TypeScript Model Context Protocol (MCP) server boilerplate providing IP lookup tools/resources. Includes CLI support and extensible structure for connecting AI systems (LLMs) to external data sources like ip-api.com. Ideal template for creating new MCP integrations via Node.js.
60 stars
TypeScript
Updated Oct 23, 2025
ai
ai-integration
anthropic
boilerplate
claude
llm
mcp
mcp-server
model-context-protocol
resources
server
tooling
tools
typescript
Documentation
Boilerplate MCP Server
A production-ready foundation for developing custom Model Context Protocol (MCP) servers in TypeScript. Provides a complete layered architecture pattern, working example implementation, and comprehensive developer infrastructure to connect AI assistants with external APIs and data sources.
Latest Update (Feb 2026): Updated to MCP SDK 1.26.0 and Zod 4.3.6 with continued modern
registerToolpatterns and streamable HTTP improvements. See docs/MODERNIZATION.md for details.
Features
- Security First: DNS rebinding protection, localhost-only binding, secure error handling
- Dual Transport Support: STDIO and Streamable HTTP transports with automatic fallback
- Layered Architecture: Clean separation between CLI, tools, resources, prompts, controllers, services, and utilities
- Type Safety: Full TypeScript implementation with Zod v4.3.6 schema validation
- All MCP Primitives: Tools, resources, and prompts (with examples)
- ResourceLink Pattern: Token-efficient resource references for large responses
- TOON Output Format: Token-Oriented Object Notation for 30-60% fewer tokens than JSON
- JMESPath Filtering: Extract only needed fields from responses to reduce token costs
- Raw Response Logging: Automatic logging of large API responses to
/tmp/mcp//with truncation guidance - Modern SDK: Uses MCP SDK v1.26.0 with
registerToolAPI pattern (ready for v2 migration) - Complete IP Address Example: Tools, resources, prompts, and CLI commands for IP geolocation
- Comprehensive Testing: Unit and integration tests with coverage reporting (47 tests passing)
- Production Tooling: ESLint, Prettier, semantic-release, and MCP Inspector integration
- Error Handling: Structured error handling with
isErrorfield and contextual logging - Security Documentation: Complete SECURITY.md with authentication implementation guides
What is MCP?
Model Context Protocol (MCP) is an open standard for securely connecting AI systems to external tools and data sources. This boilerplate implements the MCP specification with a clean, layered architecture that can be extended to build custom MCP servers for any API or data source.
Prerequisites
- Node.js (>=20.x): Download
- Git: For version control
Quick Start
bash
# Clone the repository
git clone https://github.com/aashari/boilerplate-mcp-server.git
cd boilerplate-mcp-server
# Install dependencies
npm install
# Build the project
npm run build
# Run in different modes:
# 1. CLI Mode - Execute commands directly
npm run cli -- get-ip-details 8.8.8.8
npm run cli -- get-ip-details # Get your current IP
npm run cli -- get-ip-details 1.1.1.1 -e # With extended data
npm run cli -- get-ip-details 8.8.8.8 --jq "{ip: query, country: country}" # JMESPath filter
npm run cli -- get-ip-details 8.8.8.8 -o json # JSON output
# 2. STDIO Transport - For AI assistant integration (Claude Desktop, Cursor)
npm run mcp:stdio
# 3. HTTP Transport - For web-based integrations
npm run mcp:http
# 4. Development with MCP Inspector
npm run mcp:inspect # Auto-opens browser with debugging UITransport Modes
STDIO Transport
- JSON-RPC communication via stdin/stdout
- Used by Claude Desktop, Cursor AI, and other local AI assistants
- Run with:
TRANSPORT_MODE=stdio node dist/index.js
Streamable HTTP Transport
- HTTP-based transport with Server-Sent Events (SSE)
- Supports multiple concurrent connections and web integrations
- Runs on port 3000 by default (configurable via
PORTenv var) - MCP Endpoint:
http://localhost:3000/mcp - Health Check:
http://localhost:3000/→ Returns server version - Run with:
TRANSPORT_MODE=http node dist/index.js
Security 🔒
This boilerplate implements production-ready security measures:
✅ Built-In Protection
1. DNS Rebinding Protection: Origin header validation prevents malicious websites from accessing your localhost server
2. Localhost-Only Binding: Server explicitly binds to 127.0.0.1 (not accessible from network)
3. Secure Error Handling: Error responses include isError: true flag and don't leak sensitive information
🔐 Security Best Practices
- Local Development: No authentication required (localhost-only + DNS rebinding protection)
- Network Deployment: Authentication REQUIRED - see SECURITY.md for implementation guides
- Production: Use mTLS, OAuth 2.0, or bearer tokens (detailed in SECURITY.md)
📖 Complete security documentation: SECURITY.md
🔍 Security audit report: docs/AUDIT-2025-01-13.md
Output Formats
TOON Format (Default)
TOON (Token-Oriented Object Notation) is a human-readable format optimized for LLMs, reducing token usage by 30-60% compared to JSON:
code
status: success
query: 8.8.8.8
country: United States
city: Ashburn
lat: 39.03
lon: -77.5JSON Format
Standard JSON output when --output-format json is specified:
json
{
"status": "success",
"query": "8.8.8.8",
"country": "United States",
"city": "Ashburn"
}JMESPath Filtering
Use --jq to extract only needed fields, reducing token costs:
bash
# Extract specific fields
npm run cli -- get-ip-details 8.8.8.8 --jq "{ip: query, country: country}"
# Output:
# ip: 8.8.8.8
# country: United States
# Nested structure
npm run cli -- get-ip-details 8.8.8.8 --jq "{location: {city: city, coords: {lat: lat, lon: lon}}}"See JMESPath documentation for more filter examples.
Architecture Overview
Project Structure (Click to expand)
code
src/
├── cli/ # Command-line interfaces
│ ├── index.ts # CLI entry point with Commander setup
│ └── ipaddress.cli.ts # IP address CLI commands
├── controllers/ # Business logic orchestration
│ ├── ipaddress.controller.ts # IP lookup business logic
│ └── ipaddress.formatter.ts # Response formatting
├── services/ # External API interactions
│ ├── vendor.ip-api.com.service.ts # ip-api.com service
│ └── vendor.ip-api.com.types.ts # Service type definitions
├── tools/ # MCP tool definitions (AI interface)
│ ├── ipaddress.tool.ts # IP lookup tool (inline content)
│ ├── ipaddress-link.tool.ts # IP lookup with ResourceLink pattern
│ └── ipaddress.types.ts # Tool argument schemas
├── resources/ # MCP resource definitions
│ └── ipaddress.resource.ts # IP lookup resource (URI: ip://address)
├── prompts/ # MCP prompt definitions
│ └── analysis.prompt.ts # IP analysis prompt templates
├── types/ # Global type definitions
│ └── common.types.ts # Shared interfaces (ControllerResponse, etc.)
├── utils/ # Shared utilities
│ ├── logger.util.ts # Contextual logging system
│ ├── error.util.ts # MCP-specific error formatting
│ ├── error-handler.util.ts # Error handling utilities
│ ├── config.util.ts # Environment configuration
│ ├── constants.util.ts # Version and package constants
│ ├── formatter.util.ts # Markdown formatting and response truncation
│ ├── toon.util.ts # TOON format encoding
│ ├── jq.util.ts # JMESPath filtering
│ ├── response.util.ts # Raw API response logging
│ └── transport.util.ts # HTTP transport utilities
└── index.ts # Server entry point (dual transport)Layered Architecture
The boilerplate follows a clean, layered architecture with 6 distinct layers that promotes maintainability and clear separation of concerns:
1. CLI Layer (src/cli/)
- Purpose: Command-line interfaces for direct tool usage and testing
- Implementation: Commander-based argument parsing with contextual error handling
- Example:
get-ip-details [ipAddress] --include-extended-data --no-use-https - Pattern: Register commands → Parse arguments → Call controllers → Handle errors
2. Tools Layer (src/tools/)
- Purpose: MCP tool definitions that AI assistants can invoke
- Implementation: Zod schema validation with structured responses
- Example:
ip_get_detailstool with optional IP address and configuration options - Pattern: Define schema → Validate args → Call controller → Format MCP response
3. Resources Layer (src/resources/)
- Purpose: MCP resources providing contextual data accessible via URIs
- Implementation: Uses
registerResourceAPI withResourceTemplatefor parameterized URIs - Example:
ip://{ipAddress}resource template providing IP geolocation data - Pattern: Register URI template → Extract variables → Return formatted content
4. Controllers Layer (src/controllers/)
- Purpose: Business logic orchestration with comprehensive error handling
- Implementation: Options validation, fallback logic, response formatting
- Example: IP lookup with HTTPS fallback, test environment detection, API token validation
- Pattern: Validate inputs → Apply defaults → Call services → Format responses
5. Services Layer (src/services/)
- Purpose: Direct external API interactions with minimal business logic
- Implementation: HTTP transport utilities with structured error handling
- Example: ip-api.com API calls with authentication and field selection
- Pattern: Build requests → Make API calls → Validate responses → Return raw data
6. Utils Layer (src/utils/)
- Purpose: Shared functionality across all layers
- Key Components:
logger.util.ts: Contextual logging (file:method context)error.util.ts: MCP-specific error formattingerror-handler.util.ts: Error handling and context buildingtransport.util.ts: HTTP/API utilities with retry logicconfig.util.ts: Environment configuration managementconstants.util.ts: Version and package constantsformatter.util.ts: Markdown formatting and response truncationtoon.util.ts: TOON format encoding (token-efficient output)jq.util.ts: JMESPath filtering for response transformationresponse.util.ts: Raw API response logging to/tmp/mcp//
Developer Guide
Development Scripts
bash
# Build and Clean
npm run build # Build TypeScript to dist/
npm run clean # Remove dist/ and coverage/
npm run prepare # Build + ensure executable permissions (for npm publish)
# CLI Testing
npm run cli -- get-ip-details 8.8.8.8 # Test specific IP
npm run cli -- get-ip-details --include-extended-data # Test with extended data
npm run cli -- get-ip-details --no-use-https # Test with HTTP
# MCP Server Modes
npm run mcp:stdio # STDIO transport for AI assistants
npm run mcp:http # HTTP transport on port 3000
npm run mcp:inspect # HTTP + auto-open MCP Inspector
# Testing
npm test # Run all tests (Jest)
npm run test:coverage # Generate coverage report
npm run test:cli # Run CLI-specific tests
# Code Quality
npm run lint # ESLint with TypeScript rules
npm run format # Prettier formattingEnvironment Variables
Core Configuration
TRANSPORT_MODE: Transport mode (stdio|http, default:stdio)PORT: HTTP server port (default:3000)DEBUG: Enable debug logging (true|false, default:false)NODE_ENV: Node environment (development|production, default:development)
IP API Configuration
IPAPI_API_TOKEN: API token for ip-api.com extended data (optional, free tier available)
Example .env File
bash
# Core configuration
TRANSPORT_MODE=http
PORT=3000
DEBUG=true
NODE_ENV=development
# External API Keys
IPAPI_API_TOKEN=your_token_hereDebugging Tools
- MCP Inspector: Visual tool for testing your MCP tools
- Run server with
npm run mcp:inspect - Open the URL shown in terminal
- Test your tools interactively
- Debug Logging: Enable with
DEBUG=trueenvironment variable
- Raw Response Logging: Large API responses (>40,000 characters) are automatically logged
- Responses saved to
/tmp/mcp//directory - Filename format:
-.txt - Includes request details, response data, and performance metrics
- Truncated responses include guidance on accessing the full raw file
Configuration (Click to expand)
Create ~/.mcp/configs.json:
json
{
"boilerplate": {
"environments": {
"DEBUG": "true",
"TRANSPORT_MODE": "http",
"PORT": "3000"
}
}
}Building Custom Tools
Step-by-Step Tool Implementation Guide (Click to expand)
1. Define Service Layer
Create a new service in src/services/ following the vendor-specific naming pattern:
typescript
// src/services/vendor.example-api.service.ts
import { Logger } from '../utils/logger.util.js';
import { fetchApi } from '../utils/transport.util.js';
import { ExampleApiResponse, ExampleApiRequestOptions } from './vendor.example-api.types.js';
import { createApiError, McpError } from '../utils/error.util.js';
const serviceLogger = Logger.forContext('services/vendor.example-api.service.ts');
async function get(
param?: string,
options: ExampleApiRequestOptions = {}
): Promise {
const methodLogger = serviceLogger.forMethod('get');
methodLogger.debug(`Calling Example API with param: ${param}`);
try {
const url = `https://api.example.com/${param || 'default'}`;
const rawData = await fetchApi(url, {
headers: options.apiKey ? { 'Authorization': `Bearer ${options.apiKey}` } : {}
});
methodLogger.debug('Received successful response from Example API');
return rawData;
} catch (error) {
methodLogger.error('Service error fetching data', error);
if (error instanceof McpError) {
throw error;
}
throw createApiError(
'Unexpected service error while fetching data',
undefined,
error
);
}
}
export default { get };2. Create Controller
Add a controller in src/controllers/ to handle business logic with error context:
typescript
// src/controllers/example.controller.ts
import { Logger } from '../utils/logger.util.js';
import exampleService from '../services/vendor.example-api.service.js';
import { formatExample } from './example.formatter.js';
import { handleControllerError, buildErrorContext } from '../utils/error-handler.util.js';
import { ControllerResponse } from '../types/common.types.js';
import { config } from '../utils/config.util.js';
const logger = Logger.forContext('controllers/example.controller.ts');
export interface GetDataOptions {
param?: string;
includeMetadata?: boolean;
}
async function getData(
options: GetDataOptions = {}
): Promise {
const methodLogger = logger.forMethod('getData');
methodLogger.debug(`Getting data for param: ${options.param || 'default'}`, options);
try {
// Apply business logic and defaults
const apiKey = config.get('EXAMPLE_API_TOKEN');
// Call service layer
const data = await exampleService.get(options.param, {
apiKey,
includeMetadata: options.includeMetadata ?? false
});
// Format response
const formattedContent = formatExample(data);
return { content: formattedContent };
} catch (error) {
throw handleControllerError(
error,
buildErrorContext(
'ExampleData',
'getData',
'controllers/example.controller.ts@getData',
options.param || 'default',
{ options }
)
);
}
}
export default { getData };3. Implement MCP Tool
Create a tool definition in src/tools/ following the registration pattern:
typescript
// src/tools/example.tool.ts
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
import { z } from 'zod';
import { Logger } from '../utils/logger.util.js';
import { formatErrorForMcpTool } from '../utils/error.util.js';
import exampleController from '../controllers/example.controller.js';
const logger = Logger.forContext('tools/example.tool.ts');
// Define Zod schema for tool arguments
const GetDataSchema = z.object({
param: z.string().optional().describe('Optional parameter for the API call'),
includeMetadata: z.boolean().optional().default(false)
.describe('Whether to include additional metadata in the response')
});
async function handleGetData(args: Record) {
const methodLogger = logger.forMethod('handleGetData');
try {
methodLogger.debug('Tool example_get_data called', args);
// Validate arguments with Zod
const validatedArgs = GetDataSchema.parse(args);
// Call controller
const result = await exampleController.getData({
param: validatedArgs.param,
includeMetadata: validatedArgs.includeMetadata
});
// Return MCP-formatted response
return {
content: [
{
type: 'text' as const,
text: result.content
}
]
};
} catch (error) {
methodLogger.error('Tool example_get_data failed', error);
return formatErrorForMcpTool(error);
}
}
// Registration function using the modern registerTool API (SDK v1.23.0)
function registerTools(server: McpServer) {
const registerLogger = logger.forMethod('registerTools');
registerLogger.debug('Registering example tools...');
// SDK best practices: 'title' for UI display name, 'description' for detailed info
server.registerTool(
'example_get_data',
{
title: 'Get Example Data', // Display name for UI (e.g., 'Get Example Data')
description: `Gets data from the Example API with optional parameter.
Use this tool to fetch example data. Returns formatted data as Markdown.`,
inputSchema: GetDataSchema,
},
handleGetData
);
registerLogger.debug('Example tools registered successfully');
}
export default { registerTools };4. Add CLI Support
Create a CLI command in src/cli/ following the Commander pattern:
typescript
// src/cli/example.cli.ts
import { Command } from 'commander';
import { Logger } from '../utils/logger.util.js';
import exampleController from '../controllers/example.controller.js';
import { handleCliError } from '../utils/error.util.js';
const logger = Logger.forContext('cli/example.cli.ts');
function register(program: Command) {
const methodLogger = logger.forMethod('register');
methodLogger.debug('Registering example CLI commands...');
program
.command('get-data')
.description('Gets data from the Example API')
.argument('[param]', 'Optional parameter for the API call')
.option('-m, --include-metadata', 'Include additional metadata in response')
.action(async (param, options) => {
const actionLogger = logger.forMethod('action:get-data');
try {
actionLogger.debug('CLI get-data called', { param, options });
const result = await exampleController.getData({
param,
includeMetadata: options.includeMetadata || false
});
console.log(result.content);
} catch (error) {
handleCliError(error);
}
});
methodLogger.debug('Example CLI commands registered successfully');
}
export default { register };5. Register Components
Update the entry points to register your new components:
typescript
// 1. Register CLI in src/cli/index.ts
import exampleCli from './example.cli.js';
export async function runCli(args: string[]) {
// ... existing setup code ...
// Register CLI commands
exampleCli.register(program); // Add this line
// ... rest of function
}
// 2. Register Tools in src/index.ts
import exampleTools from './tools/example.tool.js';
// In the startServer function, after existing registrations:
exampleTools.registerTools(serverInstance);6. Add MCP Resource (Optional)
Create a resource in src/resources/ using the modern registerResource API:
typescript
// src/resources/example.resource.ts
import { McpServer, ResourceTemplate } from '@modelcontextprotocol/sdk/server/mcp.js';
import { Logger } from '../utils/logger.util.js';
import exampleController from '../controllers/example.controller.js';
import { formatErrorForMcpResource } from '../utils/error.util.js';
const logger = Logger.forContext('resources/example.resource.ts');
function registerResources(server: McpServer) {
const registerLogger = logger.forMethod('registerResources');
registerLogger.debug('Registering example resources...');
// Use registerResource with ResourceTemplate for parameterized URIs (SDK v1.23.0)
server.registerResource(
'example-data',
new ResourceTemplate('example://{param}', { list: undefined }),
{
title: 'Example Data', // Display name for UI
description: 'Retrieve example data by parameter'
},
async (uri, variables) => {
const methodLogger = logger.forMethod('exampleResource');
try {
// Extract parameter from template variables
const param = variables.param as string | undefined;
methodLogger.debug('Example resource called', { uri: uri.href, param });
const result = await exampleController.getData({ param });
return {
contents: [
{
uri: uri.href,
text: result.content,
mimeType: 'text/markdown'
}
]
};
} catch (error) {
methodLogger.error('Resource error', error);
return formatErrorForMcpResource(error, uri.href);
}
}
);
registerLogger.debug('Example resources registered successfully');
}
export default { registerResources };IP Address Example Implementation
The boilerplate includes a complete IP address geolocation example demonstrating all layers:
Available Tools & Commands
CLI Commands:
bash
npm run cli -- get-ip-details # Get current public IP (TOON format)
npm run cli -- get-ip-details 8.8.8.8 # Get details for specific IP
npm run cli -- get-ip-details 1.1.1.1 -e # Short form with extended data
npm run cli -- get-ip-details 1.1.1.1 --include-extended-data # Long form with extended data
npm run cli -- get-ip-details 8.8.8.8 --no-use-https # Force HTTP (for free tier)
npm run cli -- get-ip-details 8.8.8.8 -o json # JSON output (short form)
npm run cli -- get-ip-details 8.8.8.8 --output-format json # JSON output (long form)
npm run cli -- get-ip-details 8.8.8.8 --jq "{ip: query, country: country}" # JMESPath filtered outputMCP Tools:
ip_get_details- IP geolocation lookup for AI assistantsip_get_details_link- Same lookup + resource link output for resource-aware clients
Both tools share the same parameters:
ipAddress(optional): IP address to lookup (omit for current device's public IP)includeExtendedData(optional, default:false): Include ASN, host, organization data (requires API token)useHttps(optional, default:true): Use HTTPS for API callsjq(optional): JMESPath expression to filter/transform responseoutputFormat(optional, default:"toon"): Output format - "toon" or "json"
Output behavior:
ip_get_details: returns onetextcontent blockip_get_details_link: returns the same firsttextblock plus aresource_linkblock (ip://)
MCP Resources:
ip://{ipAddress}- IP details resource template (e.g.,ip://8.8.8.8,ip://1.1.1.1)- Returns IP geolocation data in Markdown format
- Uses TOON format by default for token efficiency
Features Demonstrated
- TOON Output: Token-efficient format (30-60% fewer tokens than JSON)
- JMESPath Filtering: Extract only needed fields to reduce costs
- Fallback Logic: HTTPS → HTTP fallback for free tier users
- Environment Detection: Different behavior in test vs production
- API Token Support: Optional token for extended data (ASN, mobile detection, etc.)
- Error Handling: Structured errors for private/reserved IP addresses
Configuration Options
bash
# Optional - for extended data features
IPAPI_API_TOKEN=your_token_from_ip-api.com
# Development
DEBUG=true # Enable detailed logging
TRANSPORT_MODE=http # Use HTTP transport
PORT=3001 # Custom portPublishing Your MCP Server
1. Customize Package Details:
json
{
"name": "your-mcp-server-name",
"version": "1.0.0",
"description": "Your custom MCP server",
"author": "Your Name",
"keywords": ["mcp", "your-domain", "ai-integration"]
}2. Update Documentation: Replace IP address examples with your use case
3. Test Thoroughly:
bash
npm run build && npm test
npm run cli -- your-command
npm run mcp:stdio # Test with MCP Inspector4. Release: Push conventional commits to main and let semantic-release publish automatically via GitHub Actions (OIDC trusted publishing).
Testing Strategy
The boilerplate includes comprehensive testing infrastructure:
Test Structure
code
tests/ # Not present - tests are in src/
src/
├── **/*.test.ts # Co-located with source files
├── utils/ # Utility function tests
├── controllers/ # Business logic tests
├── services/ # API integration tests
└── cli/ # CLI command testsTesting Best Practices
- Unit Tests: Test utilities and pure functions (
*.util.test.ts) - Controller Tests: Test business logic with mocked service calls
- Service Tests: Test API integration with real/mocked HTTP calls
- CLI Tests: Test command parsing and execution
- Test Environment Detection: Automatic test mode handling in controllers
Running Tests
bash
npm test # Run all tests
npm run test:coverage # Generate coverage report
npm run test:cli # CLI-specific tests onlyCoverage Goals
- Target: >80% test coverage
- Focus on business logic (controllers) and utilities
- Mock external services appropriately
License
MCP SDK v2 Preparation
⚠️ Note: MCP SDK v2 is in development (expected stable Q1 2026). This boilerplate is ready for migration with minimal changes needed.
Key v2 Changes:
- Package split:
@modelcontextprotocol/serverand@modelcontextprotocol/client - Optional middleware packages for Express, Hono, Node.js HTTP
- Same core API patterns (this boilerplate already uses modern APIs)
See MODERNIZATION.md for detailed migration guide and timeline.
Resources & Documentation
MCP Protocol Resources
- MCP Specification - Latest protocol specification
- MCP SDK Documentation - TypeScript SDK v1.23.0
- MCP Inspector - Visual debugging tool
- MCP Concepts - Tools, resources, transports
Implementation References
- Anthropic MCP Announcement
- Awesome MCP Servers - Community examples
- TypeScript Documentation
Your MCP Server Ecosystem
- All @aashari MCP Servers - NPM packages
- GitHub Repositories - Source code
Similar MCP
Based on tags & features
Trending MCP
Most active this week