{"id":"shaharia-lab-mcp-kit","name":"mcp-kit","homepage":null,"repo_url":"https://github.com/shaharia-lab/mcp-kit","category":"ai-ml","subcategories":[],"tags":["mcp","model-context-protocol","go","sse","llm-integration","http-api","tooling","observability","self-hosted"],"what_it_does":"mcp-kit is a Go-based toolkit that provides an MCP server and MCP client implementation (using github.com/shaharia-lab/goai/mcp), plus an HTTP API server layer that exposes REST endpoints and orchestrates requests between a frontend, the MCP client, and LLM providers. It also includes monitoring/observability via Prometheus/Grafana/Loki/Promtail and provides an OpenAPI schema file (openapi.yaml) for the API server.","use_cases":["Stand up an MCP server in Go to expose tool/resource capabilities over the Model Context Protocol","Build an MCP client that connects applications to an MCP server and streams events (SSE)","Create an HTTP-facing gateway that turns frontend requests into MCP client calls and optional LLM responses","Rapid prototyping/testing of MCP workflows using the included frontend project","Deploy basic observability for the MCP API/servers via Prometheus/Loki"],"not_for":["Production deployments requiring well-specified operational guarantees (SLA, explicit retry/idempotency semantics) without additional review","Environments that require strict, documented data residency/compliance controls from the toolkit itself","Teams needing first-class, strongly documented SDKs beyond the Go ecosystem"],"best_when":"You want a self-hosted MCP stack in Go with an HTTP gateway and SSE-based event streaming, and you can provide/maintain the configuration and downstream LLM/service credentials.","avoid_when":"You need a turnkey managed service with guaranteed uptime/support, or you require explicitly documented rate limits, error-code semantics, or idempotency/retry contracts at the API level.","alternatives":["Using an MCP server/client implementation directly (e.g., via github.com/shaharia-lab/goai/mcp)","Building a thin MCP-to-HTTP gateway in your own stack using MCP spec libraries","Commercial/hosted MCP gateways (if available for your compliance and deployment needs)","Other agent/tooling frameworks that integrate with MCP without this toolkit’s HTTP orchestration layer"],"af_score":47.8,"security_score":57.0,"reliability_score":25.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:32:34.102969+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http(s)://<host>:<port>/events (implied by docker env MCP_SERVER_URL=http://host.docker.internal:8080/events)","has_sdk":false,"sdk_languages":[],"openapi_spec_url":"openapi.yaml (local file in repo; URL not provided in README)","webhooks":false},"auth":{"methods":["Environment-variable based auth configuration for the API/server (AUTH_DOMAIN, AUTH_CLIENT_ID, AUTH_CLIENT_SECRET, AUTH_CALLBACK_URL, AUTH_TOKEN_TTL, AUTH_AUDIENCE)","Environment-variable based upstream credentials (e.g., GITHUB_TOKEN, ANTHROPIC_API_KEY)"],"oauth":true,"scopes":false,"notes":"README indicates an auth setup via AUTH_* configuration (suggesting OAuth/OIDC-style flow), but does not document scopes/granularity or which endpoints require which auth. Upstream LLM/API keys are provided via environment variables."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source toolkit (MIT). Costs depend on infrastructure and any external LLM providers configured via environment variables."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":47.8,"security_score":57.0,"reliability_score":25.0,"mcp_server_quality":72.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":5.0,"tls_enforcement":70.0,"auth_strength":65.0,"scope_granularity":20.0,"dependency_hygiene":45.0,"secret_handling":80.0,"security_notes":"README suggests HTTPS/TLS is expected for deployments but does not explicitly state enforcement. Auth appears to be OAuth/OIDC-style via AUTH_* configuration, but there is no documented scope model/least-privilege and endpoint authorization requirements are not clear. Secrets are provided via environment variables (good practice), but there is no explicit statement about logging/redaction. Dependency hygiene cannot be confirmed from the provided content.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":35.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["SSE/event-stream handling: agents must be prepared to consume streaming responses from the MCP server via the client/API layer","Auth requirements and endpoint-level permissions are not fully specified in the README; misconfigured AUTH_* variables may lead to opaque failures","Rate limits are not documented in the provided README; agents may need conservative request pacing","No documented idempotency/retry semantics are provided; replays may cause duplicate downstream calls depending on implementation"]}}