{"id":"sagemcp-sagemcp","name":"sagemcp","homepage":null,"repo_url":"https://github.com/sagemcp/sagemcp","category":"api-gateway","subcategories":[],"tags":["mcp","multi-tenant","fastapi","oauth","api-key-auth","rate-limiting","observability","websocket","sse","stdio-subprocess"],"what_it_does":"Sage MCP is a multi-tenant platform for hosting and managing MCP (Model Context Protocol) servers with connector plugins, tenant isolation, and built-in OAuth 2.0 / API-key authentication. It provides a web UI and CLI to configure tenants/connectors and exposes MCP transport via HTTP/WebSocket/SSE with session management and rate limiting.","use_cases":["Running MCP servers for Claude Desktop across multiple tenants with isolation","Connecting MCP tools to external SaaS APIs (e.g., GitHub, Slack, Jira) via OAuth","Hosting external MCP servers via stdio (subprocess connectors)","Centralized management of connector enable/disable policies and tool access","Adding observability (Prometheus metrics, structured JSON logs) and operational health probes"],"not_for":["End-user SaaS where managed hosting is required (appears self-hosted/infra-focused)","Environments that require strict, independently verifiable compliance/security attestations not documented here","Teams that cannot operate Docker/PostgreSQL and manage OAuth credentials"],"best_when":"You need a self-hosted, multi-tenant MCP gateway with connector management, OAuth/API-key security controls, and operational tooling.","avoid_when":"You only need a single simple MCP server without tenant isolation or centralized connector management.","alternatives":["Direct self-hosting of individual MCP servers without a multi-tenant gateway","Community MCP servers + custom reverse proxy/auth layer","Other MCP gateway/proxy solutions (if available) that integrate auth and routing"],"af_score":61.5,"security_score":79.2,"reliability_score":26.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:26:40.066776+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":"http://localhost:8000/docs","webhooks":false},"auth":{"methods":["OAuth 2.0 (tenant-level and user-level tokens)","API key authentication (scope tiers: platform_admin, tenant_admin, tenant_user)"],"oauth":true,"scopes":true,"notes":"Authentication is described as feature-flagged via SAGEMCP_ENABLE_AUTH and supports encrypted storage of OAuth tokens/API keys. Specific token lifetimes and refresh behavior are not described in the provided content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No hosted pricing information is provided; repository appears self-hosted."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":61.5,"security_score":79.2,"reliability_score":26.2,"mcp_server_quality":78.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":65.0,"rate_limit_clarity":60.0,"tls_enforcement":85.0,"auth_strength":80.0,"scope_granularity":85.0,"dependency_hygiene":55.0,"secret_handling":85.0,"security_notes":"Claims include encryption at rest for OAuth tokens/API keys/connector credentials (Fernet/AES with key derived from SECRET_KEY), API-key auth with bcrypt-hashed storage and scope tiers, and transport security controls (CORS origin validation, Content-Type enforcement, per-tenant token-bucket rate limiting). The provided content does not document TLS-infrastructure details (e.g., whether HTTPS is enforced by default) or provide evidence of dependency audit/CVE status.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":20.0,"error_recovery":50.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Auth appears feature-flagged (SAGEMCP_ENABLE_AUTH). If disabled, agent calls may fail or bypass intended protections.","Rate limiting is tenant-scoped (token-bucket RPM). Agents may need to throttle to avoid 429s (exact headers/format not shown).","Multiple MCP transports (HTTP/WS/SSE) and session replay (Mcp-Session-Id) may require correct handling of session IDs for long-running tool streams."]}}