{"id":"spiral-packages-mcp-server","name":"mcp-server","homepage":null,"repo_url":"https://github.com/spiral-packages/mcp-server","category":"devtools","subcategories":[],"tags":["mcp","model-context-protocol","php","spiritual-framework","tooling","middleware","schema-validation","dependency-injection"],"what_it_does":"Provides an MCP (Model Context Protocol) server for the Spiral Framework with automatic tool discovery via PHP attributes, schema generation/validation for tool inputs, configurable transport (HTTP/stream/STDIO), middleware support, and optional session handling.","use_cases":["Expose backend functionality (tools) to MCP-compatible clients/LLMs","Build structured, schema-validated tool endpoints using PHP DTOs and attributes","Integrate tool execution into Spiral Framework apps via its DI container","Run MCP servers over HTTP, streaming HTTP, or STDIO for different deployment modes"],"not_for":["Simple one-off scripts that don't use Spiral Framework/DI patterns","Use as a general-purpose web API without MCP semantics","Environments requiring built-in strong auth/tenancy controls beyond what the user configures via middleware"],"best_when":"You’re building a Spiral-based PHP application that needs to expose MCP tools with typed inputs, validation, and DI-driven dependency injection.","avoid_when":"You need a turnkey, opinionated network service with standard REST/JSON auth patterns and documented auth/rate-limit behavior out of the box.","alternatives":["Other MCP server implementations in your language/ecosystem","REST/GraphQL APIs with OpenAPI/GraphQL schemas","Framework-specific tool runtimes or agent tooling SDKs (non-MCP)"],"af_score":49.8,"security_score":43.2,"reliability_score":30.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:21:12.658186+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Custom middleware (example: AuthenticationMiddleware)"],"oauth":false,"scopes":false,"notes":"README does not describe built-in authentication; it shows an example middleware registration. Security model likely depends on user-implemented middleware and transport-layer setup."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Open-source (MIT) composer package; no service pricing described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":49.8,"security_score":43.2,"reliability_score":30.0,"mcp_server_quality":70.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":35.0,"rate_limit_clarity":20.0,"tls_enforcement":60.0,"auth_strength":35.0,"scope_granularity":25.0,"dependency_hygiene":50.0,"secret_handling":50.0,"security_notes":"README does not specify auth mechanisms, TLS enforcement, or secret-handling practices for production. Presence of middleware hooks suggests responsibility for security controls (authn/z, rate limiting, logging hygiene) is on the integrator. Transport is configurable; ensure HTTPS/TLS is enforced in HTTP modes and that middleware avoids leaking sensitive request data.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":40.0,"error_recovery":30.0,"idempotency_support":"true","idempotency_notes":"Provides tool metadata attributes for idempotency (#[IsIdempotent]) and read-only/destructive hints, but does not document runtime idempotency/retry semantics.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["No documented, standardized guidance for retry/backoff on MCP tool failures.","Auth/rate-limiting behavior appears to be delegated to middleware; ensure it’s implemented and consistent across transports (HTTP/stream/STDIO)."]}}