g., /weather/, /currenttime/) to reach the intended MCP server.","TLS defaults mention self-signed certs and HTTP availability; agents may fail verification unless configured to trust the cert or use proper HTTPS setup.","Health checks rely on /sse HEAD probes; a service may be 'enabled' but still fail tool calls if underlying dependencies (e.g., Polygon API key) are misconfigured.","Nginx configuration is dynamically regenerated based on enabled/disabled state; changes may require time for reload/regeneration before agents see updates."]}}