{"id":"decocms-studio","name":"studio","homepage":"https://decocms.com/studio","repo_url":"https://github.com/decocms/studio","category":"ai-ml","subcategories":[],"tags":["ai-ml","agents","mcp","orchestration","observability","self-host","typescript"],"what_it_does":"Studio (Deco CMS) is an open-source control plane for AI agents. It lets you hire/compose agents, connect and govern external tools via MCP (including “Virtual MCPs”), organize agents and tool connections into projects, and provides observability for tokens/costs/latency/errors. It can run locally with embedded PostgreSQL or via a cloud/team mode.","use_cases":["Self-host an agent orchestration/control plane with governed MCP tool access","Build multi-agent workflows around goals using projects with adaptive UIs","Provide per-connection and per-agent observability (tokens, costs, errors, latency)","Proxy and govern tool access using token vault/credential management","Team collaboration with RBAC and shared connections/cost attribution"],"not_for":["High-compliance environments where formal security/compliance documentation is required but not provided in the available materials","Organizations that only need a lightweight agent runtime (this is an end-to-end platform)","Use as a drop-in replacement without reviewing auth/storage/encryption behavior in code/docs"],"best_when":"You want a TypeScript-first, self-hostable platform to govern MCP tools, coordinate agent/project workflows, and get built-in token/cost/latency observability.","avoid_when":"You cannot operate a web app + API server + database (local) or you require a clearly specified SLA, documented rate limits, and explicit SDK/API contracts beyond what’s shown.","alternatives":["OpenTelemetry-based custom orchestration with your own MCP proxy","Other agent control planes / orchestration frameworks that support MCP","Managed agent platforms with observability and RBAC"],"af_score":55.8,"security_score":76.5,"reliability_score":28.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:32:25.435347+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth 2.1 via Better Auth (workspace/project)","API keys (per workspace/project)"],"oauth":true,"scopes":true,"notes":"README indicates RBAC via Better Auth with OAuth 2.1 + API keys; exact scope model is not fully detailed."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"License is a Sustainable Use License: free for self-hosting internal use and client projects; commercial license required for SaaS/revenue-generating production systems. No pricing tiers described for the SaaS."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":55.8,"security_score":76.5,"reliability_score":28.8,"mcp_server_quality":70.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":75.0,"rate_limit_clarity":10.0,"tls_enforcement":95.0,"auth_strength":80.0,"scope_granularity":70.0,"dependency_hygiene":50.0,"secret_handling":80.0,"security_notes":"README states token vault/credential management, access control, audit logging, and OpenTelemetry traces. However, available materials don’t specify TLS/transport details, secret storage guarantees, encryption-at-rest specifics, or dependency/security posture (CVE status), so scores are estimated from claims alone.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":30.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Tool/model behavior depends on external MCP servers/tools; failure modes from upstream MCP providers may propagate through the proxy.","At-least-once delivery via the event bus implies consumers may need to handle duplicates.","Virtual MCP strategies (full-context/smart selection/code execution) can change tool availability and determinism; agent prompts/tool calling may need adjustment accordingly."]}}