{"id":"dunialabs-peta-core","name":"peta-core","homepage":"https://peta.io","repo_url":"https://github.com/dunialabs/peta-core","category":"infrastructure","subcategories":[],"tags":["ai-ml","mcp","gateway","security","authentication","vault","audit","policy-engine","typescript","oauth2","rbac","abac","self-hosted"],"what_it_does":"Peta Core is a self-hosted control-plane/runtime for MCP (Model Context Protocol): it proxies MCP calls through a gateway, manages downstream server lifecycles, encrypts/stores credentials in a vault, enforces RBAC/ABAC policies (optionally with human-in-the-loop approvals), and writes structured audit logs. It also provides an embedded OAuth 2.0 authorization server and can expose anonymous/public access for selected servers.","use_cases":["Run MCP in production with a centralized gateway/proxy for multiple downstream MCP servers","Centralize and enforce per-user, per-tool authorization (RBAC/ABAC) before tool execution","Store and inject downstream credentials securely at execution time","Provide audit trails for every tool call (without logging secrets)","Implement approval workflows for high-risk tool actions","Expose REST endpoints as MCP tools via a REST-to-MCP adapter"],"not_for":["Building a simple single-purpose MCP server without gateway/vault/policy needs","Environments that cannot run/operate a self-hosted backend component (deployment, DB, keys, etc.)","Use as a generic credential store without the surrounding policy/audit gateway context"],"best_when":"You need a production-grade MCP control plane with authentication/authorization, credential vaulting, auditability, and managed downstream connectivity.","avoid_when":"You only require local/dev experimentation where the additional operational complexity (OAuth server, DB, supervision, vault keys) isn’t justified.","alternatives":["Build directly on MCP without a gateway (simpler, but fewer centralized guarantees)","Use an API gateway/proxy plus a separate authz/authn layer and bespoke audit logging","Adopt other MCP gateway/control-plane solutions in the ecosystem (if available)"],"af_score":63.5,"security_score":77.0,"reliability_score":40.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:25:40.585631+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["TypeScript","JavaScript"],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["OAuth 2.0 authorization server (Authorization Code + PKCE, refresh tokens)","Dynamic client registration","Token introspection","Token revocation","Anonymous public access mode for selected public servers (separate /mcp/public endpoint)"],"oauth":true,"scopes":true,"notes":"Auth is described as including an embedded OAuth2 server and capability/policy-based filtering. Exact scope model and enforcement details are not included in the provided README excerpt."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source/self-hosted component (no SaaS pricing described)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":63.5,"security_score":77.0,"reliability_score":40.0,"mcp_server_quality":85.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":70.0,"tls_enforcement":80.0,"auth_strength":85.0,"scope_granularity":75.0,"dependency_hygiene":45.0,"secret_handling":90.0,"security_notes":"README claims credentials are encrypted at rest (PBKDF2 + AES-GCM) and injected server-side at execution time, and that secrets are excluded from logs. It also describes RBAC/ABAC with optional human-in-the-loop approvals and audit logging. Dependency hygiene score is estimated due to lack of explicit vulnerability/SBOM/CVE remediation data in the provided manifest/README excerpt.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":50.0,"error_recovery":70.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":true,"known_agent_gotchas":["Approval-gated or cached results may change tool execution semantics (tool might not run immediately if human-in-the-loop is required).","Public/anonymous access is available only for selected servers on a separate endpoint; ensure the agent targets the correct route.","Downstream retries (up to two reconnect/retry attempts) may still cause non-idempotent side effects depending on the downstream tool."]}}