Documentation
¶
Overview ¶
Package mcpkit is the top-level convenience entry point for building MCP servers with mcp-kit.
Most consumers only need the few public symbols here:
- mcpkit.New — construct an MCP server with the kit's middleware composed
- mcpkit.Config — the construction parameters
- mcpkit.Server — the resulting server with Handler()
The full public API and design rationale live in DESIGN.md at the repo root.
Quickstart ¶
// sdkHandler is the consumer-owned official SDK handler. Register tools on
// that SDK server, and enforce domain authz/audit inside those tool handlers.
resourceURL := "https://app.example.com/mcp"
resourceMetadataURL, err := oauth.ProtectedResourceMetadataURLFor(resourceURL)
if err != nil { return err }
mcpServer, err := mcpkit.New(mcpkit.Config{
Handler: sdkHandler,
Bearer: mcpkit.BearerConfig{
Introspector: oauthProv.OAuth2Provider(),
SessionFactory: oauth.NewEmptySession,
ResourceMetadataURL: resourceMetadataURL,
RequiredScopes: []string{"mcp.read"},
ExpectedAudience: resourceURL,
},
AllowedOrigins: []string{"https://app.example.com"},
AllowLoopback: isDev,
AuditEmitter: myAuditEmitter,
})
if err != nil { return err }
mux.Handle("/mcp", mcpServer.Handler())
Status ¶
v0.4.0 wraps a consumer-owned SDK HTTP handler with the kit's JSON-RPC envelope, bearer, and Origin middleware. Domain tools, resources, and prompts remain owned by the consumer's SDK server.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrNotImplemented = errors.New("mcpkit: not implemented in v0.1.0")
ErrNotImplemented is returned by symbols that are stubbed in v0.1.0. They will be implemented in v0.2.0 (OAuth core extracted from skills-mcp).
Functions ¶
This section is empty.
Types ¶
type BearerConfig ¶ added in v0.2.0
type BearerConfig = oauth.BearerConfig
BearerConfig is an alias for oauth.BearerConfig.
type Config ¶
type Config struct {
// Implementation identifies the MCP server (Name + Version).
// Required when v0.2.0 lands.
Implementation any // mcp.Implementation in v0.2.0; any to keep v0.1.0 dep-free
// Instructions are the server-level guidance shown to clients on initialize.
Instructions string
// Handler is the SDK MCP HTTP handler before kit middleware.
Handler http.Handler
// Bearer authenticates bearer tokens before the SDK handler.
Bearer BearerConfig
// Validator is deprecated. Use Bearer.TokenValidator.
Validator oauth.TokenValidator
// AllowedOrigins is the Origin header allowlist for browser clients.
AllowedOrigins []string
// AllowLoopback permits Origin: http://127.0.0.1[:port], http://localhost[:port],
// http://[::1][:port]. Default false. Set true in dev.
AllowLoopback bool
// AuditEmitter receives tool-call audit events. Required for production.
// For tests, use audit.Discard().
AuditEmitter audit.Emitter
}
Config configures a new MCP server.
In v0.1.0 most fields are accepted but unused — New returns ErrNotImplemented until the OAuth core lands. Use mcpmw.Envelope and mcpmw.Origin standalone in the meantime.