WF LogoMCP Kit

Technical Blog

Production insights and guides for building MCP servers

Dec 1520 min read
Featured

MCP in Production: A Field Guide for Today—and a Bridge for Tomorrow's Tools

We shipped a production-grade Model Context Protocol (MCP) server on FastAPI + Supabase that speaks Streamable HTTP and SSE, does OAuth2 with PKCE, and works with common clients like Inspector, Claude Desktop, and other MCP hosts.

Read article
Dec 2015 min read

We Put MCP in Production: 12 Failure Modes and the Fixes

We built a production-grade MCP server on FastAPI + Supabase that speaks Streamable HTTP and SSE, handles OAuth2/PKCE, and plays well with Claude Desktop/Cursor. Below is exactly what broke—and the minimal, copy-pastable fixes.

Read article
Dec 2212 min read

MCP Starter Kit: Your 10-Minute Path from Zero to Production-Ready Server

Three battle-tested quickstart paths to get your MCP server running with FastAPI, Supabase, OAuth2/PKCE, and both transport modes. Pick your experience level and ship in minutes, not days.

Read article
Scroll to browse all posts

Introducing the MCP Starter Kit

Agents are only as useful as the tools you let them touch. Model Context Protocol (MCP) is the bridge—but building a production-ready MCP server is harder than it should be. Our mission with MCP Starter Kit is simple: make secure, reliable, and client-compatible MCP servers boring to stand up, so you can spend your time on the tools and workflows that matter.

Why we started

When we first wired MCP into real clients, we ran into the same snags most teams hit: undocumented client assumptions, OAuth2/PKCE flows that must survive parallel connections, token refresh juggling, and brittle timeouts/transport quirks across SSE and Streamable HTTP. Those papercuts add up and stall launches. We built this kit to codify the fixes and give you a stable starting line.

What this project gives you (out of the box)

  • Auth that actually works in the wild: full OAuth2 with PKCE, JWT management with refresh, email verification, and Supabase Row Level Security—all wired for real deployments.
  • Both MCP transports done right (SSE and Streamable HTTP), with proper timeout handling and connection pooling so clients don't wedge.
  • Production rails: DB migrations, Docker, CI, error handling, and sane middleware defaults—so you can deploy without spelunking.

Under the hood, we expose well-known endpoints for OAuth discovery (per RFC 8414) and MCP metadata that Claude.ai and other clients actually probe in practice, including SSE-specific discovery paths.

Our mission (in one sentence)

Make MCP servers a commodity—secure by default, transport-correct, and client-compatible—so you can focus on shipping useful tools (CRUD, search, jobs, or your domain logic) instead of wrestling auth, transports, and glue code.

Who this is for

  • Teams integrating with Claude Desktop/claude.ai or Inspector and tired of breaking on HTTPS/OAuth edge cases and parallel connects.
  • Builders who want a "drop-in router" to stand up public vs. private MCP instances in a few lines of FastAPI, with persistence and context isolation.

What we believe

  1. Interoperability beats bespoke glue. MCP lowers the cost of connecting agents to your stack; we make the server part dependable.
  2. Production realities matter. Timeouts, token refresh, parallel connections, HTTPS tunnels—these are not afterthoughts; they're table stakes we bake in.
  3. Open source first. You should be able to read, tweak, and ship the exact code your agents will depend on.

Get started in minutes

Clone, configure .env, run migrations, and boot the server; the README walks the flow end-to-end, including local HTTPS via Tailscale/Cloudflare and claude.ai connector setup.

Get the Starter KitView on GitHubJoin Discord