r/MCPservers

▲ 2 r/MCPservers+1 crossposts

How do you test that an MCP server change didn't break your agents?

For folks running MCP servers with a team (internal or third-party ones): when you update a server or change a tool, how do you know you didn't silently break something downstream?

Trying to sort out my own workflow and curious what others actually do in practice — CI checks? manual testing in the client? contract tests on the tool schemas? just ship and find out?

Also interested in how you catch it when a server degrades over time (gets slower/flakier) vs. hard-breaks. Do you find out right away or days later?

reddit.com
u/Deversatilist — 8 hours ago
▲ 28 r/MCPservers+4 crossposts

I got tired of tool websites asking for signups, so I made my own: Would love some brutal feedback

To be honest, I was getting really annoyed every time I needed to do something simple like compress an image or convert a pdf. You google it and immediately get hit with ads, or they want you to make an account just to download your file. Plus, uploading personal stuff to random servers always felt super sketchy to me.

After dealing with this for a while, I just decided to build a massive toolbox for myself. Everything runs completely locally in the browser, so no servers, no signups, and nothing gets uploaded anywhere.

So I put it all together on https://footrue.com If anything feels broken or you think of something I should add, just drop a comment here.

Happy to return the favor and check out your projects too! Thank you!

u/TurbulentFail5486 — 13 hours ago
▲ 19 r/MCPservers+10 crossposts

I built Curion, a librarian-like memory agent for AI agents

I’ve been working on Curion, a memory system for AI agents built around a simple idea:

The main agent should not have to manage memory manually.

Most AI agents are useful inside a single session, but they still lose important context between sessions. Project decisions, implementation history, constraints, unresolved tasks, and previous reasoning often disappear unless I manually write long handoff notes.

At first, the obvious solution seems to be giving the agent memory tools: save, search, update, delete, edit.

But that creates a second problem.

If the main agent has to manage memory by itself, it can easily receive too many raw memories. Some are relevant, some are stale, some are only partially related, and some may conflict with newer information. The agent then has to spend context and attention deciding what matters.

That creates context bloat.

Curion takes a different approach.

I think of Curion as a librarian for AI agents.

A good librarian does not just throw every possibly related book at you. They understand the question, know how information is organized, filter what matters, notice conflicts, ask clarifying questions when needed, and return the most useful context.

That is what Curion is meant to do for agent memory.

The main agent only needs to say:

“I want to remember this.”

or

“I need to recall something about this.”

Curion handles the rest.

When saving memory, Curion can decide how information should be stored, whether it relates to existing records, whether something should be updated, and whether a conflict requires clarification.

When recalling memory, Curion does not just dump raw search results into the agent’s context. It retrieves relevant records, evaluates what is useful for the current task, synthesizes the context, and clearly says when nothing relevant was found.

The analogy I use is human memory. When we want to remember something, we do not consciously search through billions of memories. We ask for what we need, and the relevant memory appears automatically beneath the surface.

Curion is built around that same interface idea for AI agents.

It is project-first: Curion focuses on the project the agent is currently working in. It can also use cross-project recall when information from another project is actually relevant.

Curion is not just a save/search tool. It is a collaborative memory layer: a specialized memory librarian that helps agents remember responsibly, reduces context bloat, and gives the main agent only the context it actually needs.

GitHub: https://github.com/geanatz/curion

NPM: https://www.npmjs.com/package/@geanatz/curion

Portfolio: https://geanatz.com

u/geanatz — 1 day ago
▲ 329 r/MCPservers+69 crossposts

I built an open-source, self-hosted AI gateway: 237 providers (90+ free), auto-fallback combos, and a 10-engine token-compression pipeline (MIT)

Builders-welcome post with the substance up front (disclosure: I'm the maintainer). OmniRoute is a free, MIT, self-hosted AI gateway — one OpenAI-compatible endpoint over 237 providers — built around two problems: runs dying on a provider 429, and tokens bleeding on tool/log output.

One endpoint, 237 providers — 90+ of them free. You point any tool or agent at a single OpenAI-compatible endpoint (localhost:20128/v1) and it can reach 237 LLM providers without you rewriting anything. 90+ have free tiers and 11 are free forever (no card), which aggregates to ~1.6B documented free tokens/month — and that's honest, pool-deduped math (we count each shared pool once instead of inflating it; the methodology is public in the repo). There's a one-command setup-* for 13+ coding tools (Claude Code, Codex, Cursor, Cline, Roo, Kilo, Gemini CLI…), so switching your existing setup over takes seconds.

Fallback combos — so it never stops mid-task. A "combo" is a ladder of models the router walks automatically: your subscription first, then API keys, then cheap models, then free ones. When a provider returns a 500 or you hit a rate limit, it slides to the next target in milliseconds, mid-request, and your tool never even sees the error. There are 17 routing strategies (priority, weighted, round-robin, cost-optimized, auto/coding:fast…) plus three resilience layers — a per-provider circuit breaker, a per-key cooldown, and a per-model lockout — so one dead key can't take down a whole provider.

Fusion — an ensemble mode for the hard steps. Beyond simple routing, there's a fusion strategy that fans a single prompt out to a panel of different models in parallel and then has a judge model synthesize one best answer (mixture-of-agents, built in). It's cost-aware, so easy turns stay on one fast model and it only fuses when the step is worth it.

A 10-engine compression pipeline — the part most routers don't have. Every request flows through a transparent compression pass you can toggle/stack per combo. Instead of one trick, it stacks the best of the open-source ecosystem: RTK filters command/tool output (git diffs, test logs, builds) at 60–90%, Microsoft's LLMLingua-2 does ML semantic pruning, Caveman handles prose, session-dedup strips repeats across turns. Critically, code, URLs and JSON are preserved byte-perfect, and a default-on inflation guard throws the compressed version away and sends the original if compressing would actually grow the prompt — it never makes things worse. On tool-heavy sessions that's ~89% average input-token reduction (an 8k-token git diff becomes a few hundred). Full credit to every upstream project (RTK, Caveman, LLMLingua-2, Troglodita) is in the README.

Agent-native — the agent can drive the router itself. There's a built-in MCP server (95 tools across 30 audited scopes, over stdio / SSE / streamable-HTTP), plus A2A (v0.3, JSON-RPC 2.0) support. That means an agent can query providers, switch combos, read its own remaining quota and manage memory through the gateway — not just consume tokens through it.

It's 100% local (zero telemetry, AES-256-GCM at rest), MIT-licensed, has a prompt-injection guard on every LLM route, opt-in memory, and runs on npm, Docker, desktop or your phone via Termux.

For context on whether it's worth your time: it's grown to ~9.8K GitHub stars, 1,490+ forks and 280+ contributors in ~4.5 months, with 21,000+ automated tests and 1,830+ issues closed — so it's a battle-tested project, not a brand-new experiment.

npm install -g omniroute

GitHub: https://github.com/diegosouzapw/OmniRoute · Site: https://omniroute.online

Would value a critique of the routing/compression architecture from this crowd.

u/ZombieGold5145 — 2 days ago
▲ 18 r/MCPservers+9 crossposts

Mastyf.ai

🚀 From MCP Guardian to Mastyf.ai

​

What started as an open-source experiment in securing and governing AI agents through the Model Context Protocol (MCP) has evolved into something much bigger.

​

Today, I'm excited to share a glimpse of that journey.

​

The video below showcases MCP Guardian — the project that laid the foundation for what is now Mastyf.ai: a security-first platform for AI agent governance, runtime policy enforcement, observability, approval workflows, and enterprise trust.

​

As AI agents gain access to tools, data sources, APIs, and autonomous workflows, the challenge is no longer just building agents—it's governing them safely, transparently, and at scale.

​

That's the problem we're working on at Mastyf.ai.

​

🔹 Runtime governance for AI agents

🔹 Policy enforcement and approval workflows

🔹 Security controls for MCP ecosystems

🔹 Auditability, observability, and compliance readiness

🔹 Enterprise-grade AI control planes

​

We would love feedback from developers, security researchers, platform engineers, AI engineers, and enterprise architects.

​

Try it. Break it. Stress-test it. Tell us what we're missing.

​

​

Special thanks to everyone who contributed ideas, bug reports, feature requests, testing, and feedback along the way. Building secure AI infrastructure is a community effort, and we're just getting started.

​

If you're interested in AI security, agent governance, MCP, enterprise AI infrastructure, or would like to collaborate, comment below or reach out directly.

​

​

u/Puzzleheaded-Cow2725 — 2 days ago
▲ 1 r/MCPservers+1 crossposts

Fable is wild for real

Fable is truly wild. I have an SDK I have been working on for over 2 years now. That is 100% infrastructure. The code is everywhere. It started out as a succinct project at that time I used GPT for like code completion and to come up with solutions for errors. Then Claude code came out and the repo turned into an absolute monster of code everywhere. Yesterday I added all 7 working directories to a Claude code session and asked Fable “Given the stated objective in the BRD expose this as a product I can consume as an MCP, explore deeply and think through customer facing implications”.

I honestly didn’t think it would do much and I turned on Silo while it was cranking away. An hour or so later it gave me an mcp connection string to test and I put it in Claude desktop and it didn’t work.

I got distracted and was asking Claude about time management on the mobile APP and maybe being a little to personal and nonchalantly asked it to build me an app to help me solve my problem. Boom! It grabbed the configured MCP and built me a hyper personal product in 30 seconds. WILD!

https://5be2491be71b.casino.flowstack.fun

It then exposed the MCP for customers. Casino

The future of software is wild.

The SDK is open source. The MCP is free to try.

u/Brilliant_Edge215 — 1 day ago
▲ 3 r/MCPservers+4 crossposts

I built an MCP server for persistent project context and organization across tools | KeystoneMCP

I built KeystoneMCP, a local MCP server that gives AI clients persistent project context across sessions.

The idea came from building a Houdini MCP. Tool-specific MCPs can expose an application very effectively, but the model still lacks wider context such as:

  • What project and task it is working on
  • Which input version is current or approved
  • Where outputs should be saved
  • Which tasks and files depend on each other
  • What happened in previous sessions

KeystoneMCP handles that as a separate context layer. It stores projects, tasks, versions, dependencies, workflow rules and audit history as structured state. The AI consults Keystone before using another MCP, then records the result afterward.

Architecturally, it follows:

AI client + tool MCPs + project-context MCP

It does not aggregate or re-export other MCP tools. Its role is to give the model reliable state, exact paths, preflight checks and valid next actions so it does not have to infer everything from chat history.

It is currently focused on solo creative users, but I think the context-first pattern could apply beyond creative work.

Full disclosure: this is my project and will be a commercial product. I have left the product link out to keep this focused on the MCP architecture.

joebishopvfx.com
u/Express_Fox8952 — 3 days ago
▲ 19 r/MCPservers+12 crossposts

How do I get into YC winter 2027?

WHAT HUINT SOLVES
Artificial intelligence is advancing faster than anyone imagined. It can reason, create, analyze, and act on vast amounts of information. Yet every AI system shares the same blind spot: it cannot see the world beyond the screen.
The most important information often isn't in a database or on the internet. It's in the real world. It's the condition of a building, the state of a shipment, a crowded parking lot, a broken sign, an empty shelf, or a detail only a person standing there can see. Every day, billions of decisions are made using context that AI simply cannot access.
Huint exists to close that gap.
We're building the human intelligence layer for AI, a network that gives agents access to real-world context, observation, and judgment through people who are already there. What starts with simple tasks and verification becomes something much larger: a bridge between digital intelligence and physical reality.
We believe the future isn't AI or humans. It's AI and humans, working together. AI provides scale, speed, and reasoning. People provide awareness, context, and presence. Huint connects the two.
Our mission is simple: make the physical world accessible to artificial intelligence. Because the next breakthrough in AI won't come from thinking harder. It will come from understanding reality.

huint.io
u/JDavisxu — 6 days ago
▲ 10 r/MCPservers+1 crossposts

Hail.so - Send and receive emails, calls, SMS via a single MCP/API/CLI

Hello community,

Hail is an MCP server, CLI and API for email, SMS and phone calls. Inbound and outbound.

It packages Twilio, AWS SES (with or without custom domains), LiveKit, ElevenLabs, Cartesia, and LLM providers under a consistent API.

The implementation comes from about a year of production work building industrial AI voicebots, and tooling for all sorts of AI agents.

Check the README for the current stack and milestones for what's coming.

Open source, self-hostable backend: https://github.com/hail-hq/hail/

How did this project come about?

I spent over a year as CTO of an AI startup building a useful chatbot + voicebot for industrial companies, and the most useful features turned out to be:

> generating documents and sending them via emails

> calling staff members to collect specific information like "where did you leave the key to the building" or "what's the specific values to set for the oil refining machine"

> sending SMS reminders for staff to do XYZ

However it was pretty hard to get all 3 working well, and at a low cost: sending and receiving emails, phone calls, and sms.

It requires several days at best to connect Twilio SIP trunks to a server to handle them, then set up AWS SES to send emails, etc. and that is if you know what you're doing, and not starting from scratch.

Plus, each provider would give you a separate invoice you'd have to do bookkeeping for.

So I've put all the learnings to work in a single project, not only so that I don't loose the learning, but also because every company needs to give their AI agent or backend a way to communicate with the world via email, phone, or SMS.

A single API, MCP, and CLI.

Why not just set up my own Twilio + Resend + Postmark?

> separate integrations for email, voice and SMS. Takes very long to set up

> deploying telephony requires SIP infrastructure

> several dashboards, messy UI/UX

> several bills to keep track off in bookkeeping

> no native MCP server or CLI for AI agents

This project is not replacing existing providers (twilio, amazon ses, etc), but packages them into a single platform with sane defaults.

Where are we at?

Right now Hail has good support for outbound phone calls and emails, and the inbound emails is well underway for a final release using auto-forwarding and webhooks.

What is left is support for inbound phone calls, and SMS inbound/outbound.

What next?

You can host the project yourself or check out https://hail.so/

u/redouanea — 7 days ago
▲ 3 r/MCPservers+1 crossposts

I analyzed all 42,912 MCP servers in the public registries. Fewer than 7% are reachable by an agent.

I wanted to know how many MCP servers an agent could actually use over the network, so I analyzed every server in the public registries.

The funnel: 42,912 indexed, but only 2,840 (6.6%) advertise a remote HTTP endpoint. The other 93% are stdio/local servers meant to run on your own machine, plus dead and endpoint-less listings. I probed 98% of the reachable ones. 46% completed an anonymous MCP handshake, 27% were auth-gated, the rest errored or timed out.

I scored each reachable server on five dimensions and put it on a readiness ladder. More than half can't hold a clean session, and only 1.7% clear a basic agent-safety bar. The most useful finding: servers that exist mostly speak the protocol correctly, but score lowest on discoverability and safety. They can talk, but an agent often can't find them and has no signal they're safe to invoke.

Full data and methodology: waypoint.ing/blog/state-of-mcp

I also built a free scanner that runs the same checks on any server (no signup) if you want to see where yours lands: isyourmcpready.com

Curious what checks people here think are missing from the rubric.

TL;DR: Analyzed 42,912 MCP servers. <7% are reachable by an agent over the network, 1.7% are agent-safe. Most can speak the protocol but can't be found or trusted.

reddit.com
u/dseven4evr — 6 days ago
▲ 9 r/MCPservers+2 crossposts

AVE v1.1.0 — 51 behavioral classification records for MCP servers and agent skills, offline artifact for air-gapped environments

VE (Agentic Vulnerability Enumeration) is an open behavioral classification standard for agentic AI components. Each record describes what a dangerous skill file or MCP server does, scores it with OWASP AIVSS v0.8, and maps it to OWASP MCP Top 10 and MITRE ATLAS.

v1.1.0 shipped last week:

  • 51 records at schema v1.0.0, detection rules and fixtures for all of them
  • Three new records: HTTP Host Header Injection (BadHost), Parasitic Toolchain, OAuth Discovery Rebinding -- all confirmed gaps from a benchmark across MCPSecBench, FSF-MCP, and Hou et al. 2025
  • Offline artifact for air-gapped environments: all 51 records as a single JSON array at the v1.1.0 release

If you maintain a scanner that detects MCP security issues, the implementer guide covers how to add ave_id to your finding output -- three patterns including one that makes zero network calls for regulated environments.

Registry: https://ave.bawbel.io/registry.html
GitHub: https://github.com/bawbel/ave
Implementer guide: https://github.com/bawbel/ave/blob/main/docs/specs/ave-implementer-guide.md

u/SelectionBitter6821 — 7 days ago
▲ 7 r/MCPservers+1 crossposts

What are you guys using these days to manage multiple MCP servers in a production agentic setup?

Building a multi-agent system where agents need access to internal knowledge base, slack, github, our crm, and a few internal APIs wrapped as mcp servers.

In dev this was fine because there was just one server, one agent, everything local but now that we are moving towards production, I'm realizing the MCP management problem is even more real

  1. How do you handle service discovery? agents need to know what tools are available without hardcoding lists
  2. What do you use for auth? especially for servers that need to act on behalf of specific users like say, posting to Slack as a real user identity
  3. Do you have any tooling for observability over mcp calls? my agent sometimes makes 20+ tool calls per task and I have no insight into which ones are slow or failing

I've been looking at mcp gateways as the abstraction layer instead of wiring agents directly to mcp server, so far I've looked at docker mcp toolkit, obot, and truefoundry. They all seem to take slightly different approaches, and truefoundry looks like the one we'll likely move forward with since it seems to be most complete for our needs as it combines registry, rbac, oauth, and observability in one place.
how are you guys handling this? are you using a gateway? or just connecting agents directly to mcp servers?

reddit.com
u/Background-Job-862 — 7 days ago
▲ 6 r/MCPservers+1 crossposts

I built a local MCP memory layer so Claude Code can share context with other coding agents

I kept running into the same annoying workflow problem.

I use Claude Code for some work, Codex for review, sometimes Gemini/opencode for a second pass, and each agent needs the same repo decisions explained again.

So I built Pathmark: a tiny local MCP server that gives coding agents one shared memory layer.

It is intentionally boring:

  • - plain JSONL on disk
  • - no account
  • - no hosted database
  • - no API key
  • - local stdio MCP server
  • - works across different agent harnesses

By default it writes to:

\~/.pathmark/memory/memory.jsonl``

So you can inspect it, delete it, back it up, or migrate it without trusting another service.

Current tools:

  • - remember project facts and decisions
  • - create conclusions from a session
  • - search memory
  • - get project context
  • - ask memory a question

It works with Claude Code, Codex, opencode, Gemini CLI, Cursor, Claude Desktop, and other MCP clients.

Install:

npm install -g pathmark

claude mcp add pathmark -- pathmark

https://preview.redd.it/7qjfq18ttcah1.png?width=1672&format=png&auto=webp&s=addf6c7bb087b7400c8124d9f798e2675b9d09b9

reddit.com
u/Specialist-Whole-640 — 6 days ago
▲ 21 r/MCPservers+1 crossposts

Where do you draw the line with LiteLLM's MCP Gateway?

We've been experimenting with LiteLLM's MCP Gateway, and one thing I've been going back and forth on is how much responsibility should actually live there.

We started with the gateway as a pretty thin layer: transport normalization, authentication, and exposing MCP servers. But as the platform grew, it became tempting to move more logic into it. Routing decisions, tool filtering, policy enforcement, retries, provider-specific behavior, usage controls... it all feels convenient to centralize.

The problem is that after a while the gateway starts looking less like infrastructure and more like the orchestration layer itself. At that point it's no longer obvious where the boundary should be.

For teams running LiteLLM's MCP Gateway in production, where did you end up drawing that line? Does the gateway only expose and secure MCP servers while your orchestrator owns all execution decisions, or has the gateway gradually become the place where routing and policy live?

Looking back, was keeping the gateway "dumb" the better long-term decision, or did consolidating more logic there make operating the system easier?

reddit.com
u/jeann1977 — 8 days ago
▲ 6 r/MCPservers+3 crossposts

I made an npm package for adding guardrails to MCP tools

I’ve been working with MCP servers lately, and one thing I wanted was a clean way to put policies around tool handlers before exposing them to agents.

So I built ToolGate, a TypeScript npm package for MCP server authors.

It lets you wrap existing tools with policies like:

  • risk level: read / write / external / destructive
  • approval required
  • allowed / denied file paths
  • allowed / denied network domains
  • allowed / denied command strings
  • timeout
  • rate limit
  • secret redaction
  • JSONL audit logs
  • structured policy failure results

Example:

server.tool(
  "delete_file",
  schema,
  gate({
    risk: "destructive",
    requireApproval: true,
    allowedPaths: ["src/**", "docs/**"],
    deniedPaths: [".env", "secrets/**"],
    audit: true,
    redact: true,
    timeoutMs: 10_000
  }, async (input) =&gt; {
    // actual tool logic
  })
);

The goal is not to replace the MCP SDK. ToolGate is a policy layer for MCP tool handlers.

I’d like feedback from people building MCP servers:

  • Would this fit your current tool structure?
  • Would you prefer middleware, proxy/gateway, or both?
  • What policy types would you expect?

Repo: https://github.com/Wezylnia/toolgate
npm: toolgate-mcp

u/weesIinia — 6 days ago
▲ 7 r/MCPservers+3 crossposts

MCP Boundary v0.1.3 - boundary checks for MCP tool calls with real side effects (last build was broken, now fixed. Agent loop stopped in the shown example)

Follow-up to my post from two weeks ago. People downloaded it, but that build (v0.1.0) was broken - it likely wouldn't even start, and we didn't catch it at the time. It's fixed now (v0.1.3). Reposting for anyone who tried that version and wrote it off - it actually runs now.

>The problem we are trying to solve is: tool access is not the same as impact permission. A model or agent may be allowed to call a tool, but that does not always mean this specific write, delete, update, or retry should happen now.

A few things you can do with it:

  • restrict arguments, not whole tools (for example, allow sending only to approved recipient domains)
  • bind writes to observed state, so a write does not run if the world changed since the read
  • see every call, decision, reason, and outcome in a local dashboard

MCP Boundary checks each call against your policy and the current state before it hits the real system. It then allows it, blocks it, or asks the agent to refresh state - and when it blocks, the agent gets a structured reason it can act on, not just an error.

It runs locally, and wraps your existing command-based (stdio) MCP servers within 2 minutes.

It is not an enterprise gateway, a DLP system, or a prompt-injection detector, and it only covers calls routed through it.

I'm looking for feedback from people running MCP workflows with side effects - especially where the policy model is too strict or too loose for your setup.

Site: https://mcpboundary.com

Repo: https://github.com/impact-boundary-labs/MCPBoundary

u/madiamo — 7 days ago

MCP state today

Hey everyone, I am a software engineer and recently thinking of giving the MCP domain a thought.

Based on your experience so far, how do you feel about it?

What are its capacity and what are its limits and more importantly do you think it's going in the right direction or just moving in the direction of becoming a slop too big and too ambiguous that tries to do everything and get nothing right.

reddit.com
u/out_of_nowhere__ — 7 days ago
▲ 2 r/MCPservers+1 crossposts

We collect feedback for user-facing agents via MCP but not everybody wants to build their own agent. Would the same pattern help MCP server authors?

We've been building an MCP server where agents report user feedback by calling a tool during conversations: friction, bugs, missing features. That works when you own the agent but many teams would rather just ship an MCP.

Still, an agent sits between the user and your MCP and it can detect when something's off (a missing tool, an unmet expectation) and understand what went wrong. We're wondering if it would be useful for MCP authors to add a feedback tool on their server to collect feedback. The payload could be forwarded to us so we can aggregate and analyse it at scale.

- Do you collect feedback from people using your MCP today?
- Would you be ok to add a feedback tool to your MCP?
- Would you send user feedback to a third party for that, or would you rather keep it and analyse it yourself?

reddit.com
u/rizomr — 9 days ago