// MCP server building, advanced patterns, and security hardening. Use when building MCP servers, implementing tool handlers, adding authentication, creating interactive UIs, hardening MCP security, or debugging MCP integrations.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | mcp-patterns |
| license | MIT |
| compatibility | Claude Code 2.1.91+. |
| author | OrchestKit |
| description | MCP server building, advanced patterns, and security hardening. Use when building MCP servers, implementing tool handlers, adding authentication, creating interactive UIs, hardening MCP security, or debugging MCP integrations. |
| version | 3.1.0 |
| tags | ["mcp","server","tools","resources","security","prompt-injection","oauth","elicitation","sampling","mcp-apps","fastmcp"] |
| user-invocable | false |
| disable-model-invocation | true |
| context | fork |
| complexity | high |
| persuasion-type | reference |
| effort | high |
| targets | [{"library":"@modelcontextprotocol/sdk","version":">=1.29.0"},{"library":"mcp","version":">=1.27.0"}] |
| metadata | {"category":"mcp-enhancement","spec-version":"2025-11-25"} |
| allowed-tools | ["Read","Glob","Grep","WebFetch","WebSearch"] |
| paths | [".mcp.json","**/*.mcp.json"] |
Patterns for building, composing, and securing Model Context Protocol servers. Based on the 2025-11-25 specification ā the latest stable release maintained by the Agentic AI Foundation (Linux Foundation), co-founded by Anthropic, Block, and OpenAI.
Scaffolding a new server? Use Anthropic's
mcp-builderskill (claude install anthropics/skills) for project setup and evaluation creation. This skill focuses on patterns, security, and advanced features after initial setup.Deploying to Cloudflare? See the
building-mcp-server-on-cloudflareskill for Workers-specific deployment patterns.
What are you building?
ā
āāā New MCP server
ā āāā Setup & primitives āāāāāāāŗ rules/server-setup.md
ā āāā Transport selection āāāāāāŗ rules/server-transport.md
ā āāā Scaffolding āāāāāāāāāāāāāāŗ mcp-builder skill (anthropics/skills)
ā
āāā Authentication & authorization
ā āāā OAuth 2.1 + OIDC āāāāāāāāŗ rules/auth-oauth21.md
ā
āāā Advanced server features
ā āāā Tool composition āāāāāāāāāŗ rules/advanced-composition.md
ā āāā Resource caching āāāāāāāāāŗ rules/advanced-resources.md
ā āāā Elicitation (user input) āŗ rules/elicitation.md
ā āāā Sampling (agent loops) āāāŗ rules/sampling-tools.md
ā āāā Interactive UI āāāāāāāāāāāŗ rules/apps-ui.md
ā
āāā Client-side consumption
ā āāā Connecting to servers āāāāŗ rules/client-patterns.md
ā
āāā Security hardening
ā āāā Prompt injection defense āŗ rules/security-injection.md
ā āāā Zero-trust & verification āŗ rules/security-hardening.md
ā
āāā Testing & debugging
ā āāā Inspector + unit tests āāāŗ rules/testing-debugging.md
ā
āāā Discovery & ecosystem
ā āāā Registries & catalogs āāāŗ rules/registry-discovery.md
ā
āāā Browser-native tools
āāā WebMCP (W3C) āāāāāāāāāāāāŗ rules/webmcp-browser.md
| Category | Rule | Impact | Key Pattern |
|---|---|---|---|
| Server | server-setup.md | HIGH | FastMCP lifespan, Tool/Resource/Prompt primitives |
| Server | server-transport.md | HIGH | stdio for CLI, Streamable HTTP for production |
| Auth | auth-oauth21.md | HIGH | PKCE, RFC 8707 resource indicators, token validation |
| Advanced | advanced-composition.md | MEDIUM | Pipeline, parallel, and branching tool composition |
| Advanced | advanced-resources.md | MEDIUM | Resource caching with TTL, LRU eviction, lifecycle |
| Advanced | elicitation.md | MEDIUM | Server-initiated structured input from users |
| Advanced | sampling-tools.md | MEDIUM | Server-side agent loops with tool calling |
| Advanced | apps-ui.md | MEDIUM | Interactive UI via MCP Apps + @mcp-ui/* SDK |
| Client | client-patterns.md | MEDIUM | TypeScript/Python MCP client connection patterns |
| Security | security-injection.md | HIGH | Description sanitization, encoding normalization |
| Security | security-hardening.md | HIGH | Zero-trust allowlist, hash verification, rug pull detection |
| Quality | testing-debugging.md | MEDIUM | MCP Inspector, unit tests, transport debugging |
| Ecosystem | registry-discovery.md | LOW | Official registry API, server metadata |
| Ecosystem | webmcp-browser.md | LOW | W3C browser-native agent tools (complementary) |
Total: 14 rules across 6 categories
| Decision | Recommendation |
|---|---|
| Transport | stdio for CLI/Desktop, Streamable HTTP for production (SSE deprecated) |
| Language | TypeScript for production (better SDK support, type safety) |
| Auth | OAuth 2.1 with PKCE (S256) + RFC 8707 resource indicators |
| Server lifecycle | Always use FastMCP lifespan for resource management |
| Error handling | Return errors as text content (Claude can interpret and retry) |
| Tool composition | Pipeline for sequential, asyncio.gather for parallel |
| Resource caching | TTL + LRU eviction with memory cap |
| Tool trust model | Zero-trust: explicit allowlist + hash verification |
| User input | Elicitation for runtime input; never request PII via elicitation |
| Interactive UI | MCP Apps with @mcp-ui/* SDK; sandbox all iframes |
| Token handling | Never pass through client tokens to downstream services |
| Large results | Use _meta["anthropic/maxResultSizeChars"] annotation (up to 500K) for results that lose meaning when truncated (CC 2.1.91) |
| Feature | Spec Version | Status |
|---|---|---|
| Tools, Resources, Prompts | 2024-11-05 | Stable |
| Streamable HTTP transport | 2025-03-26 | Stable (replaces SSE) |
| OAuth 2.1 + Elicitation (form) | 2025-06-18 | Stable |
| Sampling with tool calling | 2025-11-25 | Stable |
| Elicitation URL mode | 2025-11-25 | Stable |
| MCP Apps (UI extension) | 2026-01-26 | Extension (ext-apps) |
| WebMCP (browser-native) | 2026-02-14 | W3C Community Draft |
| Package | What it is | When to use |
|---|---|---|
mcp (PyPI) >=1.27 | Official Python SDK ā includes the FastMCP helper, transport adapters, Inspector | New Python servers. This is the canonical package. |
@modelcontextprotocol/sdk (npm) >=1.29 | Official TypeScript SDK | New TS servers |
fastmcp (PyPI) | Standalone fork by jlowin ā predates mcp; API-compatible but diverges on lifespan and middleware | Existing projects pinned to it. New projects should prefer mcp. |
The
fastmcpfork and themcp.server.fastmcpmodule are not the same package. Imports andpyproject.tomlentries must agree or stacktraces become cryptic.
Pass --mcp-debug to Claude Code when troubleshooting server wiring ā it surfaces the raw JSON-RPC frames, handshake failures, and tool-registration events that the default logger swallows:
claude --mcp-debug "query the local test server"
# or per-session:
export CLAUDE_MCP_DEBUG=1
Use alongside the MCP Inspector (npx @modelcontextprotocol/inspector <cmd>) ā Inspector gives you the client-side frame view, --mcp-debug gives you what Claude actually saw.
CC 2.1.128 ā reconnect tool summarization: when a server reconnects mid-session, re-announced tools are summarized as
mcp__<server>__* (N tools re-registered)instead of being enumerated line-by-line. Use the initial connect event as the source of truth for tool inventory; treat reconnect summaries as deltas only. Seereferences/mcp-audit-runbook.mdfor grep recipes that work across both formats.
CC 2.1.133 ā MCP OAuth honors HTTP(S)_PROXY / NO_PROXY / mTLS: the full MCP OAuth flow (discovery, dynamic client registration, token exchange, token refresh) now respects standard proxy and client-certificate env vars end-to-end. Enterprise deployments behind corporate proxies no longer need OAuth-specific workarounds ā the same
HTTPS_PROXY/NO_PROXY/NODE_EXTRA_CA_CERTSconfig that already routes MCP transport now also routes auth. Seeconfigure/references/cc-version-settings.md(CC 2.1.133 section) for the env-var example. The companion deployment skillbuilding-mcp-server-on-cloudflarecan drop any prior "proxy-aware OAuth requires manual handling" caveat at this floor.
from mcp.server.fastmcp import FastMCP
mcp = FastMCP("my-server")
@mcp.tool()
async def search(query: str) -> str:
"""Search documents. Returns matching results."""
results = await db.search(query)
return "\n".join(r.title for r in results[:10])
_meta annotation ā use _meta["anthropic/maxResultSizeChars"] to declare intentionally large results (DB schemas, API specs) so clients/hooks don't truncate themasyncio.to_thread())| Resource | What For |
|---|---|
mcp-builder skill (anthropics/skills) | Scaffold new MCP servers + create evals |
building-mcp-server-on-cloudflare skill | Deploy MCP servers on Cloudflare Workers |
@mcp-ui/* packages (npm) | Implement MCP Apps UI standard |
| MCP Registry | Discover servers: https://registry.modelcontextprotocol.io/ |
| MCP Inspector | Debug and test servers interactively |
ork:llm-integration ā LLM function calling patternsork:security-patterns ā General input sanitization and layered securityork:api-design ā REST/GraphQL API design patterns