{"id":"iannuttall-mcp-boilerplate","name":"mcp-boilerplate","homepage":null,"repo_url":"https://github.com/iannuttall/mcp-boilerplate","category":"ai-ml","subcategories":[],"tags":["mcp","cloudflare","workers","oauth","stripe","payments","stripe-metered","sse","typescript","boilerplate","ai-tools"],"what_it_does":"Boilerplate for building a remote MCP server on Cloudflare Workers that provides user authentication (Google or GitHub via OAuth) and Stripe-based monetization (free vs paid tools, including subscription and other billing modes). It exposes an SSE endpoint for the MCP tooling and includes example tool implementations using Zod and Stripe’s MCP/Cloudflare agent toolkit.","use_cases":["Build a hosted MCP tool server on Cloudflare Workers","Add OAuth login (Google/GitHub) for end-users","Gate MCP tools behind Stripe subscriptions or metered/one-time payments","Use with AI assistant clients (Cursor/Claude) and MCP Inspector for testing"],"not_for":["Use as-is without reviewing security and payment flow code paths","Use when you need a standard REST/GraphQL API instead of an MCP/SSE transport","Use when you require a published SLA or documented production reliability guarantees","Teams wanting turnkey deployment without OAuth/Stripe/Cloudflare configuration"],"best_when":"You want a quick starting point for an MCP server that will run on Cloudflare and you’re comfortable configuring OAuth and Stripe billing.","avoid_when":"You need strong operational guarantees (SLA, long-term stability assurances) or a fully specified public API contract with comprehensive error and rate-limit semantics.","alternatives":["Cloudflare Workers + an existing MCP server framework (non-boilerplate)","Direct MCP server implementations from modelcontextprotocol SDKs","Other MCP “hoster” platforms or turnkey hosted MCP offerings","Stripe Tooling templates (if available) for Cloudflare/agent-toolkit integrations"],"af_score":53.5,"security_score":60.0,"reliability_score":26.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:24:58.715026+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://localhost:8787/sse (local example); deployed URL is https://<worker>.workers.dev per README instructions","has_sdk":true,"sdk_languages":["TypeScript","JavaScript"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth with Google","OAuth with GitHub"],"oauth":true,"scopes":false,"notes":"README describes OAuth client setup and a Cloudflare KV namespace (OAUTH_KV) for login state/storage. It does not describe fine-grained API scopes for MCP tools at the auth layer."},"pricing":{"model":"Tool access monetization via Stripe (free/paid too","free_tier_exists":true,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No explicit free-trial/limits are documented in provided content. Costs depend on your Stripe plan/product configuration and Cloudflare usage."},"requirements":{"requires_signup":true,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":53.5,"security_score":60.0,"reliability_score":26.2,"mcp_server_quality":75.0,"documentation_accuracy":70.0,"error_message_quality":null,"error_message_notes":"README includes one explicit Stripe billing-portal configuration error pattern and guidance, but there’s no general description of MCP error formats/codes, retry semantics, or structured failure responses.","auth_complexity":70.0,"rate_limit_clarity":10.0,"tls_enforcement":80.0,"auth_strength":75.0,"scope_granularity":30.0,"dependency_hygiene":35.0,"secret_handling":70.0,"security_notes":"Strengths inferred from README: OAuth login with a dedicated KV namespace and an explicit cookie encryption key via env var; secrets are configured through .dev.vars/Cloudflare secrets rather than hard-coded. Uncertainties: provided content does not specify TLS enforcement details, secure cookie flags (HttpOnly/SameSite/Secure), CSRF protections for OAuth callback/session creation, passwordless token handling details, tool-level authorization granularity, or dependency/security scanning results. Rate limiting and abuse protections are not described.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":30.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["OAuth redirect URIs differ between localhost and deployed worker; misconfiguration will block authentication flow.","Stripe Customer Billing Portal may require enabling test-mode portal configuration before the check_user_subscription_status tool can return a usable billingPortal.url.","README warns MCP Inspector versioning (0.12.0 vs 0.11.0) and that @latest may not work right now, which can affect debugging workflows."]}}