🛡️ Built from 9,640+ MCP server audits

Ship a production-grade MCP server in 3 weekends 30 minutes.

A drop-in Python scaffold with auth, rate limiting, structured logs, sandbox-safe reference tools (DB / HTTP / FS), Docker + Fly.io deploy, and 43 regression tests proving each guard works.

Get the boilerplate → $79 one-time · lifetime updates · 7-day refund

Why this exists — audit findings across 9,640+ public MCP servers

DB tools that allow arbitrary SQL (DROP / UPDATE / DELETE)~60%

HTTP tools that are SSRF-able (no allow-list, no private-IP guard)~40%

Filesystem tools that allow path traversal (../../etc/passwd)~50%

Servers with no rate limit (one bad client DoSes everyone)~85%

Servers leaking auth tokens / PII in plaintext logs~30%

Source: protodex.io — an index of public MCP servers with security scores. This boilerplate fixes all five out of the box, with regression tests proving each guard works.

What's inside

A single Python package. Read it in one sitting. No framework lock-in, no magic, no telemetry phoning home.

mcp-server-boilerplate/
├── src/
│   ├── server.py          # FastMCP entry — wire everything together
│   ├── auth.py            # API key + JWT auth, constant-time compare
│   ├── rate_limit.py      # Token-bucket limiter (in-memory or Redis)
│   ├── logging.py         # Structured JSON logs via structlog
│   ├── errors.py          # Self-describing tool error envelopes
│   └── tools/
│       ├── database.py    # Read-only Postgres tool (allow-list + READ ONLY tx)
│       ├── http_api.py    # External API wrapper (allow-list + SSRF guards + cache)
│       └── filesystem.py  # Sandboxed read/write (path-traversal proof)
├── tests/                 # 43 passing tests — auth, rate-limit, tool validation
├── deploy/
│   ├── Dockerfile         # Multi-stage, slim, non-root
│   ├── fly.toml           # Fly.io deploy config (free-tier compatible)
│   └── deploy.sh          # One-command deploy
├── examples/
│   ├── client.py          # Sample MCP client to test against the server
│   └── claude_config.json # Claude Desktop config snippet
└── docs/
    ├── INSTALL.md         # Zero-to-running in 10 minutes
    ├── DEPLOY.md          # Fly.io + Docker, hardening checklist
    └── ARCHITECTURE.md    # Threat model, design choices, extension points

What's wired up — by default

API key + JWT auth src/auth.py

Constant-time key comparison via hmac.compare_digest. Keys from env var or JSON file. Optional JWT with role claim. Role-gating decorator for admin-only tools.

Token-bucket rate limiter src/rate_limit.py

Per-key + server-wide buckets. In-memory by default; flip to Redis with an env var (atomic Lua script — safe across replicas).

Read-only Postgres tool src/tools/database.py

Regex allow-list (SELECT only) + denied keyword set (INSERT/UPDATE/DELETE/DROP/CREATE/ALTER/TRUNCATE/GRANT/INTO/...). Every query wrapped in READ ONLY transaction. Statement timeout + row cap.

SSRF-safe HTTP tool src/tools/http_api.py

Explicit domain allow-list (with subdomain support). Private-IP / loopback / link-local blocked. Auth headers redacted in logs. 5-minute response cache. 3-retry exponential backoff.

Sandboxed filesystem tool src/tools/filesystem.py

Path-traversal proof via Path.resolve() + relative_to(). Extension allow-list. Binary file detection. Atomic writes (tempfile + rename, no partial files).

Structured JSON logs src/logging.py

structlog with trace IDs per request. Every gate decision logged. Auth headers + secrets redacted at the log layer (not at the call site — so you can't accidentally leak).

Deploy: Docker + Fly.io deploy/

Multi-stage Dockerfile (slim runtime, non-root user). fly.toml tuned for the free tier (256MB, auto-stop). deploy.sh deploys + polls /health, fails loudly if the deploy didn't take.

43 regression tests tests/

Every guard has a test that proves it works — and a sibling test that proves the guard correctly rejects the bypass attempt. Path traversal, SSRF, SQL injection, rate-limit burst/refill, the lot.

Install (60 seconds)

cd mcp-server-boilerplate
python3.11 -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
pytest                         # 43 passed in 1.7s
MCP_API_KEYS="dev:alice:admin" python -m src.server

Deploy (one command)

cd deploy
export MCP_API_KEYS="prod:alice:admin"
./deploy.sh first-deploy       # Fly.io free tier — $0/month

Subsequent deploys: ./deploy.sh. Health-check polled automatically; deploy fails if /health doesn't return 200.

What this is — and what it isn't

✓ Is

A starting point for engineers who need an MCP server that runs longer than a weekend without falling over. Small enough to read in one sitting. Patterns extracted from the auditing 9,640+ public MCP servers.

✗ Isn't

A framework. A SaaS. A multi-tenant control plane. A replacement for actual security review of your specific deployment. If your threat model is nation-state, hire a real auditor.

FAQ

Who is this for?: Engineers building an MCP server (or extending an existing one) who need auth, rate-limiting, sandboxing, and a deploy path before exposing it beyond their own laptop.
Why $79?: One-time. Reading the source and the docs end-to-end will save you 1-3 weekends of mistakes you'd otherwise discover in production.
Do I get updates?: Yes — every buyer gets a Gumroad library link. When new patterns roll in (new tools, new deploy targets, new audit findings), you get the new zip.
Is it Python only?: Today, yes — the MCP SDK is Python (Anthropic's official). TypeScript port is on the roadmap; not promising a date.
Can I use it commercially?: Yes — single-developer license. Use on every machine YOU work on. Fork freely. Don't redistribute the boilerplate itself. Team license (up to 10 devs) is a separate listing.
Refund?: 7-day, no questions asked. Reply to your Gumroad receipt.

Skip the foot-guns. Ship the server.

$79 one-time. Lifetime updates. Email support to buyers.

Get the boilerplate →