Golf

A Python framework for building production-ready MCP servers with minimal boilerplate. Provides automatic tool/prompt/resource discovery from directory structure, enterprise-grade auth (JWT, OAuth 2.0, API keys), OpenTelemetry tracing, built-in LLM utilities, and a CLI for project scaffolding and development.

Evaluated Mar 06, 2026 (0d ago) v0.2.19
Homepage ↗ Repo ↗ Developer Tools mcp-server framework python oauth jwt opentelemetry pydantic hot-reload scaffolding apache-2.0
⚙ Agent Friendliness
72
/ 100
Can an agent use this?
🔒 Security
69
/ 100
Is it safe for agents?
⚡ Reliability
60
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
72
Documentation
74
Error Messages
60
Auth Simplicity
80
Rate Limits
65

🔒 Security

TLS Enforcement
85
Auth Strength
68
Scope Granularity
60
Dep. Hygiene
72
Secret Handling
62

Golf scoring/data MCP. Domain-specific tool for golf data. Low security risk. Public golf data — no PII typically. Rate limits apply for data APIs.

⚡ Reliability

Uptime/SLA
60
Version Stability
62
Breaking Changes
58
Error Recovery
58
AF Security Reliability

Best When

You need to build a Python MCP server with auth, observability, and structured project layout, especially for production or multi-tool scenarios.

Avoid When

You need a ready-to-use MCP server for a specific service, or you are building in a language other than Python, or your MCP server is trivially simple.

Use Cases

  • Building custom MCP servers with authentication and observability out of the box
  • Scaffolding new MCP server projects with conventional directory structure
  • Adding enterprise auth (JWT, OAuth) to MCP tools without manual implementation
  • Instrumenting MCP servers with OpenTelemetry for production monitoring

Not For

  • Using as a standalone MCP server (it is a framework for building servers)
  • Non-Python MCP server development
  • Simple single-tool MCP servers where a framework adds unnecessary overhead

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
Yes
Webhooks
No

Authentication

Methods: jwt oauth api_key static_token
OAuth: Yes Scopes: Yes

Built-in auth framework supporting JWT (JWKS validation), OAuth 2.0 server mode, static development tokens, and API keys. Configured via auth.py file. v0.2.0 introduced breaking changes to auth API.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Apache-2.0 license. Install via pip install golf-mcp. CLI collects anonymous telemetry (opt-out available).

Agent Metadata

Pagination
unknown
Idempotent
Unknown
Retry Guidance
Not documented

Known Gotchas

  • This is a framework, not a ready-to-use MCP server - requires building tools on top of it
  • Breaking auth API changes between v0.1.x and v0.2.x - check migration docs
  • Detailed tracing mode logs full request/response data which may expose sensitive information
  • CLI collects anonymous telemetry by default - must explicitly opt out
  • Python 3.10+ required, limiting some environments
  • Nested tool directories create longer tool IDs (e.g. tools/payments/charge.py becomes charge_payments)

Alternatives

FastMCP mcp-python-sdk (official) create-mcp-server Smithery

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Golf.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5208
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered