{"id":"stytchauth-mcp-stytch-consumer-todo-list","name":"mcp-stytch-consumer-todo-list","homepage":"https://mcp-stytch-consumer-todo-list.maxwell-gerber42.workers.dev","repo_url":"https://github.com/stytchauth/mcp-stytch-consumer-todo-list","category":"ai-ml","subcategories":[],"tags":["mcp","model-context-protocol","cloudflare-workers","cloudflare-kv","durable-objects","stytch","hono","typescript","react"],"what_it_does":"Provides a Cloudflare Workers full-stack demo app (React static site + REST API + MCP server) where user/client identity and authentication flows are handled by Stytch, and TODO data is stored in Workers KV / Durable Objects.","use_cases":["Authenticated AI-agent interaction with a simple TODO application via MCP","Demonstrating how to combine MCP with web UI + REST APIs on Cloudflare Workers","Learning/benchmarking Stytch Consumer authentication integration patterns for agent-enabled apps","Prototyping an agent tool that performs CRUD-like operations on user-scoped data"],"not_for":["Production use without security review, proper operational hardening, and robust error/observability practices","High-throughput or compliance-sensitive workloads without confirming Cloudflare KV/DO behavior and data handling requirements","Use as a general-purpose identity provider replacement for non-Stytch systems"],"best_when":null,"avoid_when":null,"alternatives":["mcp-stytch-b2b-okr-manager (if B2B flows are needed)","Other MCP servers backed by more specialized databases/services (e.g., Postgres)","Custom MCP servers that use standard OAuth/OpenID providers instead of Stytch"],"af_score":55.0,"security_score":61.5,"reliability_score":22.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:29:46.827848+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://localhost:3000/mcp","has_sdk":true,"sdk_languages":["TypeScript","JavaScript (via Stytch React/vanilla SDKs)"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Stytch Consumer authentication (B2C) using public/secret tokens configured via environment variables"],"oauth":false,"scopes":false,"notes":"Authentication is centered on Stytch; README references redirect URL and Frontend SDK configuration, but does not describe fine-grained scopes/permissions for API actions."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information for the package itself; Cloudflare Workers and Stytch costs would apply, but are not detailed in the provided content."},"requirements":{"requires_signup":true,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":55.0,"security_score":61.5,"reliability_score":22.5,"mcp_server_quality":70.0,"documentation_accuracy":80.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":10.0,"tls_enforcement":90.0,"auth_strength":75.0,"scope_granularity":20.0,"dependency_hygiene":45.0,"secret_handling":70.0,"security_notes":"Uses Stytch for authentication and requires environment-based secrets (.dev.vars, .env.local). However, the provided content does not document API authorization model/scopes for MCP tools, rate limiting, detailed error responses, or secret-handling safeguards beyond typical env-var usage. TLS and operational controls are not explicitly discussed.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":30.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Auth setup is required (Stytch redirect URLs + allowed authorized applications); misconfiguration can prevent MCP tool use","Cloudflare KV/DO-based storage may require careful handling of user scoping and consistency for agent-driven workflows","No evidence in the provided README about idempotent operations or retry guidance; agents may need conservative request handling"]}}