FastAPI MCP Production Kit

FastAPI MCP Production Kit

A local-first FastAPI and MCP safety kit for turning internal HTTP APIs into controlled MCP tools, with per-tool scopes, quotas, audit events, and default-deny web-access boundaries.

Category
Visit Server

README

FastAPI MCP Production Kit

Python FastAPI License: MIT

A local-first FastAPI and MCP safety kit for turning internal HTTP APIs into controlled MCP tools.

Most MCP examples show how to expose a tool. This repo focuses on what teams need before agents can use those tools safely: local credentials, per-tool scopes, quota checks, audit events, web-access boundaries, fallback decisions, and a quickstart that works without paid services.

This kit helps you answer:

  • Which FastAPI capabilities should become MCP tools?
  • How do tool calls prove identity before doing work?
  • How do different tools get different scopes?
  • How do quotas and audit events work before remote deployment?
  • How do web-access tools default to deny instead of arbitrary outbound access?

Ships today:

  • FastAPI app factory with /healthz, tool discovery, demo token, and tool-call endpoints
  • Local MCP-style tool dispatcher with three tools
  • HMAC-signed local demo tokens
  • Per-tool scope checks
  • Deterministic in-memory quotas
  • Structured audit events and JSONL fixture generation
  • Default-deny web-access fixture boundary
  • Provider fallback decision record helper
  • Pytest coverage for auth, scopes, quotas, audit, boundaries, fallback, and tool calls
  • Public boundary scan script
  • Production docs map for security, scopes, audit, quotas, deployment, web access, fallback, observability, and troubleshooting

Quickstart

python3 -m venv .venv
source .venv/bin/activate
python -m pip install -e '.[dev]'
pytest
python examples/local-only-demo/demo_client.py

Run the FastAPI app:

uvicorn prodkit_mcp.app:app --reload

List available tools:

curl -s http://127.0.0.1:8000/tools

Create a demo token:

curl -s http://127.0.0.1:8000/demo/token \
  -H 'content-type: application/json' \
  -d '{"subject_id":"local-developer","scopes":["project:read","docs:search","web:fetch"]}'

Call a tool:

curl -s http://127.0.0.1:8000/tools/read_project_status \
  -H "authorization: Bearer $ACCESS_TOKEN" \
  -H 'content-type: application/json' \
  -d '{"arguments":{}}'

Generate audit fixtures:

python scripts/generate_audit_fixtures.py

Run the public boundary scan:

python scripts/scan_public_boundary.py

Tool Model

Tool Scope Purpose
read_project_status project:read Reads a synthetic project status record
search_docs_fixture docs:search Searches bundled documentation fixtures
fetch_allowed_page web:fetch Fetches only reviewed safe page fixtures

What This Is Not

This is not a hosted MCP platform, a broad server directory, a production security review, or an arbitrary web-access tool. It is a local reference kit for making MCP tool exposure easier to reason about before remote deployment.

Production Guides

Optional MCP SDK Adapter

The default quickstart uses the local dispatcher so the safety path is easy to test in CI. If you install the optional mcp extra, prodkit_mcp.mcp_server can create a FastMCP server wrapper around the same tools.

python -m pip install -e '.[mcp,dev]'

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured