{"id":"mezmo-aura","name":"aura","homepage":"https://www.mezmo.com/aura","repo_url":"https://github.com/mezmo/aura","category":"ai-ml","subcategories":[],"tags":["ai-agent-framework","mcp","rag","openai-compatible","rust","sse","observability","opentelemetry","toml","vector-stores"],"what_it_does":"Aura is a Rust framework that composes and runs AI agents from declarative TOML configuration. It provides an OpenAI-compatible HTTP/SSE web API for chat/completions, integrates with multiple LLM providers, supports dynamic MCP tool discovery via multiple transports (HTTP/SSE/stdio), and includes optional RAG/vector store pipelines and OpenTelemetry-based observability.","use_cases":["Running configurable AI agents behind an OpenAI-compatible API for existing chat clients (LibreChat/OpenWebUI)","Tool-using agent workflows via MCP with runtime tool discovery across HTTP/SSE/stdio","RAG-enabled agent experiences using in-memory or external vector stores","Multi-agent serving via config directory, selecting agents using the `model` field","Embeddable Rust agent core for custom applications"],"not_for":["A fully managed hosted AI gateway/SaaS (it is described as self-hosted/runnable locally via Rust/Docker)","Use cases requiring fine-grained per-route API authorization/tenancy controls out-of-the-box for the web API","Requirements that demand a documented public OpenAPI specification or officially packaged SDKs for non-Rust environments (not evidenced in provided docs)"],"best_when":"You want to self-host an OpenAI-compatible agent server with configurable LLM providers and MCP tools, plus optional RAG and tracing, using Rust-native components.","avoid_when":"You need strict, clearly specified API security for inbound requests (beyond environment-based secrets and optional header forwarding) or you require a clearly documented, machine-readable API contract (OpenAPI/SDK) for programmatic client generation.","alternatives":["Rig.rs-based custom implementations","OpenAI-compatible proxy/gateway layers plus a separate agent/tool execution framework","Other Rust agent frameworks with MCP or tool-calling support","Managed agent orchestration platforms (if you prefer SaaS over self-hosting)"],"af_score":55.2,"security_score":39.8,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:30:23.066439+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Environment variable configuration for upstream LLM provider API keys (e.g., OPENAI_API_KEY)","Optional request-header forwarding to MCP servers via `headers_from_request` / config-provided `headers`"],"oauth":false,"scopes":false,"notes":"The provided README emphasizes using environment variables for secrets and optionally forwarding incoming request headers to MCP servers for per-request auth delegation. No explicit authentication mechanism for the Aura web API itself (e.g., bearer token requirement, OAuth, API-key enforcement, scopes) is documented in the provided content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No hosted pricing described; this appears to be self-hosted (local build/run, Docker deployment). Costs would primarily be upstream LLM/vector store expenses, not Aura itself."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":55.2,"security_score":39.8,"reliability_score":32.5,"mcp_server_quality":40.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":55.0,"rate_limit_clarity":20.0,"tls_enforcement":40.0,"auth_strength":35.0,"scope_granularity":10.0,"dependency_hygiene":40.0,"secret_handling":75.0,"security_notes":"Docs recommend keeping secrets in environment variables and referencing them in TOML via `{{ env.VAR_NAME }}`. The system supports forwarding request headers to MCP servers for per-request auth delegation. However, the provided README does not document Aura web API authentication/authorization controls, scope granularity, or explicit TLS requirements, so inbound access control and transport security guarantees are unclear from the given material.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":35.0,"error_recovery":50.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Tool-calling loops are mitigated via `turn_depth`, but behavior may still depend on provider/model/tool schema compatibility.","MCP header forwarding (`headers_from_request`) can introduce per-request auth complexity at the integration boundary (MCP server must support it).","If serving multiple agents, client must select the correct agent identifier via `model` (alias/name resolution rules apply)."]}}