{"id":"robotmcp-server","name":"robotmcp-server","homepage":"https://pypi.org/project/robotmcp-server/","repo_url":"https://github.com/robotmcp/robotmcp_server","category":"api-gateway","subcategories":[],"tags":["mcp","model-context-protocol","fastapi","oauth2.1","supabase","cloudflare-tunnel","python","submodules","cli","sse","authentication"],"what_it_does":"robotmcp-server is a modular Model Context Protocol (MCP) server (Python/FastAPI) that discovers/loads MCP tools from git submodules, exposes an MCP-compatible HTTP transport endpoint, and can secure access via OAuth 2.1 with Supabase-backed user/session handling. It also supports Cloudflare Tunnel access and provides CLI commands for module management and connectivity verification.","use_cases":["Run an MCP tool hub for one or more MCP client apps (e.g., Claude/ChatGPT)","Build an extensible MCP server by adding tool packs as git submodules","Provide authenticated, creator-only remote access to MCP tools via a Cloudflare tunnel","Centralize tool registration and dependency installation for modular MCP tools"],"not_for":["Publicly exposing MCP tools without authentication/authorization review","Use in environments requiring open-source licensing or transparent source availability (repo indicates proprietary license)","Organizations needing guaranteed data residency/compliance assurances not specified by the project"],"best_when":"You want a self-hosted, extensible MCP server with automatic submodule tool discovery and optional OAuth/Supabase + Cloudflare tunnel for controlled remote access.","avoid_when":"You cannot or do not want to manage OAuth flows, Supabase credentials, or a Cloudflare tunnel; or you require explicit, documented rate limits and formal API contracts beyond the described endpoints.","alternatives":["Other MCP server implementations/frameworks (e.g., FastMCP-based servers without this submodule/OAuth/tunnel wrapper)","Self-managed reverse-proxied MCP servers (nginx/Caddy) with your own auth layer","Community/serverless MCP gateways that provide standardized auth and stable public APIs"],"af_score":48.0,"security_score":58.2,"reliability_score":27.5,"package_type":"mcp_server","discovery_source":["pypi"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:45:36.085203+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"/mcp","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth 2.1 (PKCE)","Supabase user management / JWT validation (per environment variables)","Optional OAuth disabled via ENABLE_OAUTH=false","Creator-only access control (per README)"],"oauth":true,"scopes":false,"notes":"Auth is described as OAuth 2.1 with PKCE and dynamic client registration, plus Supabase-backed sessions/JWT validation. The README does not describe fine-grained scopes; access control appears role/creator-based."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information for the service itself is provided. Cloudflare tunnel and Supabase (if used) may incur external costs, but not specified here."},"requirements":{"requires_signup":true,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":48.0,"security_score":58.2,"reliability_score":27.5,"mcp_server_quality":85.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":45.0,"rate_limit_clarity":0.0,"tls_enforcement":80.0,"auth_strength":75.0,"scope_granularity":30.0,"dependency_hygiene":50.0,"secret_handling":50.0,"security_notes":"TLS is implied by HTTPS for the tunnel URL pattern, but the README does not explicitly state HTTP/TLS enforcement for the local server. OAuth 2.1 + PKCE and JWT validation via Supabase are strong indicators, but the README does not describe fine-grained scopes; it also mentions creator-only access. Dependency hygiene and secret handling practices (e.g., no-log guarantees) are not verifiable from provided text. Treat submodule auto-install/discovery as a supply-chain risk area; pinning, verification, and provenance controls are not described.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":30.0,"error_recovery":50.0,"idempotency_support":"false","idempotency_notes":"No idempotency guarantees are documented for CLI operations or API calls (e.g., module add/update).","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["MCP transport is described as streamable HTTP at /mcp with a legacy fallback /sse; clients/agents may need to try /mcp first.","OAuth is optional (ENABLE_OAUTH=false) but remote access via tunnel likely expects auth; automated setups must handle the login flow.","Submodule auto-discovery and auto-install happen at startup—agents should be prepared for network/package-install side effects.","Compatibility of submodules depends on presence of an integration.py with a register(mcp, **kwargs) function; missing integrations will lead to modules being marked incompatible."]}}