ros/claude-plugins-official
1
0
Fork 0
mirror of https://github.com/anthropics/claude-plugins-official.git synced 2026-03-20 23:43:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

add(plugin): mcp-server-dev — skills for building MCP servers (#731)

Browse Source
This commit is contained in:
Tobin South
2026-03-20 17:51:32 +00:00
committed by GitHub
parent 562a27feec
commit 90accf6fd2
20 changed files with 2901 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
plugins/mcp-server-dev/skills/build-mcp-server/references/auth.md Normal file
View File

@@ -0,0 +1,92 @@
# Auth for MCP Servers
Auth is the reason most people end up needing a **remote** server even when a local one would be simpler. OAuth redirects, token storage, and refresh all work cleanly when there's a real hosted endpoint to redirect back to.
---
## The three tiers
### Tier 1: No auth / static API key
Server reads a key from env. User provides it once at setup. Done.
```typescript
const apiKey = process.env.UPSTREAM_API_KEY;
if (!apiKey) throw new Error("UPSTREAM_API_KEY not set");
```
Works for local stdio, MCPB, and remote servers alike. If this is all you need, stop here.
### Tier 2: OAuth 2.0 via CIMD (preferred per spec 2025-11-25)
**Client ID Metadata Document.** The MCP host publishes its client metadata at an HTTPS URL and uses that URL *as* its `client_id`. Your authorization server fetches the document, validates it, and proceeds with the auth-code flow. No registration endpoint, no stored client records.
Spec 2025-11-25 promoted CIMD to SHOULD (preferred). Advertise support via `client_id_metadata_document_supported: true` in your OAuth AS metadata.
**Server responsibilities:**
1. Serve OAuth Authorization Server Metadata (RFC 8414) at `/.well-known/oauth-authorization-server` with `client_id_metadata_document_supported: true`
2. Serve an MCP-protected-resource metadata document pointing at (1)
3. At authorize time: fetch `client_id` as an HTTPS URL, validate the returned client metadata, proceed
4. Validate bearer tokens on incoming `/mcp` requests
```
┌─────────┐ client_id=https://... ┌──────────────┐ upstream OAuth ┌──────────┐
│ MCP host│ ──────────────────────> │ Your MCP srv │ ─────────────────> │ Upstream │
└─────────┘ <─── bearer token ───── └──────────────┘ <── access token ──└──────────┘
```
### Tier 3: OAuth 2.0 via Dynamic Client Registration (DCR)
**Backward-compat fallback** — spec 2025-11-25 demoted DCR to MAY. The host discovers your `registration_endpoint`, POSTs its metadata to register itself as a client, gets back a `client_id`, then runs the auth-code flow.
Implement DCR if you need to support hosts that haven't moved to CIMD yet. Same server responsibilities as CIMD, but instead of fetching the `client_id` URL you run a registration endpoint that stores client records.
**Client priority order:** pre-registered → CIMD (if AS advertises `client_id_metadata_document_supported`) → DCR (if AS has `registration_endpoint`) → prompt user.
---
## Hosting providers with built-in DCR/CIMD support
Several MCP-focused hosting providers handle the OAuth plumbing for you — you implement tool logic, they run the authorization server. Check their docs for current capabilities. If the user doesn't have strong hosting preferences, this is usually the fastest path to a working OAuth-protected server.
---
## Local servers and OAuth
Local stdio servers **can** do OAuth (open a browser, catch the redirect on a localhost port, stash the token in the OS keychain). It's fragile:
- Breaks in headless/remote environments
- Every user re-does the dance
- No central token refresh or revocation
If OAuth is required, lean hard toward remote HTTP. If you *must* ship local + OAuth, the `@modelcontextprotocol/sdk` includes a localhost-redirect helper, and MCPB is the right packaging so at least the runtime is predictable.
---
## Token storage
| Deployment | Store tokens in |
|---|---|
| Remote, stateless | Nowhere — host sends bearer each request |
| Remote, stateful | Session store keyed by MCP session ID (Redis, etc.) |
| MCPB / local | OS keychain (`keytar` on Node, `keyring` on Python). **Never plaintext on disk.** |
---
## Token audience validation (spec MUST)
Validating "is this a valid bearer token" isn't enough. The spec requires validating "was this token minted *for this server*" — RFC 8707 audience. A token issued for `api.other-service.com` must be rejected even if the signature checks out.
**Token passthrough is explicitly forbidden.** Don't accept a token, then forward it upstream. If your server needs to call another service, exchange the token or use its own credentials.
---
## SDK helpers — don't hand-roll
`@modelcontextprotocol/sdk/server/auth` ships:
- `mcpAuthRouter()` — Express router for the full OAuth AS surface (metadata, authorize, token)
- `bearerAuth` — middleware that validates bearer tokens against your verifier
- `proxyProvider` — forward auth to an upstream IdP
If you're wiring auth from scratch, check these first.

106
plugins/mcp-server-dev/skills/build-mcp-server/references/deploy-cloudflare-workers.md Normal file
View File

@@ -0,0 +1,106 @@
# Deploy to Cloudflare Workers
Fastest path from zero to a live `https://` MCP URL. Free tier, no credit card to start, two commands to deploy.
**Trade-off:** This is a Workers-native scaffold, not a deploy target for the Express scaffold in `remote-http-scaffold.md`. Different runtime. If you need portability across hosts, stick with Express. If you just want it live, start here.
---
## Bootstrap
```bash
npm create cloudflare@latest -- my-mcp-server \
--template=cloudflare/ai/demos/remote-mcp-authless
cd my-mcp-server
```
This pulls a minimal template with the right deps (`agents`, `zod`) and a working `wrangler.jsonc`.
---
## `src/index.ts`
Replace the template's calculator example with your tools. Use `registerTool()` (same API as the Express scaffold — the `McpServer` instance is identical):
```typescript
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { McpAgent } from "agents/mcp";
import { z } from "zod";
export class MyMCP extends McpAgent {
server = new McpServer(
{ name: "my-service", version: "0.1.0" },
{ instructions: "Prefer search_items before get_item — IDs aren't guessable." },
);
async init() {
this.server.registerTool(
"search_items",
{
description: "Search items by keyword. Returns up to `limit` matches.",
inputSchema: {
query: z.string().describe("Search keywords"),
limit: z.number().int().min(1).max(50).default(10),
},
annotations: { readOnlyHint: true },
},
async ({ query, limit }) => {
const results = await upstreamApi.search(query, limit);
return { content: [{ type: "text", text: JSON.stringify(results, null, 2) }] };
},
);
}
}
export default {
fetch(request: Request, env: Env, ctx: ExecutionContext) {
const url = new URL(request.url);
if (url.pathname === "/mcp") {
return MyMCP.serve("/mcp").fetch(request, env, ctx);
}
return new Response("Not found", { status: 404 });
},
};
```
`McpAgent` is Cloudflare's wrapper — it handles the streamable-HTTP transport, session routing, and Durable Object plumbing. Your code only touches `this.server`, which is the same `McpServer` class from the SDK. Everything in `tool-design.md` and `server-capabilities.md` applies unchanged.
---
## `wrangler.jsonc`
The template ships this. The Durable Objects block is **boilerplate**`McpAgent` uses DO for session state. You don't interact with it directly.
```jsonc
{
"name": "my-mcp-server",
"main": "src/index.ts",
"compatibility_date": "2025-03-10",
"compatibility_flags": ["nodejs_compat"],
"migrations": [{ "new_sqlite_classes": ["MyMCP"], "tag": "v1" }],
"durable_objects": {
"bindings": [{ "class_name": "MyMCP", "name": "MCP_OBJECT" }]
}
}
```
If you rename the `MyMCP` class, update both `new_sqlite_classes` and `class_name` to match.
---
## Run and deploy
```bash
npx wrangler dev # → http://localhost:8787/mcp
npx wrangler deploy # → https://my-mcp-server.<account>.workers.dev/mcp
```
`wrangler deploy` prints the live URL. That's the URL users paste into Claude.
Secrets (upstream API keys): `npx wrangler secret put UPSTREAM_API_KEY`, then read `env.UPSTREAM_API_KEY` inside `init()`.
---
## OAuth
Cloudflare ships `@cloudflare/workers-oauth-provider` — a drop-in that handles the authorization server side (CIMD/DCR endpoints, token issuance, consent UI). It wraps your `McpAgent` and gates `/mcp` behind a token check. See `auth.md` for the protocol details; the CF template `cloudflare/ai/demos/remote-mcp-github-oauth` shows the wiring.

129
plugins/mcp-server-dev/skills/build-mcp-server/references/elicitation.md Normal file
View File

@@ -0,0 +1,129 @@
# Elicitation — spec-native user input
Elicitation lets a server pause mid-tool-call and ask the user for structured input. The client renders a native form (no iframe, no HTML). User fills it, server continues.
**This is the right answer for simple input.** Widgets (`build-mcp-app`) are for when you need rich UI — charts, searchable lists, visual previews. If you just need a confirmation, a picked option, or a few form fields, elicitation is simpler, spec-native, and works in any compliant host.
---
## ⚠️ Check capability first — support is new
Host support is very recent:
| Host | Status |
|---|---|
| Claude Code | ✅ since v2.1.76 (both `form` and `url` modes) |
| Claude Desktop | Unconfirmed — likely not yet or very recent |
| claude.ai | Unknown |
**The SDK throws `CapabilityNotSupported` if the client doesn't advertise elicitation.** There is no graceful degradation built in. You MUST check and have a fallback.
### The canonical pattern
```typescript
server.registerTool("delete_all", {
description: "Delete all items after confirmation",
inputSchema: {},
}, async ({}, extra) => {
const caps = server.getClientCapabilities();
if (caps?.elicitation) {
const r = await server.elicitInput({
mode: "form",
message: "Delete all items? This cannot be undone.",
requestedSchema: {
type: "object",
properties: { confirm: { type: "boolean", title: "Confirm deletion" } },
required: ["confirm"],
},
});
if (r.action === "accept" && r.content?.confirm) {
await deleteAll();
return { content: [{ type: "text", text: "Deleted." }] };
}
return { content: [{ type: "text", text: "Cancelled." }] };
}
// Fallback: return text asking Claude to relay the question
return { content: [{ type: "text", text: "Confirmation required. Please ask the user: 'Delete all items? This cannot be undone.' Then call this tool again with their answer." }] };
});
```
```python
# fastmcp
from fastmcp import Context
from fastmcp.exceptions import CapabilityNotSupported
@mcp.tool
async def delete_all(ctx: Context) -> str:
try:
result = await ctx.elicit("Delete all items? This cannot be undone.", response_type=bool)
if result.action == "accept" and result.data:
await do_delete()
return "Deleted."
return "Cancelled."
except CapabilityNotSupported:
return "Confirmation required. Ask the user to confirm deletion, then retry."
```
---
## Schema constraints
Elicitation schemas are deliberately limited — keep forms simple:
- **Flat objects only** — no nesting, no arrays of objects
- **Primitives only** — `string`, `number`, `integer`, `boolean`, `enum`
- String formats limited to: `email`, `uri`, `date`, `date-time`
- Use `title` and `description` on each property — they become form labels
If your data doesn't fit these constraints, that's the signal to escalate to a widget.
---
## Three-state response
| Action | Meaning | `content` present? |
|---|---|---|
| `accept` | User submitted the form | ✅ validated against your schema |
| `decline` | User explicitly said no | ❌ |
| `cancel` | User dismissed (escape, clicked away) | ❌ |
Treat `decline` and `cancel` differently if it matters — `decline` is intentional, `cancel` might be accidental.
The TS SDK's `server.elicitInput()` auto-validates `accept` responses against your schema via Ajv. fastmcp's `ctx.elicit()` returns a typed discriminated union (`AcceptedElicitation[T] | DeclinedElicitation | CancelledElicitation`).
---
## fastmcp response_type shorthand
```python
await ctx.elicit("Pick a color", response_type=["red", "green", "blue"]) # enum
await ctx.elicit("Enter email", response_type=str) # string
await ctx.elicit("Confirm?", response_type=bool) # boolean
@dataclass
class ContactInfo:
name: str
email: str
await ctx.elicit("Contact details", response_type=ContactInfo) # flat dataclass
```
Accepts: primitives, `list[str]` (becomes enum), dataclass, TypedDict, Pydantic BaseModel. All must be flat.
---
## Security
**MUST NOT request passwords, API keys, or tokens via elicitation** — spec requirement. Those go through OAuth or `user_config` with `sensitive: true` (MCPB), not runtime forms.
---
## When to escalate to widgets
Elicitation handles: confirm dialogs, enum pickers, short flat forms.
Reach for `build-mcp-app` widgets when you need:
- Nested or complex data structures
- Scrollable/searchable lists (100+ items)
- Visual preview before choosing (image thumbnails, file tree)
- Live-updating progress or streaming content
- Custom layouts, charts, maps

211
plugins/mcp-server-dev/skills/build-mcp-server/references/remote-http-scaffold.md Normal file
View File

@@ -0,0 +1,211 @@
# Remote Streamable-HTTP MCP Server — Scaffold
Minimal working servers in both recommended frameworks. Start here, then add tools.
---
## TypeScript SDK (`@modelcontextprotocol/sdk`)
```bash
npm init -y
npm install @modelcontextprotocol/sdk zod express
npm install -D typescript @types/express @types/node tsx
```
**`src/server.ts`**
```typescript
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
import express from "express";
import { z } from "zod";
const server = new McpServer(
{ name: "my-service", version: "0.1.0" },
{ instructions: "Prefer search_items before calling get_item directly — IDs aren't guessable." },
);
// Pattern A: one tool per action
server.registerTool(
"search_items",
{
description: "Search items by keyword. Returns up to `limit` matches ranked by relevance.",
inputSchema: {
query: z.string().describe("Search keywords"),
limit: z.number().int().min(1).max(50).default(10),
},
annotations: { readOnlyHint: true },
},
async ({ query, limit }, extra) => {
// extra.signal is an AbortSignal — check it in long loops for cancellation
const results = await upstreamApi.search(query, limit);
return {
content: [{ type: "text", text: JSON.stringify(results, null, 2) }],
};
},
);
server.registerTool(
"get_item",
{
description: "Fetch a single item by its ID.",
inputSchema: { id: z.string() },
annotations: { readOnlyHint: true },
},
async ({ id }) => {
const item = await upstreamApi.get(id);
return { content: [{ type: "text", text: JSON.stringify(item) }] };
},
);
// Streamable HTTP transport (stateless mode — simplest)
const app = express();
app.use(express.json());
app.post("/mcp", async (req, res) => {
const transport = new StreamableHTTPServerTransport({
sessionIdGenerator: undefined, // stateless
});
res.on("close", () => transport.close());
await server.connect(transport);
await transport.handleRequest(req, res, req.body);
});
app.listen(process.env.PORT ?? 3000);
```
**Stateless vs stateful:** The snippet above creates a fresh transport per request (stateless). Fine for most API-wrapping servers. If tools need to share state across calls in a session (rare), use a session-keyed transport map — see the SDK's `examples/server/simpleStreamableHttp.ts`.
---
## FastMCP 3.x (Python)
```bash
pip install fastmcp
```
**`server.py`**
```python
from fastmcp import FastMCP
mcp = FastMCP(
name="my-service",
instructions="Prefer search_items before calling get_item directly — IDs aren't guessable.",
)
@mcp.tool(annotations={"readOnlyHint": True})
def search_items(query: str, limit: int = 10) -> list[dict]:
"""Search items by keyword. Returns up to `limit` matches ranked by relevance."""
return upstream_api.search(query, limit)
@mcp.tool(annotations={"readOnlyHint": True})
def get_item(id: str) -> dict:
"""Fetch a single item by its ID."""
return upstream_api.get(id)
if __name__ == "__main__":
mcp.run(transport="http", host="0.0.0.0", port=3000)
```
FastMCP derives the JSON schema from type hints and the docstring becomes the tool description. Keep docstrings terse and action-oriented — they land in Claude's context window verbatim.
---
## Search + execute pattern (large API surface)
When wrapping 50+ endpoints, don't register them all. Two tools:
```typescript
const CATALOG = loadActionCatalog(); // { id, description, paramSchema }[]
server.registerTool(
"search_actions",
{
description: "Find available actions matching an intent. Call this first to discover what's possible. Returns action IDs, descriptions, and parameter schemas.",
inputSchema: { intent: z.string().describe("What you want to do, in plain English") },
annotations: { readOnlyHint: true },
},
async ({ intent }) => {
const matches = rankActions(CATALOG, intent).slice(0, 10);
return { content: [{ type: "text", text: JSON.stringify(matches, null, 2) }] };
},
);
server.registerTool(
"execute_action",
{
description: "Execute an action by ID. Get the ID and params schema from search_actions first.",
inputSchema: {
action_id: z.string(),
params: z.record(z.unknown()),
},
},
async ({ action_id, params }) => {
const action = CATALOG.find(a => a.id === action_id);
if (!action) throw new Error(`Unknown action: ${action_id}`);
validate(params, action.paramSchema);
const result = await dispatch(action, params);
return { content: [{ type: "text", text: JSON.stringify(result) }] };
},
);
```
`rankActions` can be simple keyword matching to start. Upgrade to embeddings if precision matters.
---
## Test it
The MCP Inspector connects to any transport and lets you poke tools interactively.
```bash
# Interactive — opens a UI on localhost:6274
npx @modelcontextprotocol/inspector
# → select "Streamable HTTP", paste http://localhost:3000/mcp, Connect
```
For scripted checks (CI, smoke tests):
```bash
npx @modelcontextprotocol/inspector --cli http://localhost:3000/mcp \
--transport http --method tools/list
npx @modelcontextprotocol/inspector --cli http://localhost:3000/mcp \
--transport http --method tools/call --tool-name search_items --tool-arg query=test
```
---
## Connect users
Once deployed, users add the URL directly — no install step.
| Surface | How |
|---|---|
| **Claude Code** | `claude mcp add --transport http <name> <url>` (add `--scope user` for global, `--header "Authorization: Bearer ..."` for auth) |
| **Claude Desktop / Claude.ai** | Settings → Connectors → Add custom connector. **Not** `claude_desktop_config.json` — remote servers configured there are ignored. |
| **Connector directory** | Anthropic maintains a submission guide for listing in the public connector directory. |
---
## Deploy
**Fastest path:** Cloudflare Workers — two commands from zero to a live `https://` URL on the free tier. Uses a Workers-native scaffold (not Express). → `deploy-cloudflare-workers.md`
**This Express scaffold** runs on any Node host — Render, Railway, Fly.io, a VPS. Containerize it (`node:20-slim`, copy, `npm ci`, `node dist/server.js`) and ship. FastMCP is the same story with a Python base image.
---
## Deployment checklist
- [ ] `POST /mcp` responds to `initialize` with server capabilities
- [ ] `tools/list` returns your tools with complete schemas
- [ ] Errors return structured MCP errors, not HTTP 500s with HTML bodies
- [ ] CORS headers set if browser clients will connect
- [ ] `Origin` header validated on `/mcp` (spec MUST — DNS rebinding prevention)
- [ ] `MCP-Protocol-Version` header honored (return 400 for unsupported versions)
- [ ] `instructions` field set if tool-use needs hints
- [ ] Health check endpoint separate from `/mcp` (hosts poll it)
- [ ] Secrets from env vars, never hardcoded
- [ ] If OAuth: CIMD or DCR endpoint implemented — see `auth.md`

122
plugins/mcp-server-dev/skills/build-mcp-server/references/resources-and-prompts.md Normal file
View File

@@ -0,0 +1,122 @@
# Resources & Prompts — the other two primitives
MCP defines three server-side primitives. Tools are model-controlled (Claude decides when to call them). The other two are different:
- **Resources** are application-controlled — the host decides what to pull into context
- **Prompts** are user-controlled — surfaced as slash commands or menu items
Most servers only need tools. Reach for these when the shape of your integration doesn't fit "Claude calls a function."
---
## Resources
A resource is data identified by a URI. Unlike a tool, it's not *called* — it's *read*. The host browses available resources and decides which to load into context.
**When a resource beats a tool:**
- Large reference data (docs, schemas, configs) that Claude should be able to browse
- Content that changes independently of conversation (log files, live data)
- Anything where "Claude decides to fetch" is the wrong mental model
**When a tool is better:**
- The operation has side effects
- The result depends on parameters Claude chooses
- You want Claude (not the host UI) to decide when to pull it in
### Static resources
```typescript
// TypeScript SDK
server.registerResource(
"config",
"config://app/settings",
{ name: "App Settings", description: "Current configuration", mimeType: "application/json" },
async (uri) => ({
contents: [{ uri: uri.href, mimeType: "application/json", text: JSON.stringify(config) }],
}),
);
```
```python
# fastmcp
@mcp.resource("config://app/settings")
def get_settings() -> str:
"""Current application configuration."""
return json.dumps(config)
```
### Dynamic resources (URI templates)
RFC 6570 templates let one registration serve many URIs:
```typescript
import { ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
server.registerResource(
"file",
new ResourceTemplate("file:///{path}", { list: undefined }),
{ name: "File", description: "Read a file from the workspace" },
async (uri, { path }) => ({
contents: [{ uri: uri.href, text: await fs.readFile(path, "utf8") }],
}),
);
```
```python
@mcp.resource("file:///{path}")
def read_file(path: str) -> str:
return Path(path).read_text()
```
### Subscriptions
Resources can notify the client when they change. Declare `subscribe: true` in capabilities, then emit `notifications/resources/updated`. The host re-reads. Useful for log tails, live dashboards, watched files.
---
## Prompts
A prompt is a parameterized message template. The host surfaces it as a slash command or menu item. The user picks it, fills in arguments, and the resulting messages land in the conversation.
**When to use:** canned workflows users run repeatedly — `/summarize-thread`, `/draft-reply`, `/explain-error`. Near-zero code, high UX leverage.
```typescript
server.registerPrompt(
"summarize",
{
title: "Summarize document",
description: "Generate a concise summary of the given text",
argsSchema: { text: z.string(), max_words: z.string().optional() },
},
({ text, max_words }) => ({
messages: [{
role: "user",
content: { type: "text", text: `Summarize in ${max_words ?? "100"} words:\n\n${text}` },
}],
}),
);
```
```python
@mcp.prompt
def summarize(text: str, max_words: str = "100") -> str:
"""Generate a concise summary of the given text."""
return f"Summarize in {max_words} words:\n\n{text}"
```
**Constraints:**
- Arguments are **string-only** (no numbers, booleans, objects) — convert inside the handler
- Returns a `messages[]` array — can include embedded resources/images, not just text
- No side effects — the handler just builds a message, it doesn't *do* anything
---
## Quick decision table
| You want to... | Use |
|---|---|
| Let Claude fetch something on demand, with parameters | **Tool** |
| Expose browsable context (files, docs, schemas) | **Resource** |
| Expose a dynamic family of things (`db://{table}`) | **Resource template** |
| Give users a one-click workflow | **Prompt** |
| Ask the user something mid-tool | **Elicitation** (see `elicitation.md`) |

164
plugins/mcp-server-dev/skills/build-mcp-server/references/server-capabilities.md Normal file
View File

@@ -0,0 +1,164 @@
# Server capabilities — the rest of the spec
Features beyond the three core primitives. Most are optional, a few are near-free wins.
---
## `instructions` — system prompt injection
One line of config, lands directly in Claude's system prompt. Use it for tool-use hints that don't fit in individual tool descriptions.
```typescript
const server = new McpServer(
{ name: "my-server", version: "1.0.0" },
{ instructions: "Always call search_items before get_item — IDs aren't guessable." },
);
```
```python
mcp = FastMCP("my-server", instructions="Always call search_items before get_item — IDs aren't guessable.")
```
This is the highest-leverage one-liner in the spec. If Claude keeps misusing your tools, put the fix here.
---
## Sampling — delegate LLM calls to the host
If your tool logic needs LLM inference (summarize, classify, generate), don't ship your own model client. Ask the host to do it.
```typescript
// Inside a tool handler
const result = await extra.sendRequest({
method: "sampling/createMessage",
params: {
messages: [{ role: "user", content: { type: "text", text: `Summarize: ${doc}` } }],
maxTokens: 500,
},
}, CreateMessageResultSchema);
```
```python
# fastmcp
response = await ctx.sample("Summarize this document", context=doc)
```
**Requires client support** — check `clientCapabilities.sampling` first. Model preference hints are substring-matched (`"claude-3-5"` matches any Claude 3.5 variant).
---
## Roots — query workspace boundaries
Instead of hardcoding a root directory, ask the host which directories the user approved.
```typescript
const caps = server.getClientCapabilities();
if (caps?.roots) {
const { roots } = await server.server.listRoots();
// roots: [{ uri: "file:///home/user/project", name: "My Project" }]
}
```
```python
roots = await ctx.list_roots()
```
Particularly relevant for MCPB local servers — see `build-mcpb/references/local-security.md`.
---
## Logging — structured, level-aware
Better than stderr for remote servers. Client can filter by level.
```typescript
// In a tool handler
await extra.sendNotification({
method: "notifications/message",
params: { level: "info", logger: "my-tool", data: { msg: "Processing", count: 42 } },
});
```
```python
await ctx.info("Processing", count=42) # also: ctx.debug, ctx.warning, ctx.error
```
Levels follow syslog: `debug`, `info`, `notice`, `warning`, `error`, `critical`, `alert`, `emergency`. Client sets minimum via `logging/setLevel`.
---
## Progress — for long-running tools
Client sends a `progressToken` in request `_meta`. Server emits progress notifications against it.
```typescript
async (args, extra) => {
const token = extra._meta?.progressToken;
for (let i = 0; i < 100; i++) {
if (token !== undefined) {
await extra.sendNotification({
method: "notifications/progress",
params: { progressToken: token, progress: i, total: 100, message: `Step ${i}` },
});
}
await doStep(i);
}
return { content: [{ type: "text", text: "Done" }] };
}
```
```python
async def long_task(ctx: Context) -> str:
for i in range(100):
await ctx.report_progress(progress=i, total=100, message=f"Step {i}")
await do_step(i)
return "Done"
```
---
## Cancellation — honor the abort signal
Long tools should check the SDK-provided `AbortSignal`:
```typescript
async (args, extra) => {
for (const item of items) {
if (extra.signal.aborted) throw new Error("Cancelled");
await process(item);
}
}
```
fastmcp handles this via asyncio cancellation — no explicit check needed if your handler is properly async.
---
## Completion — autocomplete for prompt args
If you've registered prompts or resource templates with arguments, you can offer autocomplete:
```typescript
server.registerPrompt("query", {
argsSchema: {
table: completable(z.string(), async (partial) => tables.filter(t => t.startsWith(partial))),
},
}, ...);
```
Low priority unless your prompts have many valid values.
---
## Which capabilities need client support?
| Feature | Server declares | Client must support | Fallback if not |
|---|---|---|---|
| `instructions` | implicit | — | — (always works) |
| Logging | `logging: {}` | — | stderr |
| Progress | — | sends `progressToken` | silently skip |
| Sampling | — | `sampling: {}` | bring your own LLM |
| Elicitation | — | `elicitation: {}` | return text, ask Claude to relay |
| Roots | — | `roots: {}` | config env var |
Check client caps via `server.getClientCapabilities()` (TS) or `ctx.session.client_params.capabilities` (fastmcp) before using the bottom three.

179
plugins/mcp-server-dev/skills/build-mcp-server/references/tool-design.md Normal file
View File

@@ -0,0 +1,179 @@
# Tool Design — Writing Tools Claude Uses Correctly
Tool schemas and descriptions are prompt engineering. They land directly in Claude's context and determine whether Claude picks the right tool with the right arguments. Most MCP integration bugs trace back to vague descriptions or loose schemas.
---
## Descriptions
**The description is the contract.** It's the only thing Claude reads before deciding whether to call the tool. Write it like a one-line manpage entry plus disambiguating hints.
### Good
```
search_issues — Search issues by keyword across title and body. Returns up
to `limit` results ranked by recency. Does NOT search comments or PRs —
use search_comments / search_prs for those.
```
- Says what it does
- Says what it returns
- Says what it *doesn't* do (prevents wrong-tool calls)
### Bad
```
search_issues — Searches for issues.
```
Claude will call this for anything vaguely search-shaped, including things it can't do.
### Disambiguate siblings
When two tools are similar, each description should say when to use the *other* one:
```
get_user — Fetch a user by ID. If you only have an email, use find_user_by_email.
find_user_by_email — Look up a user by email address. Returns null if not found.
```
---
## Parameter schemas
**Tight schemas prevent bad calls.** Every constraint you express in the schema is one fewer thing that can go wrong at runtime.
| Instead of | Use |
|---|---|
| `z.string()` for an ID | `z.string().regex(/^usr_[a-z0-9]{12}$/)` |
| `z.number()` for a limit | `z.number().int().min(1).max(100).default(20)` |
| `z.string()` for a choice | `z.enum(["open", "closed", "all"])` |
| optional with no hint | `.optional().describe("Defaults to the caller's workspace")` |
**Describe every parameter.** The `.describe()` text shows up in the schema Claude sees. Omitting it is leaving money on the table.
```typescript
{
query: z.string().describe("Keywords to search for. Supports quoted phrases."),
status: z.enum(["open", "closed", "all"]).default("open")
.describe("Filter by status. Use 'all' to include closed items."),
limit: z.number().int().min(1).max(50).default(10)
.describe("Max results. Hard cap at 50."),
}
```
---
## Return shapes
Claude reads whatever you put in `content[].text`. Make it parseable.
**Do:**
- Return JSON for structured data (`JSON.stringify(result, null, 2)`)
- Return short confirmations for mutations (`"Created issue #123"`)
- Include IDs Claude will need for follow-up calls
- Truncate huge payloads and say so (`"Showing 10 of 847 results. Refine the query to narrow down."`)
**Don't:**
- Return raw HTML
- Return megabytes of unfiltered API response
- Return bare success with no identifier (`"ok"` after a create — Claude can't reference what it made)
---
## How many tools?
| Tool count | Guidance |
|---|---|
| 115 | One tool per action. Sweet spot. |
| 1530 | Still workable. Audit for near-duplicates that could merge. |
| 30+ | Switch to search + execute. Optionally promote the top 35 to dedicated tools. |
The ceiling isn't a hard protocol limit — it's context-window economics. Every tool schema is tokens Claude spends *every turn*. Thirty tools with rich schemas can eat 35k tokens before the conversation even starts.
---
## Errors
Return MCP tool errors, not exceptions that crash the transport. Include enough detail for Claude to recover or retry differently.
```typescript
if (!item) {
return {
isError: true,
content: [{
type: "text",
text: `Item ${id} not found. Use search_items to find valid IDs.`,
}],
};
}
```
The hint ("use search_items…") turns a dead end into a next step.
---
## Tool annotations
Hints the host uses for UX — red confirm button for destructive, auto-approve for readonly. All default to unset (host assumes worst case).
| Annotation | Meaning | Host behavior |
|---|---|---|
| `readOnlyHint: true` | No side effects | May auto-approve |
| `destructiveHint: true` | Deletes/overwrites | Confirmation dialog |
| `idempotentHint: true` | Safe to retry | May retry on transient error |
| `openWorldHint: true` | Talks to external world (web, APIs) | May show network indicator |
```typescript
server.registerTool("delete_file", {
description: "Delete a file",
inputSchema: { path: z.string() },
annotations: { destructiveHint: true, idempotentHint: false },
}, handler);
```
```python
@mcp.tool(annotations={"destructiveHint": True, "idempotentHint": False})
def delete_file(path: str) -> str:
...
```
Pair with the read/write split advice in `build-mcpb/references/local-security.md` — mark every read tool `readOnlyHint: true`.
---
## Structured output
`JSON.stringify(result)` in a text block works, but the spec has first-class typed output: `outputSchema` + `structuredContent`. Clients can validate.
```typescript
server.registerTool("get_weather", {
description: "Get current weather",
inputSchema: { city: z.string() },
outputSchema: { temp: z.number(), conditions: z.string() },
}, async ({ city }) => {
const data = await fetchWeather(city);
return {
content: [{ type: "text", text: JSON.stringify(data) }], // backward compat
structuredContent: data, // typed output
};
});
```
Always include the text fallback — not all hosts read `structuredContent` yet.
---
## Content types beyond text
Tools can return more than strings:
| Type | Shape | Use for |
|---|---|---|
| `text` | `{ type: "text", text: string }` | Default |
| `image` | `{ type: "image", data: base64, mimeType }` | Screenshots, charts, diagrams |
| `audio` | `{ type: "audio", data: base64, mimeType }` | TTS output, recordings |
| `resource_link` | `{ type: "resource_link", uri, name?, description? }` | Pointer — client fetches later |
| `resource` (embedded) | `{ type: "resource", resource: { uri, text\|blob, mimeType } }` | Inline the full content |
**`resource_link` vs embedded:** link for large payloads or when the client might not need it (let them decide). Embed when it's small and always needed.

25
plugins/mcp-server-dev/skills/build-mcp-server/references/versions.md Normal file
View File

@@ -0,0 +1,25 @@
# Version pins
Every version-sensitive claim in this skill, in one place. When updating the skill, check these first.
| Claim | Where stated | Last verified |
|---|---|---|
| `@modelcontextprotocol/ext-apps@1.2.2` CDN pin | `build-mcp-app/SKILL.md`, `build-mcp-app/references/widget-templates.md` (4×) | 2026-03 |
| Claude Code ≥2.1.76 for elicitation | `elicitation.md:15`, `build-mcp-server/SKILL.md:43,76` | 2026-03 |
| MCP spec 2025-11-25 CIMD/DCR status | `auth.md:20,24,41` | 2026-03 |
| MCPB manifest schema v0.4 | `build-mcpb/references/manifest-schema.md` | 2026-03 |
| CF `agents` SDK / `McpAgent` API | `deploy-cloudflare-workers.md` | 2026-03 |
| CF template path `cloudflare/ai/demos/remote-mcp-authless` | `deploy-cloudflare-workers.md` | 2026-03 |
## How to verify
```bash
# ext-apps latest
npm view @modelcontextprotocol/ext-apps version
# CF template still exists
gh api repos/cloudflare/ai/contents/demos/remote-mcp-authless/src/index.ts --jq '.sha'
# MCPB schema
curl -sI https://raw.githubusercontent.com/anthropics/mcpb/main/schemas/mcpb-manifest-v0.4.schema.json | head -1
```