Skip to content
Casys Docs

Introduction

The “Hono for MCP” — a production-grade framework for building MCP servers with composable middleware, OAuth2 auth, dual transport, and everything you need to go from prototype to production.

Built on the official @modelcontextprotocol/sdk. Published on JSR.

MCP Server Architecture

The problem

Section titled “The problem”

Building an MCP server with the official SDK takes 5 minutes. Shipping one to production takes weeks.

You need auth. Rate limiting. Input validation. Backpressure when 50 clients hit your server at once. Configuration that ops can change without rebuilding. Session management for HTTP transport. And every new concern means another layer of hand-rolled plumbing wrapping your actual tool logic.

You didn’t sign up to build infrastructure. You signed up to build tools.

The fix

Section titled “The fix”

@casys/mcp-server gives you a batteries-included framework where all of this is handled out of the box — with a composable middleware pipeline inspired by Hono and Koa.

// This is a production-ready MCP server. Really.
const server = new ConcurrentMCPServer({
  name: "my-api",
  version: "1.0.0",
  maxConcurrent: 10,
  backpressureStrategy: "queue",
  validateSchema: true,
  rateLimit: { maxRequests: 100, windowMs: 60_000 },
  auth: {
    provider: createGoogleAuthProvider({
      audience: "https://my-mcp.example.com",
      resource: "https://my-mcp.example.com",
    }),
  },
});


server.use(logging).use(metrics); // Your custom middleware
server.registerTool(myTool, myHandler);
await server.startHttp({ port: 3000 });

What’s included

Section titled “What’s included”

Dual Transport

STDIO for local tools, Streamable HTTP (SSE + sessions) for remote APIs. Same server code, both transports — just swap start() for startHttp().

Middleware Pipeline

Composable onion model like Hono/Koa. Drop in auth, logging, caching, rate limiting — or write your own in 5 lines.

OAuth2 Auth

JWT/Bearer validation with JWKS key rotation and RFC 9728 metadata. One-liner presets for Google, Auth0, GitHub Actions, and generic OIDC.

YAML + Env Config

File-based config with env var overrides. Ship compiled binaries — users configure auth without touching code.

Concurrency Control

Built-in RequestQueue with 3 backpressure strategies (sleep, queue, reject). No more overwhelmed servers.

Schema Validation

JSON Schema validation (ajv) compiled at registration time. Bad input is rejected before your handler ever runs.

MCP Apps

Serve interactive HTML UIs alongside your tools using the ui:// scheme (SEP-1865). Dashboards, forms, viewers — right in the client.

Sampling Bridge

Bidirectional LLM delegation (SEP-1577). Your server can call LLMs back through the client connection.

Get started

Section titled “Get started”
Installation One command. Deno or npm.
Quick Start From zero to running server in under a minute.
Middleware Guide The pipeline model that makes everything composable.
Auth Guide Secure your server with one-liner OAuth2 presets.