cyberneticlibrary
← library

Deploy stateless MCP servers on edge

mcp-httpmcp_serversetup L30
Max-Health-Inc/mcp-http
What it does

Provide stateless HTTP transport for MCP servers with RFC 9728 OAuth

Best for

Running an MCP server as stateless HTTP on edge infrastructure with pluggable OAuth 2.1 backends (no session storage).

Inputs
  • · Bearer token (JWT or opaque)
  • · MCP request JSON-RPC
Outputs
  • · MCP response JSON-RPC
  • · OAuth metadata endpoints (/.well-known/*)
Requires
  • · @modelcontextprotocol/sdk >= 1.29.0 (peer dep)
  • · Optional: Hono >= 4.12.0 for adapter
  • · OAuth2 Authorization Server URL
Preconditions
  • · Node 18+, Bun, Deno Deploy, or Cloudflare Workers
  • · Web Fetch API runtime
  • · Authorization Server issuer URL (RFC 9728)
Failure modes
  • · Expired JWT rejected before hitting upstream (30s clock-skew buffer)
  • · CORS misconfiguration blocks client requests
  • · Upstream fetch failures pass through without retry
  • · Bearer token missing → 401 with WWW-Authenticate header
Trust signals
  • · RFC 9728 (Tokens in JSON-RPC) compliant
  • · First-class Hono and Cloudflare Pages Functions adapters
  • · JWT exp early-rejection with configurable skew
  • · Observability hooks (onRequest, onError)
  • · CORS fully configurable or disabled