{"id":"nexus-router-nexus","name":"nexus","homepage":"https://nexusrouter.com","repo_url":"https://github.com/Nexus-Router/nexus","category":"infrastructure","subcategories":[],"tags":["ai","llmops","mcp","llm-routing","gateway","security","rate-limiting","rust","docker"],"what_it_does":"Nexus is a self-hosted router/aggregation layer for AI tooling: it unifies access to multiple Model Context Protocol (MCP) servers and LLM providers behind a single endpoint, with optional governance features like authentication, OAuth2 protection, CORS/CSRF protections, access control, and rate limiting (request- and token-based).","use_cases":["Consolidate multiple MCP tool servers (STDIO/SSE/streamable HTTP) behind one gateway endpoint","Route tool-calling/chat requests to multiple LLM providers through a consistent interface","Centralize governance: OAuth2-protected endpoints, per-group access control, and rate limiting","Provide fuzzy search across tools to improve tool selection","Use as a local development or production edge component for LLMOps-style workflows"],"not_for":["Environments where self-hosting and operating an additional gateway service is not feasible","Teams needing a fully specified, standardized public API contract (e.g., OpenAPI/SDKs) for third-party client integrations","Use cases requiring strict guarantees about idempotency semantics without verifying endpoint behavior"],"best_when":"You want a unified control plane for MCP + LLM provider routing and you can manage a Rust service deployment (binary or Docker) with a TOML configuration and external provider credentials.","avoid_when":"You require documented HTTP API specifics (schemas, error codes, retries) and published operational guarantees (SLA, versioning policy) from the README alone.","alternatives":["Direct MCP client integration per tool/provider without a gateway","API gateways/proxy setups combined with provider SDKs (custom orchestration)","Other LLM gateway/routing products (managed or self-hosted) that offer OpenAPI/SDK-first integration"],"af_score":61.5,"security_score":60.5,"reliability_score":21.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:27:33.814114+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth2 (JWT bearer tokens for protected endpoints)","Service token auth for MCP servers (static token / env var substitution)","Forwarded auth (forward access token to downstream MCP servers)","Client identification for rate limiting (JWT claim or HTTP header)"],"oauth":true,"scopes":false,"notes":"README describes OAuth2 JWT validation and MCP server token auth, but does not detail fine-grained scopes/permissions at the Nexus endpoints."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"README indicates self-hosting via Docker/binary; no commercial pricing model is described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":61.5,"security_score":60.5,"reliability_score":21.2,"mcp_server_quality":80.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":75.0,"tls_enforcement":65.0,"auth_strength":75.0,"scope_granularity":40.0,"dependency_hygiene":45.0,"secret_handling":70.0,"security_notes":"README claims TLS support and describes OAuth2 JWT bearer protection, CSRF/CORS, access control for MCP servers/tools, and token-based auth for downstream MCP servers. Secret handling appears to use environment-variable substitution in TOML. However, fine-grained authorization scopes and detailed security posture (e.g., secure defaults, logging redaction, dependency scanning/CVEs) are not evidenced in the provided text.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":20.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Rate limiting (especially token-based) requires enabling client identification; otherwise configuration will fail.","Tool access control uses allow/deny semantics with group identification requirements depending on allow/deny configuration.","STDIO MCP servers must output valid JSON-RPC messages on stdout; misbehavior can break tool connectivity.","MCP header insertion supports static values only and only for HTTP-based MCP servers."]}}