{"id":"nexus-router-nexus","name":"nexus","af_score":61.5,"security_score":60.5,"reliability_score":21.2,"what_it_does":"Nexus is a self-hosted router/aggregation layer for AI tooling: it unifies access to multiple Model Context Protocol (MCP) servers and LLM providers behind a single endpoint, with optional governance features like authentication, OAuth2 protection, CORS/CSRF protections, access control, and rate limiting (request- and token-based).","best_when":"You want a unified control plane for MCP + LLM provider routing and you can manage a Rust service deployment (binary or Docker) with a TOML configuration and external provider credentials.","avoid_when":"You require documented HTTP API specifics (schemas, error codes, retries) and published operational guarantees (SLA, versioning policy) from the README alone.","last_evaluated":"2026-03-30T13:27:33.814114+00:00","has_mcp":true,"has_api":false,"auth_methods":["OAuth2 (JWT bearer tokens for protected endpoints)","Service token auth for MCP servers (static token / env var substitution)","Forwarded auth (forward access token to downstream MCP servers)","Client identification for rate limiting (JWT claim or HTTP header)"],"has_free_tier":false,"known_gotchas":["Rate limiting (especially token-based) requires enabling client identification; otherwise configuration will fail.","Tool access control uses allow/deny semantics with group identification requirements depending on allow/deny configuration.","STDIO MCP servers must output valid JSON-RPC messages on stdout; misbehavior can break tool connectivity.","MCP header insertion supports static values only and only for HTTP-based MCP servers."],"error_quality":0.0}