{"id":"nathanjclark-mcp-server","name":"mcp-server","homepage":null,"repo_url":"https://github.com/nathanjclark/mcp-server","category":"ai-ml","subcategories":[],"tags":["mcp","model-context-protocol","json-rpc","oauth2.1","auth0","rust","axum","shuttle","postgresql","ai-tools","template"],"what_it_does":"Provides a Model Context Protocol (MCP) server implemented in Rust (Axum, Shuttle) with an OAuth 2.1/Auth0-based authentication flow. It exposes MCP JSON-RPC 2.0 endpoints (public initialize/handshake, protected tools/resources/prompts) and includes built-in tools/resources/prompts plus a registry-based architecture for extending capabilities.","use_cases":["Serve MCP clients (e.g., Claude/other MCP inspectors) with authenticated tool/resource/prompt access","Build an authenticated “tool server” that exposes text/AI/db/time utilities via MCP","Use PostgreSQL-backed resources (e.g., user stats) and extend with custom tools/resources/prompts","Quickly scaffold an MCP server with OAuth 2.1 and Shuttle deployment"],"not_for":["Public unauthenticated access to tools/resources/prompts (those are described as protected)","Use as a drop-in solution without setting required OAuth/client secrets and session JWT secret","Production use without validating MCP compliance details, error formats, and security hardening beyond the template-level README claims"],"best_when":"You want a Rust-based MCP server scaffold with OAuth2/OIDC-style login (Auth0) and a registry-driven way to add tools/resources/prompts.","avoid_when":"You need documented REST/OpenAPI contracts or SDKs beyond the MCP JSON-RPC interface, or you require explicit, documented rate limits and consistent error-code semantics.","alternatives":["Generic MCP servers you implement directly without OAuth (if you can accept different auth), e.g., via the official MCP libraries","Other MCP template repos that provide OpenAPI/SDKs and stronger operational documentation","Self-hosted OAuth-protected API backends paired with a thin MCP JSON-RPC adapter"],"af_score":42.5,"security_score":64.0,"reliability_score":5.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T19:42:13.243973+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://localhost:8000/mcp (per README)","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["OAuth 2.1 authorization server endpoints (/.well-known/oauth-authorization-server, /authorize, /token, /register)","Auth0 callback endpoint (GET /auth/callback)","Session JWT secret configuration (SESSION_JWT_SECRET)"],"oauth":true,"scopes":false,"notes":"The README describes OAuth 2.1 with Auth0 and that tools/resources/prompts are protected. It does not specify token scopes/permissions granularity in the provided content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information is provided; costs depend on Shuttle hosting and external services (e.g., Auth0/OpenAI if configured)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":42.5,"security_score":64.0,"reliability_score":5.0,"mcp_server_quality":85.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":50.0,"rate_limit_clarity":10.0,"tls_enforcement":90.0,"auth_strength":80.0,"scope_granularity":30.0,"dependency_hygiene":40.0,"secret_handling":70.0,"security_notes":"Uses OAuth 2.1/Auth0 and requires authentication for tools/resources/prompts. Secrets are configured via Secrets.toml (environment/secret file) and a SESSION_JWT_SECRET is required. The provided content does not describe TLS requirements explicitly (assumed HTTPS in production via Shuttle URLs), does not specify authorization scopes/least-privilege, does not describe rate limiting, and provides no detail on secure logging practices or dependency audit status.","uptime_documented":0.0,"version_stability":0.0,"breaking_changes_history":0.0,"error_recovery":20.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Protected methods require authenticated session/token (handle OAuth flow before tools/resources/prompts).","Transport/endpoint details rely on the MCP client configuration (e.g., Inspector uses Streamable HTTP and Proxy Session Token).","No explicit mention of tool-level idempotency or retry behavior; agent should assume tool calls may have side effects or variable latency (especially AI/db-backed tools)."]}}