Related Pages

Related topics: Entrypoints and Runtime Surface, Architecture Evidence Map, Operations and Verification Boundaries

Repository Overview

This page is generated from repository evidence because the Human Wiki provider was unavailable. It intentionally limits itself to README and file-tree facts.

README Evidence

<div align="center"> <h1>@cyanheads/mcp-ts-core</h1> <p><b>Agent-native TypeScript framework for building MCP servers. Build tools, not infrastructure. Declarative definitions with auth, multi-backend storage, OpenTelemetry, and first-class support for Bun/Node/Cloudflare Workers.</b></p> </div>

<div align="center">

   

 

</div>

Related Pages

Related topics: Repository Overview, Architecture Evidence Map, Operations and Verification Boundaries

Entrypoints and Runtime Surface

The files below are the highest-signal candidates for how the project is installed, started, configured, or embedded. Treat this as an evidence map, not an inferred API contract.

Source: Dockerfile:1-120

Related Pages

Related topics: Repository Overview, Entrypoints and Runtime Surface, Operations and Verification Boundaries

Architecture Evidence Map

This section maps source paths into likely architectural areas based on repository layout only. Claims that require execution are intentionally not made here.

• .: Dockerfile, README.md, package.json
• skills: skills/README.md, skills/polish-docs-meta/references/readme.md
• src: src/index.ts, src/cli/init.ts, src/config/index.ts, src/config/parseEnvConfig.ts, src/core/app.ts
• templates: templates/Dockerfile, templates/package.json

Source: README.md:1-120

Related Pages

Related topics: Repository Overview, Entrypoints and Runtime Surface, Architecture Evidence Map

Operations and Verification Boundaries

Operational guidance is limited to files that are present in the repository. Before using this project in an agent workflow, verify install, quickstart, and runtime behavior in a sandbox.

• Containerization signal: Dockerfile
• Documentation signal: README.md
• Runtime/package signal: package.json
• Documentation signal: skills/README.md
• Containerization signal: templates/Dockerfile
• Runtime/package signal: templates/package.json
• Documentation signal: skills/polish-docs-meta/references/readme.md
• Source inspection signal: src/index.ts
• Source inspection signal: src/cli/init.ts
• Source inspection signal: src/config/index.ts

Source: package.json:1-120

Doramagic Pitfall Log

Doramagic extracted 16 source-linked risk signals. Review them before installing or handing real data to the project.

1. Installation risk: bug(transport): HTTP per-request McpServer cleanup leaks ~30 KB/req on heap

• Severity: high
• Finding: Installation risk is backed by a source signal: bug(transport): HTTP per-request McpServer cleanup leaks ~30 KB/req on heap. Treat it as a review item until the current version is checked.
• User impact: First-time setup may fail or require extra isolation and rollback planning.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: Source-linked evidence: https://github.com/cyanheads/mcp-ts-core/issues/50

2. Configuration risk: bug(transport): list_changed notifications silently dropped under HTTP per-request McpServer model

• Severity: high
• Finding: Configuration risk is backed by a source signal: bug(transport): list_changed notifications silently dropped under HTTP per-request McpServer model. Treat it as a review item until the current version is checked.
• User impact: Users may get misleading failures or incomplete behavior unless configuration is checked carefully.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: Source-linked evidence: https://github.com/cyanheads/mcp-ts-core/issues/135

3. Configuration risk: feat(tool): flatten SDK input-validation error text and move issues to error.data (follow-up to #55)

• Severity: high
• Finding: Configuration risk is backed by a source signal: feat(tool): flatten SDK input-validation error text and move issues to error.data (follow-up to #55). Treat it as a review item until the current version is checked.
• User impact: Users may get misleading failures or incomplete behavior unless configuration is checked carefully.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: Source-linked evidence: https://github.com/cyanheads/mcp-ts-core/issues/66

4. Security or permission risk: Developers should check this security_permissions risk before relying on the project: feat(auth): add RFC 7662 Token Introspection as a third auth strategy

• Severity: high
• Finding: Developers should check this security_permissions risk before relying on the project: feat(auth): add RFC 7662 Token Introspection as a third auth strategy
• User impact: Developers may expose sensitive permissions or credentials: feat(auth): add RFC 7662 Token Introspection as a third auth strategy
• Recommended check: Before packaging this project, run the relevant install/config/quickstart check for: feat(auth): add RFC 7662 Token Introspection as a third auth strategy. Context: Source discussion did not expose a precise runtime context.
• Evidence: failure_mode_cluster:github_issue | fmev_79b989da05ab81a148513987aa506d71 | https://github.com/cyanheads/mcp-ts-core/issues/139 | feat(auth): add RFC 7662 Token Introspection as a third auth strategy

5. Installation risk: Developers should check this installation risk before relying on the project: feat(templates): MCPB bundle packaging for scaffolded servers

• Severity: medium
• Finding: Developers should check this installation risk before relying on the project: feat(templates): MCPB bundle packaging for scaffolded servers
• User impact: Developers may fail before the first successful local run: feat(templates): MCPB bundle packaging for scaffolded servers
• Recommended check: Before packaging this project, run the relevant install/config/quickstart check for: feat(templates): MCPB bundle packaging for scaffolded servers. Context: Observed when using node, docker, windows, macos
• Evidence: failure_mode_cluster:github_issue | fmev_22c10ce8863043b0adf9a54a6f51d108 | https://github.com/cyanheads/mcp-ts-core/issues/137 | feat(templates): MCPB bundle packaging for scaffolded servers

6. Installation risk: bug(utils): fetchWithTimeout collapses every non-ok HTTP status to ServiceUnavailable, erasing codes and causing spurio…

• Severity: medium
• Finding: Installation risk is backed by a source signal: bug(utils): fetchWithTimeout collapses every non-ok HTTP status to ServiceUnavailable, erasing codes and causing spurio…. Treat it as a review item until the current version is checked.
• User impact: First-time setup may fail or require extra isolation and rollback planning.
• Recommended check: Open the linked source, confirm whether it still applies to the current version, and keep the first run isolated.
• Evidence: Source-linked evidence: https://github.com/cyanheads/mcp-ts-core/issues/126

7. Configuration risk: Developers should check this configuration risk before relying on the project: Connect card: active-tab styling, default to Claude, add Codex/Cursor/Gemini

• Severity: medium
• Finding: Developers should check this configuration risk before relying on the project: Connect card: active-tab styling, default to Claude, add Codex/Cursor/Gemini
• User impact: Developers may misconfigure credentials, environment, or host setup: Connect card: active-tab styling, default to Claude, add Codex/Cursor/Gemini
• Recommended check: Before packaging this project, run the relevant install/config/quickstart check for: Connect card: active-tab styling, default to Claude, add Codex/Cursor/Gemini. Context: Source discussion did not expose a precise runtime context.
• Evidence: failure_mode_cluster:github_issue | fmev_5c7acd2f18c877d832b1a859cd234468 | https://github.com/cyanheads/mcp-ts-core/issues/136 | Connect card: active-tab styling, default to Claude, add Codex/Cursor/Gemini

8. Configuration risk: Developers should check this configuration risk before relying on the project: bug(utils): fetchWithTimeout attaches full upstream HTTP error body to error.data.responseBody — no cap, no MIME filter

• Severity: medium
• Finding: Developers should check this configuration risk before relying on the project: bug(utils): fetchWithTimeout attaches full upstream HTTP error body to error.data.responseBody — no cap, no MIME filter
• User impact: Developers may misconfigure credentials, environment, or host setup: bug(utils): fetchWithTimeout attaches full upstream HTTP error body to error.data.responseBody — no cap, no MIME filter
• Recommended check: Before packaging this project, run the relevant install/config/quickstart check for: bug(utils): fetchWithTimeout attaches full upstream HTTP error body to error.data.responseBody — no cap, no MIME filter. Context: Source discussion did not expose a precise runtime context.
• Evidence: failure_mode_cluster:github_issue | fmev_7d40e777d2ccdbab34bc3b3d1402bd71 | https://github.com/cyanheads/mcp-ts-core/issues/120 | bug(utils): fetchWithTimeout attaches full upstream HTTP error body to error.data.responseBody — no cap, no MIME filter

9. Configuration risk: Developers should check this configuration risk before relying on the project: bug(worker): Workers compatibility — runtime detection broken under nodejs_compat, plus 8 related findings

• Severity: medium
• Finding: Developers should check this configuration risk before relying on the project: bug(worker): Workers compatibility — runtime detection broken under nodejs_compat, plus 8 related findings
• User impact: Developers may misconfigure credentials, environment, or host setup: bug(worker): Workers compatibility — runtime detection broken under nodejs_compat, plus 8 related findings
• Recommended check: Before packaging this project, run the relevant install/config/quickstart check for: bug(worker): Workers compatibility — runtime detection broken under nodejs_compat, plus 8 related findings. Context: Observed when using node
• Evidence: failure_mode_cluster:github_issue | fmev_41ff925fb40ebff8720b5c65f8b20ece | https://github.com/cyanheads/mcp-ts-core/issues/124 | bug(worker): Workers compatibility — runtime detection broken under nodejs_compat, plus 8 related findings

10. Configuration risk: Developers should check this configuration risk before relying on the project: changelog: raise summary cap from 250 → 350 chars

• Severity: medium
• Finding: Developers should check this configuration risk before relying on the project: changelog: raise summary cap from 250 → 350 chars
• User impact: Developers may misconfigure credentials, environment, or host setup: changelog: raise summary cap from 250 → 350 chars
• Recommended check: Before packaging this project, run the relevant install/config/quickstart check for: changelog: raise summary cap from 250 → 350 chars. Context: Source discussion did not expose a precise runtime context.
• Evidence: failure_mode_cluster:github_issue | fmev_5d2f31e619abdbc2e753d5c67819c1a8 | https://github.com/cyanheads/mcp-ts-core/issues/129 | changelog: raise summary cap from 250 → 350 chars

11. Configuration risk: Developers should check this configuration risk before relying on the project: docs(api-canvas): add minimum-viable spillover server recipe as the default

• Severity: medium
• Finding: Developers should check this configuration risk before relying on the project: docs(api-canvas): add minimum-viable spillover server recipe as the default
• User impact: Developers may misconfigure credentials, environment, or host setup: docs(api-canvas): add minimum-viable spillover server recipe as the default
• Recommended check: Before packaging this project, run the relevant install/config/quickstart check for: docs(api-canvas): add minimum-viable spillover server recipe as the default. Context: Source discussion did not expose a precise runtime context.
• Evidence: failure_mode_cluster:github_issue | fmev_44db3da73c060fc8e7affa9e6c321749 | https://github.com/cyanheads/mcp-ts-core/issues/138 | docs(api-canvas): add minimum-viable spillover server recipe as the default

12. Configuration risk: Developers should check this configuration risk before relying on the project: feat(docs/skills): codify agent-observed correctness across response design surface

• Severity: medium
• Finding: Developers should check this configuration risk before relying on the project: feat(docs/skills): codify agent-observed correctness across response design surface
• User impact: Developers may misconfigure credentials, environment, or host setup: feat(docs/skills): codify agent-observed correctness across response design surface
• Recommended check: Before packaging this project, run the relevant install/config/quickstart check for: feat(docs/skills): codify agent-observed correctness across response design surface. Context: Source discussion did not expose a precise runtime context.
• Evidence: failure_mode_cluster:github_issue | fmev_a5a5f36d76023182a160cd1189430916 | https://github.com/cyanheads/mcp-ts-core/issues/131 | feat(docs/skills): codify agent-observed correctness across response design surface

Community Discussion Evidence

Doramagic exposes project-level community discussion separately from official documentation. Review these links before using mcp-ts-template with real data or production workflows.

• feat(tool): flatten SDK input-validation error text and move issues to e - github / github_issue
• feat(tool): first-class support for discriminated-union tool inputs (mul - github / github_issue
• bug(transport): HTTP per-request McpServer cleanup leaks ~30 KB/req on h - github / github_issue
• feat(linter): schema-properties-need-type — flag typeless leaves misse - github / github_issue
• docs(api-canvas): add minimum-viable spillover server recipe as the defa - github / github_issue
• feat(auth): add RFC 7662 Token Introspection as a third auth strategy - github / github_issue
• feat(templates): MCPB bundle packaging for scaffolded servers - github / github_issue
• Connect card: active-tab styling, default to Claude, add Codex/Cursor/Ge - github / github_issue
• bug(transport): list_changed notifications silently dropped under HTTP p - github / github_issue
• feat(telemetry): wire Worker-native OTel exporter (sdk-trace-web + OTLP - github / github_issue
• feat(linter,docs): cross-vendor JSON Schema portability rules - github / github_issue
• feat(docs/skills): codify agent-observed correctness across response des - github / github_issue