{"id":"yonaka15-mcp-server-as-http","name":"mcp-server-as-http","homepage":null,"repo_url":"https://github.com/yonaka15/mcp-server-as-http","category":"api-gateway","subcategories":[],"tags":["mcp","http","rest","api-gateway","authentication","docker","rust","json-rpc"],"what_it_does":"Runs an HTTP server that exposes a REST endpoint to forward requests to one or more Model Context Protocol (MCP) servers. It supports bearer-token authentication (optionally disabled), loads MCP server commands from a JSON configuration file, and includes a health check and logging.","use_cases":["Expose MCP server tools over HTTP so non-MCP clients can call them","Integrate MCP tool execution into existing REST-based systems","Use Dockerized deployment for local or production environments"],"not_for":["Highly regulated environments requiring strong, standardized enterprise auth and audit guarantees","Use cases needing a fully specified API contract (OpenAPI/SDK) for all endpoints","Mission-critical reliability without additional monitoring and resilience engineering"],"best_when":"You want a simple HTTP façade over MCP tools and can deploy/control the service (including the MCP server processes it launches).","avoid_when":"You cannot accept that request payloads may contain raw MCP JSON-RPC commands without additional validation/sanitization, or you require strict rate limiting/pagination/retry semantics documented for clients.","alternatives":["Use an MCP-native client/library directly (no HTTP façade)","Build a small reverse proxy/adapter service tailored to a specific MCP server/toolset","Use existing MCP-to-HTTP gateway solutions (if available) with OpenAPI/SDK support"],"af_score":43.8,"security_score":47.2,"reliability_score":27.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:22:49.362634+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Bearer token in Authorization header"],"oauth":false,"scopes":false,"notes":"Authentication can be disabled via DISABLE_AUTH=true. No scope granularity is described; the README treats the API key as a single shared bearer secret."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source repository; costs depend on your deployment/runtime and any MCP server dependencies you run/install."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":43.8,"security_score":47.2,"reliability_score":27.5,"mcp_server_quality":55.0,"documentation_accuracy":50.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":10.0,"tls_enforcement":60.0,"auth_strength":45.0,"scope_granularity":20.0,"dependency_hygiene":40.0,"secret_handling":70.0,"security_notes":"README indicates optional bearer-token auth and non-root execution, but does not describe TLS enforcement details, token hashing/rotation, audit logging, or fine-grained scopes. The system also runs MCP servers via Node/npx commands configured in JSON; this increases risk if configuration is untrusted or if npm packages are pulled at runtime without pinning.","uptime_documented":20.0,"version_stability":35.0,"breaking_changes_history":30.0,"error_recovery":25.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["API accepts a 'command' field that appears to pass through raw MCP JSON-RPC; agents must format it precisely.","Authentication can be disabled; ensure the correct environment variables are set when running in automated contexts.","MCP servers are started via commands/args from a JSON config; misconfiguration can cause startup/tool-call failures that may not be machine-readable."]}}