{"id":"unrelated-ai-mcp-gateway","name":"mcp-gateway","homepage":null,"repo_url":"https://github.com/unrelated-ai/mcp-gateway","category":"infrastructure","subcategories":[],"tags":["mcp","gateway","llm-tools","rust","multi-tenant","openapi","reverse-proxy","self-hosted"],"what_it_does":"mcp-gateway is a Rust-based MCP infrastructure that turns existing backends (HTTP/OpenAPI endpoints and stdio MCP servers) into a streamable HTTP MCP interface. It provides a multi-tenant gateway exposing profile-scoped MCP endpoints (/\\{profile_id}/mcp) with auth and policy, and an adapter component that aggregates upstream sources into a single MCP endpoint (/mcp).","use_cases":["Expose internal HTTP/OpenAPI services as MCP tools without writing bespoke MCP servers","Aggregate multiple upstream MCP or HTTP/OpenAPI tool sources into a unified MCP endpoint","Multi-tenant MCP “virtual servers” using tenant/profile boundaries and per-profile tool allowlists/policies","Publish stdio MCP servers over HTTP by spawning them as child processes and re-exposing tools via the adapter","Apply tool-call limits/timeouts/retries/quotas and optional data-plane OIDC/JWT auth via the gateway"],"not_for":["Direct public exposure of sensitive upstream services without configuring tenant/profile auth and allowlists","Use cases requiring a managed SaaS offering (this is self-hosted)","Environments that cannot run the required components (gateway, adapters, and Postgres for Mode 3)"],"best_when":"You need to provide MCP tool access to existing systems at scale, especially when combining multiple backends and enforcing tenant-scoped policies.","avoid_when":"You only need a single upstream MCP server/tool surface and want the simplest possible deployment (adapter/gateway overhead may be unnecessary).","alternatives":["Write a dedicated MCP server for each backend (custom MCP implementations)","Use existing MCP bridge/gateway projects tailored to specific backends (e.g., generic reverse proxies without MCP-aware policy)","Run stdio MCP servers directly over a local or private network without an HTTP MCP gateway"],"af_score":55.0,"security_score":64.0,"reliability_score":40.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:35:06.647837+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"/{profile_id}/mcp (gateway data plane) and /mcp (adapter)","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["API keys (implied by API keys mention)","Optional OIDC/JWT for data-plane auth","Admin/control plane token (dev example token mentioned)"],"oauth":false,"scopes":true,"notes":"README indicates data-plane auth supports API keys and optional OIDC/JWT, plus per-profile tool allowlists and policy. The exact auth flow/scopes model is not fully specified in the README excerpt."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open source (MIT). Costs depend on infrastructure (gateway/adapters/Postgres) rather than vendor pricing."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":55.0,"security_score":64.0,"reliability_score":40.0,"mcp_server_quality":78.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":20.0,"tls_enforcement":70.0,"auth_strength":65.0,"scope_granularity":75.0,"dependency_hygiene":45.0,"secret_handling":60.0,"security_notes":"README mentions multi-tenant isolation (Mode 3 with Postgres), tenant-scoped secrets/API keys, optional OIDC/JWT, and tool allowlists/policy enforcement. A docker-compose example references a dev-only default secret keys value, implying operators must override in real deployments. TLS enforcement and detailed secret/logging practices are not clearly specified in the provided README excerpt; dependency hygiene cannot be confirmed from the excerpt alone.","uptime_documented":20.0,"version_stability":55.0,"breaking_changes_history":40.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Tool surface names may change via collision prefixing (serverName:toolName) when multiple upstreams define the same tool key.","Multi-tenant routing requires correct profile_id and profile configuration in the gateway/web UI.","Adapter stdio mode spawns subprocesses; runtime dependencies (node/python) may require custom images."]}}