Is mcpvault a Composio alternative?

Yes. mcpvault is the local, open-source alternative to Composio. Your credentials are stored encrypted on your machine instead of Composio's cloud. It's free, MIT licensed, and ships fewer integrations (Supabase, GitHub, Vercel, Stripe in v1) but with deeper, more opinionated tool surfaces.

Does mcpvault store my tokens in the cloud like Composio?

No. mcpvault is local-first. Your encrypted vault file lives at ~/.mcpvault/vault.enc on your own machine. Nothing crosses the network except the actual API calls your agent makes to upstream services.

How much does mcpvault cost compared to Composio?

mcpvault is free forever (MIT licensed). Composio has a free tier with limits, then Growth at ~$29/month, with Enterprise pricing on top.

Can mcpvault switch accounts mid-conversation like Composio?

Yes — and this is mcpvault's headline feature. Per-service wrappers re-read the active account label on every tool call, so the agent can switch from your work Supabase to your client Supabase by just being asked. No restart, no MCP reconnect.

What integrations does mcpvault support?

v1 supports Supabase, GitHub, Vercel, and Stripe. v2+ will add OAuth services (Gmail, Drive, Slack) with refresh-token logic, plus 1Password / Bitwarden source-of-truth adapters.

Comparison · mcpvault vs Composio

Composio is great. If you trust their cloud.

mcpvault is the local, open-source alternative for developers who'd rather keep their API tokens on their own machine and stop paying $29/month for something that should be a CLI.

Feature

mcpvaultlocal · free

Composiohosted SaaS

Where your tokens live

Your local disk, encrypted with your master password (AES-256-GCM, Argon2id KDF). Never leaves your machine.

Composio's cloud. Encrypted at rest, but Composio holds the keys and can read them.

Network model

Agent → mcpvault on your machine → upstream API. Zero third-party hops.

Agent → Composio servers → upstream API. Composio sees every tool call payload.

Pricing

Free forever. MIT licensed. No tier, no usage cap.

Free tier with limits → Growth ~$29/mo → Enterprise quote.

Open source

Yes. Source on GitHub. You can audit the entire vault + wrapper code.

Closed-source SaaS. Their MCP server is open, the platform is not.

Integrations

4 services in v1: Supabase, GitHub, Vercel, Stripe. Deep, opinionated tool surfaces.

500+ integrations. Breadth-first; tool surfaces vary in quality.

Multi-account per service

Yes. Many accounts per service. Switch via natural language mid-conversation. No restart.

Yes for OAuth services. Switching mid-conversation is harder; agent sessions usually pick one.

Auth flow

Paste a Personal Access Token. Validated live before save. No OAuth callbacks.

OAuth via Composio's site. Smoother for end-users; requires you to trust their OAuth app.

Setup time

npm i + 3 commands. Under five minutes total.

What it requires from you

Your own machine. Node 20+. A master password.

Trust in their cloud + an account on composio.dev.

Failure mode if vendor disappears

Nothing. The vault file lives on your disk; the wrappers are open source. Fork or freeze.

Your tokens are recoverable, but the integration layer goes away. You rebuild on a new platform.

Audit log

Append-only local log of which account served which call. No credentials, no payloads.

Server-side logs in their dashboard. Useful for teams; less private.

TL;DR

Composio is a YC-backed, hosted "tools-for-AI" platform with 500+ integrations. You sign up, OAuth each service on their site, and your agent calls Composio's API which forwards to the underlying service. Convenient. Their servers see every tool-call payload.

mcpvault is a single npm package that does the same job without the cloud. Tokens live encrypted at ~/.mcpvault/vault.enc on your machine, decrypted only inside wrapper processes that your chat client spawns. Open source, MIT, free forever.

They're not really competing for the same user. Composio sells to teams building agent products that need 500 integrations yesterday. mcpvault is for the individual developer using AI for their own work, with 2–10 accounts across services, who'd rather not put credentials on someone else's server.

"Like Composio, but local. Your tokens never leave your machine. Free, open source, BYO service coverage."

When Composio wins

You need 500 integrations on day one and don't want to wait for an OSS project to add Notion, Salesforce, HubSpot, Zoom, etc.
You're building a product for end-users (not yourself) and want to abstract away OAuth UIs.
You're fine paying $29+/month and trusting composio.dev with the auth tokens for every service your product touches.
You need a hosted dashboard for your team to share connections.

When mcpvault wins

You're using AI for your own work, not shipping a product to others.
You have multiple accounts per service (personal + work + freelance clients) and want to switch between them in chat.
You'd rather not give a third party a long-lived token to your production Supabase.
You want a tool you can read the source of, fork, and run forever even if the maintainer disappears.
You don't want a monthly subscription for what is, fundamentally, a CLI.

The privacy gap

This is the biggest practical difference and worth dwelling on.

With Composio, every tool call your agent makes flows through their servers: agent → composio.dev → service. Composio's server sees the full request payload (the SQL you ran, the email you searched for, the customer ID you looked up) and the full response. They encrypt your tokens at rest, but the request itself is plaintext to them while it's being proxied. That's the design.

With mcpvault, the path is agent → mcpvault on your machine → service. There's no third-party hop. The wrapper process decrypts the credential in memory, attaches it to the API request, returns the response to your client. The credential never crosses the MCP wire to the agent, and it never crosses the network to anyone but the upstream API.

For a solo dev's day-to-day use of an AI assistant against personal and client services, the latter is the right model. For a hosted SaaS product doing OAuth on behalf of thousands of end-users, Composio's model is the right one. They're solving different problems that look the same from a distance.

The cost gap

mcpvault is free. There is no paid tier, no usage cap, no future "we had to add a paid plan" announcement. It runs on your machine; there's no server to keep online.

Composio's pricing scales with usage. The free tier has limits; the Growth tier starts around $29/month per developer; enterprise is quote-based. If you're a solo dev calling 10 tools a day, you'll probably stay free. If your agent runs heavy workflows, you'll graduate into the paid tiers.

The integration gap

Composio wins on raw count: 500+ vs mcpvault's 4. If you need Salesforce or HubSpot or Asana today, mcpvault doesn't have it.

mcpvault's bet is that quality beats quantity for the services it covers. The Stripe wrapper, for example, is intentionally read-only — there's no create_charge, no refund. Money operations are not the kind of thing you want a chat interface one prompt away from. That's a deliberate tool-surface decision an integration platform with 500 services can't afford to make for every one.

v2 brings OAuth services (Gmail, Drive, Slack) and adapters for 1Password / Bitwarden as a credential source. The list grows. It will never be 500.

Migrating from Composio to mcpvault

If you're currently on Composio and want to try the local route:

Install mcpvault on your machine.
For each service mcpvault covers (Supabase, GitHub, Vercel, Stripe): regenerate a Personal Access Token from the upstream provider, then mcpvault add <service>.
Wire mcpvault into your chat client(auto for Claude Code, Claude Desktop, Cursor, Cline, Windsurf).
Revoke the Composio-issued tokens from each provider's dashboard once you've confirmed the local setup works.

For services Composio supports but mcpvault doesn't (yet), keep Composio for those and use mcpvault for the rest. The two coexist cleanly — they're separate MCP servers in your client's config.

Bottom line

If your priority is integration breadth, use Composio. If your priority is privacy, cost, and control, use mcpvault. The two compete on a small slice in the middle: solo developers who want their agent to talk to a few core services and care which side of the trust spectrum their credentials live on.

Try it →

Install mcpvault in 3 commands

Free, MIT, runs on your machine. No account needed.

See more →

All Composio alternatives

Other open-source and self-hosted options worth knowing.