MCP Server Template
A production-ready TypeScript template for building MCP servers with dual transport support (stdio/HTTP), OAuth 2.1 foundations, SQLite caching, observability, and security features including PII sanitization and rate limiting.
README
MCP Server Template
A production-ready template for building Model Context Protocol (MCP) servers with TypeScript.
Features
- MCP SDK 1.24.3 - Latest SDK with 2025-11-25 spec support
- Dual Transport - Stdio (Claude Desktop) and HTTP (cloud deployment)
- OAuth 2.1 Foundations - Protected resource metadata, bearer token structure
- SQLite Caching - TTL-based caching with sql.js (WebAssembly)
- Observability - Sentry error tracking + OpenTelemetry tracing
- Security - PII sanitization, rate limiting, DNS rebinding protection
- Type Safety - Strict TypeScript with Zod validation
Quick Start
# Clone and install
git clone <this-repo> my-mcp-server
cd my-mcp-server
npm install
# Development mode (hot reload)
npm run dev
# Build and run
npm run build
npm start
# Test with MCP Inspector
npm run inspector
Project Structure
src/
├── index.ts # CLI entry point
├── server.ts # MCP server implementation
├── instrumentation.ts # Sentry + OpenTelemetry setup
├── config/
│ └── index.ts # Environment configuration
├── db/
│ ├── database.ts # SQLite connection (sql.js)
│ └── cache.ts # TTL-based caching
├── tools/
│ ├── registry.ts # Tool registration pattern
│ └── examples.ts # Example tool implementations
├── transport/
│ └── http-transport.ts # HTTP with OAuth foundations
├── shared/
│ ├── logger.ts # Structured logging
│ ├── errors.ts # Custom error classes
│ ├── rate-limiter.ts # Per-source rate limiting
│ ├── pii-sanitizer.ts # PII detection/removal
│ └── tracing.ts # OpenTelemetry utilities
└── types/
└── index.ts # TypeScript type definitions
Configuration
Environment variables (prefix with MCP_SERVER_):
| Variable | Default | Description |
|---|---|---|
MCP_SERVER_NAME |
mcp-server-template |
Server name |
MCP_SERVER_VERSION |
0.1.0 |
Server version |
MCP_SERVER_LOG_LEVEL |
info |
Log level: debug, info, warning, error |
MCP_SERVER_DB_PATH |
.data/cache.db |
SQLite database path |
MCP_SERVER_CACHE_ENABLED |
true |
Enable/disable caching |
MCP_SERVER_CACHE_TTL |
3600 |
Default cache TTL (seconds) |
MCP_SERVER_TIMEOUT |
30000 |
Request timeout (ms) |
MCP_SERVER_TRANSPORT |
stdio |
Transport: stdio or http |
MCP_SERVER_PORT |
3000 |
HTTP port (when transport=http) |
MCP_SERVER_HOST |
127.0.0.1 |
HTTP host (when transport=http) |
MCP_SERVER_SENTRY_DSN |
- | Sentry DSN for error tracking |
OTEL_ENABLED |
false |
Enable OpenTelemetry tracing |
OTEL_EXPORTER_OTLP_ENDPOINT |
- | OTLP collector endpoint |
MCP_SERVER_DEBUG |
false |
Debug mode (skips auth) |
Creating Tools
Tools are registered with the ToolRegistry using Zod schemas:
import { z } from 'zod';
import { getToolRegistry } from './tools/registry.js';
// Define input schema
const MyToolInputSchema = z.object({
query: z.string().min(1).describe('Search query'),
limit: z.number().positive().optional().default(10),
});
type MyToolInput = z.infer<typeof MyToolInputSchema>;
// Implement handler
async function myToolHandler(input: MyToolInput) {
// Your implementation here
return {
success: true,
data: { results: [] },
};
}
// Register tool
const registry = getToolRegistry();
registry.register(
'my_tool',
'Description of what this tool does',
MyToolInputSchema,
myToolHandler
);
Transport Modes
Stdio (Default)
For Claude Desktop and local integrations:
npm start
Add to Claude Desktop config:
{
"mcpServers": {
"my-server": {
"command": "node",
"args": ["/path/to/dist/index.js"]
}
}
}
HTTP
For cloud deployment:
MCP_SERVER_TRANSPORT=http npm start
Endpoints:
GET /health- Health checkGET /.well-known/mcp- MCP server metadataGET /.well-known/oauth-protected-resource- OAuth metadata (RFC 9728)GET /mcp- SSE stream for server eventsPOST /mcp- JSON-RPC requestsDELETE /mcp- Close session
Security Features
PII Sanitization
Automatically detects and masks sensitive data:
import { sanitizePii } from './shared/pii-sanitizer.js';
const safe = sanitizePii('Contact: user@example.com');
// Output: "Contact: [EMAIL]"
Rate Limiting
Per-source rate limiting with exponential backoff:
import { getRateLimiter } from './shared/rate-limiter.js';
const limiter = getRateLimiter();
limiter.configure('external-api', {
requestsPerWindow: 100,
windowMs: 60000,
});
await limiter.waitForSlot('external-api');
// Make request...
DNS Rebinding Protection
HTTP transport validates Host headers against allowlist.
Observability
Sentry
Error tracking with PII filtering:
MCP_SERVER_SENTRY_DSN=https://xxx@sentry.io/xxx npm start
OpenTelemetry
Distributed tracing:
OTEL_ENABLED=true \
OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318 \
npm start
Use tracing utilities:
import { withSpan, createApiSpan } from './shared/tracing.js';
const result = await withSpan('my-operation', async (span) => {
span.setAttribute('custom.attr', 'value');
return doWork();
});
Development
# Type check
npm run check
# Lint
npm run lint
npm run lint:fix
# Format
npm run format
# Test
npm test
npm run test:coverage
# Validate (all checks)
npm run validate
MCP 2025-11-25 Spec Compliance
| Feature | Status |
|---|---|
| Tools | ✅ Implemented |
| Resources | 📝 Scaffolded |
| Prompts | 📝 Scaffolded |
| Streamable HTTP | ✅ Implemented |
| .well-known/mcp | ✅ Implemented |
| OAuth 2.1 Foundations | ✅ Scaffolded |
| Tasks | ❌ Not yet |
| Elicitation | ❌ Not yet |
OAuth 2.1 Implementation
The template includes foundations for OAuth 2.1 per the MCP spec:
- Protected Resource Metadata (RFC 9728) at
/.well-known/oauth-protected-resource - Bearer token middleware structure (implement JWT validation)
- WWW-Authenticate headers with resource_metadata reference
- Scope checking structure for tool authorization
To complete OAuth integration:
- Choose an authorization server (Auth0, Logto, etc.)
- Implement JWT validation in
bearerAuthMiddleware - Add JWKS fetching and caching
- Configure scopes per tool
See MCP Authorization Spec for details.
License
MIT
References
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.
E2B
Using MCP to run code via e2b.