Levo.ai launches Unified AI Security Platform Read more

September 9, 2025

MCP Server : Missing piece to become fullstack developer

Photo of the author of the blog post
Buchi Reddy B

CEO & Founder at LEVO

Photo of the author of the blog post
Levo AI Security Research Panel

Research Team

MCP Server : Missing piece to become fullstack developer

TL;DR

Full-stack isn’t just frontend + backend anymore, it’s frontend + backend + agentic actions. An MCP server lets you expose your tools (flags, CRM ops, data exports, deploy hooks) as discoverable, schema-checked actions that IDE copilots and agents can call safely. Mastering MCP turns you from “app builder” into “automation platform” without waiting on platform teams or risky glue code.

Why this matters (for you)

  • Ship more with less glue: Wrap a tool once (e.g., flag.set, orders.export) and reuse it across apps, IDEs, and agents.
  • Safe by default: Inline guardrails (allow/deny/redact), scoped identities, and idempotency move you past “please don’t” code review comments.
  • Career leverage: Hiring panels now look for engineers who can move from “prompt → plan → action” with auditable traces and budgets.

The full-stack skill map (MCP edition)

  1. Tool design - define inputs/outputs with strict schemas and examples.
  2. Resource exposure - make data discoverable as read-only URIs.
  3. Inline policy - allow/deny/redact and region route in the path.
  4. Identity - short-TTL non-human tokens, purpose scopes, JIT elevation.
  5. Reliability - retries/backoff, circuit breakers, idempotency keys.
  6. Observability - spans with actor.id, tool.name, policy.decision.
  7. Cost controls - per-principal/tenant limits, budgets, stop rules.
  8. Security basics - SSRF-safe fetch, schema allow-lists, no mass assignment.
  9. DX - portable host configs (Claude Desktop, Continue, Cursor, Cline).

Architecture at a glance

MCP Server: The Architecture

Quickstart: scaffold a minimal, safe MCP server

Option A - TypeScript/Node (recommended for full-stack folks)

BASH
npm init -y
npm i @modelcontextprotocol/sdk zod
TS
// src/server.ts
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { z } from "zod";

const mcp = new McpServer({ name: "team-tools", version: "1.0.0" });
const strict = (s: T) => s.strict();

/* READ: orders.export (masked by default) */
const ExportSchema = strict(z.object({
  from: z.string().regex(/^\d{4}-\d{2}-\d{2}$/),
  to:   z.string().regex(/^\d{4}-\d{2}-\d{2}$/),
  mask: z.array(z.enum(["email","phone"])).optional().default(["email"])
}));
mcp.registerTool("orders.export",
  { title: "Export orders", description: "Date range export with masking", inputSchema: ExportSchema },
  async ({ from, to, mask }) => {
    // TODO: call your API
    const rows = [
      { orderId: "1001", email: "a@ex.com", phone: "555-123", total: 30.5 },
      { orderId: "1002", email: "b@ex.com", phone: "555-987", total: 18.0 }
    ];
    const masked = rows.map(r => ({
      ...r,
      email: mask?.includes("email") ? "***@***" : r.email,
      phone: mask?.includes("phone") ? "***-***" : r.phone
    }));
    return { content: [{ type: "json", json: { range: { from, to }, count: masked.length, rows: masked } }] };
  }
);

/* WRITE: flag.set (prod >10% requires change ticket) + idempotency */
const FlagSchema = strict(z.object({
  name: z.string().min(1),
  env: z.enum(["dev","staging","prod"]),
  rolloutPct: z.number().min(0).max(100),
  ticket: z.string().optional(),
  idemKey: z.string().uuid().optional()
}));
const seenIdem = new Set();
mcp.registerTool("flag.set",
  { title: "Set feature flag", description: "Set rollout % with safe defaults", inputSchema: FlagSchema },
  async ({ name, env, rolloutPct, ticket, idemKey }) => {
    if (env === "prod" && rolloutPct > 10 && !ticket)
      return { content: [{ type: "text", text: "DENY: prod change >10% requires ticket" }] };
    if (idemKey) {
      if (seenIdem.has(idemKey))
        return { content: [{ type: "text", text: `OK (idempotent): ${name}@${rolloutPct}%` }] };
      seenIdem.add(idemKey);
    }
    // TODO: call flag service (with retries/backoff)
    return { content: [{ type: "text", text: `Flag ${name} set to ${rolloutPct}% in ${env}` }] };
  }
);

await mcp.connect(new StdioServerTransport());
console.log("MCP server ready");

Run it:

BASH
node --loader ts-node/esm src/server.ts

Option B - Python (compact & friendly)

BASH
pip install mcp pydantic
PYTHON
# server.py
from mcp.server import Server
from mcp.server.stdio import stdio_server
from typing import List, Optional
srv = Server("team-tools", "1.0.0")
_seen=set()

@srv.tool()
def orders_export(from_: str, to: str, mask: Optional[List[str]]=None):
    rows=[{"orderId":"1001","email":"a@ex.com","phone":"555-123","total":30.5},
          {"orderId":"1002","email":"b@ex.com","phone":"555-987","total":18.0}]
    mask=mask or ["email"]
    for r in rows:
        if "email" in mask: r["email"]="***@***"
        if "phone" in mask: r["phone"]="***-***"
    return {"range":{"from":from_,"to":to}, "count":len(rows), "rows":rows}

@srv.tool()
def flag_set(name: str, env: str, rolloutPct: float, ticket: Optional[str]=None, idemKey: Optional[str]=None):
    if env=="prod" and rolloutPct>10 and not ticket:
        return "DENY: prod change >10% requires ticket"
    if idemKey:
        if idemKey in _seen: return f"OK (idempotent): {name}@{rolloutPct}%"
        _seen.add(idemKey)
    return f"Flag {name} set to {rolloutPct}% in {env}"

if __name__ == "__main__":
    stdio_server(srv)

Wire it into your dev environment (hosts)

Claude Desktop (example)

JSON
{
  "mcpServers": {
    "team-tools-node": { "command": "node", "args": ["--loader","ts-node/esm","/ABS/PATH/src/server.ts"] },
    "team-tools-py":   { "command": "python", "args": ["/ABS/PATH/server.py"] }
  }
}

Continue (VS Code / JetBrains)

YAML
# .continue/mcpServers/team-tools.yaml
name: Team Tools
version: 0.0.1
schema: v1
mcpServers:
  - name: team-tools-node
    command: node
    args: ["--loader","ts-node/esm","/ABS/PATH/src/server.ts"]

Cursor (global)

JSON
// ~/.cursor/mcp.json
{
  "servers": [
    { "name": "team-tools-node", "command": "node", "args": ["--loader","ts-node/esm","/ABS/PATH/src/server.ts"] }
  ]
}

Try these prompts

  • “Export orders from 2025-08-25 to 2025-08-31 with emails masked.”
  • “Set flag checkout_v2 to 50% in prod.” → DENY (needs ticket)
  • “Set flag checkout_v2 to 10% in staging with idem key UUID.” → OK

Make it production-credible in one sprint

  • Schemas everywhere: reject unknown fields, enums and numeric bounds.
  • SSRF-safe fetch: URL allow-list; block private/link-local ranges.
  • Idempotency: require idemKey on writes; dedupe on service side.
  • Inline policy: allow/deny/redact, region routing, vendor allow-lists.
  • Spans: add actor.id, tool.name, policy.decision, pii.count, tenant.id.
  • Limits: per-principal/tenant RPM/RPS, concurrency caps, daily budgets.
  • Tests: golden flows + adversarial (mass assignment, SSRF, prod-without-ticket).
  • Kill switches: read-only mode, tool quarantine, egress blocklist.

Portfolio projects that scream “full-stack++”

  • DevOps Copilot - restart a service, set a flag, tail logs (with secret redaction).
  • Data Concierge - scheduled exports with masking routed to approved buckets.
  • CRM Helper - tag cohorts, launch a win-back, update consent (with JIT elevation).
  • Content Pipeline - safe fetch → summarize → publish with provenance and size caps.
  • DSR Automation - data-subject exports/redactions with region routing and evidence logs.

Resume bullets you can honestly claim

  • “Built an MCP server exposing 6 tools; 95% of actions carry OTEL spans with policy decisions.”
  • “Implemented idempotent write tools and per-tenant budgets; zero duplicate writes during incident.”
  • “Shipped inline redaction & region routing; blocked 3 risky prod changes via policy.”
  • “Added adversarial CI for SSRF & mass assignment; caught a bug pre-release.”

Common pitfalls (and fast fixes)

  • Host can’t see your tools → wrong path/stdio, restart host; check logs.
  • Double writes → missing idempotency key; add retries with backoff + dedupe.
  • Everything blocked → run policy in “shadow” first; log decisions.
  • Cost spikes → set budgets per tool/agent; stop rules for loops; add alerts.
  • No debuggability → you forgot spans; add traceId to error envelopes.

Cheat sheet (paste into your repo)

  • Span names: agent.plan, mcp.tool.invoke, service.api.call, policy.evaluate, dlp.redact
  • Attrs: actor.id, actor.type, tool.name, scope.grants, policy.decision, pii.count, idem.key, tenant.id
  • Deny list (SSRF): link-local, private ranges, metadata endpoints
  • Write safety: idemKey + circuit breaker + rate limit + approval for bulk
  • Policy pack: redact defaults, region routing, vendor allow-list, prod-ticket rule

How Levo can help

Levo gives you rails you don’t want to re-build: mesh-level visibility stitched by identity, inline policy and redaction, signed evidence exports, exploit-aware CI tests, and budget guards—so you focus on product logic while MCP actions stay safe and observable.Explore: https://www.levo.ai/use-case/mcp-server

FAQs

Does MCP replace my API gateway?
No gateway = edge; MCP = inside the runtime where agents plan/act.

Will this work with my IDE copilot?
Yes. Register your server with hosts like Claude Desktop, Continue, Cursor, Cline (host-specific JSON/YAML).

How do I keep costs sane?
Set budgets per agent/tool/tenant, add concurrency caps, and stop rules for deep plans and retries.

What’s the fastest “secure enough” setup?
Schemas + idempotency + SSRF-safe fetch + prod-ticket policy + spans. You can add fancy later.

ON THIS PAGE

We didn’t join the API Security Bandwagon. We pioneered it!