Overview
Multi-tenant Python framework for enterprise MCP server deployment with OAuth 2.1.
Setup
Run with npx:
pip install mcp-plexusConfiguration
PostgreSQL, Redis, OAuth 2.1 providerDocumentation
MCP Plexus
Overview
MCP Plexus is a multi-tenant Python framework for building and deploying MCP (Model Context Protocol) servers. It provides enterprise-grade features including OAuth 2.1 authentication, user management, rate limiting, and centralized server orchestration. MCP Plexus is designed for organizations that need to deploy MCP servers at scale with proper security and governance.
MCP Plexus addresses the challenges of running MCP servers in production environments — multi-tenant isolation, access control, auditing, and centralized management. It provides a complete platform for deploying, managing, and monitoring MCP servers across an organization.
Features
- Multi-Tenant Architecture: Isolated server instances per tenant
- OAuth 2.1 Authentication: Secure authentication with OAuth 2.1
- User Management: Built-in user and role management
- Rate Limiting: Configurable rate limits per tenant and user
- Centralized Orchestration: Manage all servers from one control plane
- Audit Logging: Comprehensive audit trails for compliance
- Resource Isolation: CPU, memory, and network isolation per tenant
- High Availability: Built-in clustering and failover
- Python Native: Built with Python, integrates with Python ecosystem
Installation
Using pip
pip install mcp-plexus
Using Docker
docker pull mcpplexus/plexus:latest
Quick Start with Docker Compose
# docker-compose.yml
version: "3.8"
services:
plexus:
image: mcpplexus/plexus:latest
ports:
- "8000:8000"
environment:
- PLEXUS_SECRET_KEY=your-secret-key
- PLEXUS_DATABASE_URL=postgresql://user:pass@db:5432/plexus
volumes:
- ./servers:/app/servers
Quick Start
Define a Server
# servers/github_server.py
from mcp_plexus import MCPServer, tool, resource
from pydantic import BaseModel
class GitHubServer(MCPServer):
name = "github"
version = "1.0.0"
@tool
async def list_repos(self, visibility: str = "all") -> list[dict]:
"""List repositories for the authenticated user."""
# Your implementation
return [{"name": "repo1", "url": "https://github.com/user/repo1"}]
@resource
async def get_readme(self, repo: str) -> str:
"""Get the README for a repository."""
# Your implementation
return "# README\n\nThis is a sample README."
Register with Plexus
# plexus_config.py
from mcp_plexus import Plexus, register_server
from servers.github_server import GitHubServer
plexus = Plexus()
register_server(plexus, GitHubServer, tenant="default")
Run the Server
python -m mcp_plexus run --config plexus_config.py
Core Concepts
Tenants
Tenants provide isolation between different organizations or projects:
# Create a tenant
tenant = await plexus.create_tenant(
name="acme-corp",
display_name="Acme Corporation",
config={
"rate_limit_requests": 1000,
"rate_limit_window": "1h",
"allowed_models": ["claude-3-5-sonnet"]
}
)
Users and Roles
# Create a user
user = await plexus.create_user(
email="alice@acme.com",
tenant="acme-corp"
)
# Assign a role
await plexus.assign_role(user.id, "admin")
Rate Limiting
# Configure rate limits per tenant
await plexus.update_tenant("acme-corp", {
"rate_limit_requests": 5000,
"rate_limit_window": "1h",
"burst_limit": 100
})
Advanced Features
OAuth 2.1 Integration
from mcp_plexus import OAuthProvider
oauth = OAuthProvider(
issuer="https://plexus.example.com",
client_id="your-client-id",
client_secret="your-client-secret"
)
# Protect a server
@plexus.server("github", oauth_required=True)
class GitHubServer(MCPServer):
...
Custom Middleware
from mcp_plexus import Middleware
class AuditMiddleware(Middleware):
async def on_request(self, request):
# Log all requests
await audit_log.create(
tenant=request.tenant,
user=request.user,
action=request.tool_name,
timestamp=datetime.utcnow()
)
return request
async def on_response(self, response):
# Add response metadata
response.metadata["audit_id"] = response.audit_id
return response
plexus.use(AuditMiddleware())
Server Clustering
# Configure high availability
plexus.config.cluster = {
"enabled": True,
"nodes": ["plexus-1:8000", "plexus-2:8000", "plexus-3:8000"],
"load_balancer": "round-robin",
"health_check_interval": 30
}
Audit Logging
# Query audit logs
logs = await plexus.audit_logs.list(
tenant="acme-corp",
user_id="user-123",
action="github.list_repos",
start_time="2024-01-01",
end_time="2024-01-31"
)
Examples
Multi-Tenant GitHub Server
from mcp_plexus import MCPServer, tool
from pydantic import BaseModel
class TenantGitHubServer(MCPServer):
name = "github"
version = "1.0.0"
@tool
async def list_repos(self, visibility: str = "all") -> list[dict]:
"""List repositories scoped to tenant."""
tenant = self.context.tenant
# Use tenant-specific GitHub app installation
github = await self.get_github_client(tenant)
repos = await github.repos.list_for_authenticated_user(visibility=visibility)
return repos.data
Enterprise Deployment
# enterprise_config.py
from mcp_plexus import Plexus, register_server
plexus = Plexus(
database_url="postgresql://...",
redis_url="redis://...",
secret_key="your-secret-key"
)
# Register servers with tenant isolation
register_server(plexus, GitHubServer, tenant="engineering")
register_server(plexus, PostgreSQLServer, tenant="data-team")
register_server(plexus, NotionServer, tenant="marketing")
# Configure rate limits
for tenant in ["engineering", "data-team", "marketing"]:
plexus.set_rate_limit(tenant, requests=10000, window="1h")
# Enable audit logging
plexus.enable_audit_logging()
# Run with clustering
plexus.run(cluster=True)
Pros
- ✅ Enterprise-grade multi-tenant architecture
- ✅ OAuth 2.1 authentication built-in
- ✅ Comprehensive user and role management
- ✅ Built-in rate limiting and quotas
- ✅ Audit logging for compliance
- ✅ High availability with clustering
- ✅ Python-native with rich ecosystem
- ✅ Centralized management and monitoring
Cons
- ❌ Python-only (no TypeScript version)
- ❌ More complex setup than simple MCP servers
- ❌ Requires additional infrastructure (PostgreSQL, Redis)
- ❌ Steeper learning curve
- ❌ Overkill for single-tenant use cases
When to Use
- Enterprise MCP deployments — Multi-tenant requirements
- Regulated industries — Audit logging and compliance
- Large organizations — Centralized management
- Production at scale — High availability and performance
- Security-conscious environments — OAuth 2.1 and isolation
