DEV Community

Cover image for Production-Ready MCP Servers in 60 Seconds (Auth, Rate Limits, Audit Logs Included)
David McHale
David McHale

Posted on

Production-Ready MCP Servers in 60 Seconds (Auth, Rate Limits, Audit Logs Included)

#ai #llm #typescript #node

A TypeScript scaffold for production MCP servers that ships with pluggable auth, per-tool rate limiting, structured audit logs, and OpenTelemetry — so you can build the actual tools and not reinvent the boring parts.

Every MCP server tutorial I've read shows you how to register a single tool that echoes a string. Then they wave at "production concerns" and end the post.

Production concerns are the post.

@hailbytes/mcp-server-template is the opinionated TypeScript scaffold I use when I need to ship an MCP server that an enterprise will actually run. It comes with:

  • Auth — pluggable middleware for API keys, OAuth, and JWT
  • Rate limiting — per-client and per-tool, so one runaway agent can't take the whole server down
  • Audit logging — structured logs for every tool call and session event
  • OpenTelemetry — traces and metrics, so you can actually debug what your model did
  • Multi-transport — SSE, stdio, and HTTP, picked at scaffold time

Scaffold a new server 

npx @hailbytes/create-mcp-server my-server --transport=sse
Enter fullscreen mode Exit fullscreen mode

You get a directory you can cd into and npm run dev immediately.

Or embed it programmatically 

import { createMcpServer, defineTools } from "@hailbytes/mcp-server-template";

const tools = defineTools([
  {
    name: "echo",
    description: "Echoes the input back.",
    inputSchema: { type: "object", properties: { message: { type: "string" } } },
    handler: async ({ message }) => ({ content: [{ type: "text", text: message }] }),
  },
]);

const server = await createMcpServer({
  name: "my-server",
  version: "1.0.0",
  transport: "sse",
  tools,
  auth: { type: "api-key", header: "X-Api-Key" },
  rateLimit: { requestsPerMinute: 60 },
  audit: { destination: "stdout" },
});

await server.start();
Enter fullscreen mode Exit fullscreen mode

That's the entire "production MCP server" diff vs. the tutorial echo example.

Pair it with @hailbytes/mcp-security-scanner and you'll have a server that comes up secure by default and stays that way as you add tools.

npx @hailbytes/create-mcp-server my-server
Enter fullscreen mode Exit fullscreen mode

Source: github.com/hailbytes/mcp-server-template — MIT licensed.

Top comments (1)

Collapse
 
xulingfeng profile image
xulingfeng

Solid read. The comparison between Production-Ready MCP Servers in 60 Seconds (Auth, Rate Limit approaches is useful — most articles only cover one side. Having the trade-offs side by side helps a lot.