{"id":"supercorp-ai-supergateway","name":"supergateway","homepage":null,"repo_url":"https://github.com/supercorp-ai/supergateway","category":"api-gateway","subcategories":[],"tags":["mcp","gateway","stdio","sse","websockets","streamable-http","json-rpc"],"what_it_does":"Supergateway bridges MCP servers that run over stdio to network transports (SSE, WebSockets, or Streamable HTTP) and can also proxy remote SSE/Streamable HTTP MCP servers back to a local stdio interface.","use_cases":["Expose an MCP stdio server as an SSE server for web/remote clients","Connect to a remote MCP server over SSE or Streamable HTTP and make it usable from local CLI/MCP tooling via stdio","Provide WebSocket access to MCP stdio servers","Debug or integrate MCP servers that only support stdio in environments that expect network transports","Run MCP servers behind a public tunnel (e.g., ngrok) for remote access"],"not_for":["Use as a general-purpose API gateway for arbitrary HTTP APIs (it is MCP-transport focused)","Handling production-grade multi-tenant auth/authorization unless additional access controls are added around its endpoints","Cases where you require published, machine-readable API specs (no OpenAPI/SDK is described)"],"best_when":"You need to convert MCP transport style (stdio <-> SSE/WS/Streamable HTTP) with a lightweight command-line/server runtime.","avoid_when":"You need strict operational guarantees around retries/idempotency semantics and clear published error codes for all failure modes.","alternatives":["Directly use an MCP server that already supports the required transport (avoid bridging)","Write a small custom MCP transport adapter/proxy tailored to SSE/WS/HTTP requirements","Use an MCP-hosting provider/integration layer that exposes MCP over the transport you need (e.g., hosted MCP/super* services referenced in README)"],"af_score":55.0,"security_score":52.2,"reliability_score":35.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:17:52.989034+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Static Authorization header via --oauth2Bearer (Bearer token)","Custom headers via --header (e.g., X-*)"],"oauth":false,"scopes":false,"notes":"The README describes adding headers when connecting to upstream SSE/Streamable HTTP MCP servers (and enabling CORS for incoming clients). It does not describe OAuth flows, per-route authorization, or fine-grained scopes for Supergateway itself."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information for the package itself. The README mentions hosted services (Supermachine/Superinterface/Supercorp) but does not specify their pricing."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":55.0,"security_score":52.2,"reliability_score":35.0,"mcp_server_quality":75.0,"documentation_accuracy":80.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":50.0,"scope_granularity":20.0,"dependency_hygiene":65.0,"secret_handling":70.0,"security_notes":"TLS is not explicitly required for all inbound modes; outbound/upstream URLs are shown as https in examples, but no security policy is documented. Auth support is header-based (Bearer token/custom headers) without mention of scoped/role-based controls. CORS can be enabled broadly (allow all origins when --cors has no values), which can increase exposure if deployed beyond localhost.","uptime_documented":0.0,"version_stability":65.0,"breaking_changes_history":35.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Supergateway is a transport bridge, not a standard CRUD API; client code must speak MCP-over-chosen-transport (JSON-RPC style).","Authentication is implemented by injecting headers to upstream requests (and enabling CORS). No guidance is provided on retry behavior or how failures map to specific MCP error codes.","Some client tools may have CLI argument limitations (README mentions Cursor bug with spaces in Authorization; use --oauth2Bearer instead of --header for Bearer tokens)."]}}