{"id":"stephenlacy-mathom","name":"mathom","homepage":null,"repo_url":"https://github.com/stephenlacy/mathom","category":"devtools","subcategories":[],"tags":["mcp","oauth2","local-first","dashboard","monitoring","cli","proxy","docker"],"what_it_does":"mathom is a local-first platform to run and monitor MCP (Model Context Protocol) servers, providing a local dashboard, live logs/metrics/status, and OAuth2-based authentication so MCP clients can access servers securely.","use_cases":["Running MCP servers locally with centralized authentication","Monitoring MCP server health and troubleshooting via a dashboard","Launching standard MCP servers via a simple CLI (mcx)","Wrapping STDIO MCP servers inside Docker with a proxy layer"],"not_for":["A managed hosted MCP platform where you cannot run infrastructure","A fully documented public REST/SDK surface intended for third-party programmatic integration","Use cases requiring explicit, fine-grained authorization beyond the documented OAuth2 approach"],"best_when":"You want to run MCP servers on your machine (or self-hosted) with OAuth2 authentication and want operational visibility through a UI.","avoid_when":"You need a clearly specified public API contract (OpenAPI/SDK/webhooks) for automation, or you cannot or do not want to manage local services (database/log endpoints) and container setup.","alternatives":["@modelcontextprotocol/inspector","Running MCP servers directly (without a supervising platform)","Other MCP gateways/proxies that provide auth and routing (if available in your ecosystem)"],"af_score":30.8,"security_score":53.0,"reliability_score":15.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:37:00.087456+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth2 (as described for MCP clients that support OAuth2)"],"oauth":true,"scopes":false,"notes":"README states 'Built-in OAuth2' and provides BETTER_AUTH_URL configuration, but does not document token endpoint, redirect flows, or any scope model."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source; no commercial pricing information provided in the README."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":30.8,"security_score":53.0,"reliability_score":15.0,"mcp_server_quality":0.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":70.0,"scope_granularity":30.0,"dependency_hygiene":50.0,"secret_handling":50.0,"security_notes":"Security is described at a high level via OAuth2. The README does not specify TLS requirements, token lifetimes, refresh behavior, PKCE, or scope granularity. Example docker usage passes PATs via env/flags, which increases the risk of leaking secrets via shell history/process logs unless carefully handled. Presence of a DATABASE_URL suggests persisted state that may require secure configuration (permissions, encryption at rest), but details are not provided.","uptime_documented":0.0,"version_stability":40.0,"breaking_changes_history":0.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["README focuses on CLI usage and UI; it does not document programmatic API endpoints, response schemas, or error formats for agent automation.","Configuration references multiple required URLs (BETTER_AUTH_URL, LOG_URL, DATABASE_URL), so local setup is non-trivial for automated agents."]}}