mcp-stytch-consumer-todo-list

Provides a Cloudflare Workers full-stack demo app (React static site + REST API + MCP server) where user/client identity and authentication flows are handled by Stytch, and TODO data is stored in Workers KV / Durable Objects.

Evaluated Mar 30, 2026 (22d ago)

Homepage ↗ Repo ↗ Ai Ml mcp model-context-protocol cloudflare-workers cloudflare-kv durable-objects stytch hono typescript react

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Uses Stytch for authentication and requires environment-based secrets (.dev.vars, .env.local). However, the provided content does not document API authorization model/scopes for MCP tools, rate limiting, detailed error responses, or secret-handling safeguards beyond typical env-var usage. TLS and operational controls are not explicitly discussed.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Use Cases

• Authenticated AI-agent interaction with a simple TODO application via MCP
• Demonstrating how to combine MCP with web UI + REST APIs on Cloudflare Workers
• Learning/benchmarking Stytch Consumer authentication integration patterns for agent-enabled apps
• Prototyping an agent tool that performs CRUD-like operations on user-scoped data

Not For

• Production use without security review, proper operational hardening, and robust error/observability practices
• High-throughput or compliance-sensitive workloads without confirming Cloudflare KV/DO behavior and data handling requirements
• Use as a general-purpose identity provider replacement for non-Stytch systems

Interface

REST API

Yes

GraphQL

gRPC

MCP Server

Yes ↗

SDK

Yes

Webhooks

Authentication

Methods: Stytch Consumer authentication (B2C) using public/secret tokens configured via environment variables

OAuth: No Scopes: No

Authentication is centered on Stytch; README references redirect URL and Frontend SDK configuration, but does not describe fine-grained scopes/permissions for API actions.

Pricing

Free tier: No

Requires CC: No

No pricing information for the package itself; Cloudflare Workers and Stytch costs would apply, but are not detailed in the provided content.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ Auth setup is required (Stytch redirect URLs + allowed authorized applications); misconfiguration can prevent MCP tool use
⚠ Cloudflare KV/DO-based storage may require careful handling of user scoping and consistency for agent-driven workflows
⚠ No evidence in the provided README about idempotent operations or retry guidance; agents may need conservative request handling

Alternatives

mcp-stytch-b2b-okr-manager (if B2B flows are needed) Other MCP servers backed by more specialized databases/services (e.g., Postgres) Custom MCP servers that use standard OAuth/OpenID providers instead of Stytch

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-stytch-consumer-todo-list.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.