under construction AI
Applications and Agent
The circle of model context protocols (Model Context Protocol
, MCP
) is becoming a hot topic. Much of the discussion centers around installing and running on a local computer the MCP
Server Unfolding. Recently.Cloudflare
announced support for building and deploying on its platformremotely MCP
server, which marks the MCP
An important turning point in the application.
Cloudflare
To simplify remote MCP
The server is built to introduce four key capabilities:
workers-oauth-provider
: aOAuth
Provider library, which greatly simplifies the authorization process necessary for remote services.McpAgent
: integrated inCloudflare Agents SDK
A class in theMCP
The teleportation details of themcp-remote
: an adapter utility that lets local connection-only supportedMCP
The client can also communicate with the remoteMCP
Server Interaction.AI playground
from a distanceMCP
client (computing): an online chat interface to directly connect and test remoteMCP
server with built-in authentication checks.
Developers can use the Cloudflare
The sample code and deploy button provided, in no time at all, puts a MCP
The server is deployed to the production environment.
https://deploy.workers.cloudflare.com/?url=https://github.com/cloudflare/ai/tree/main/demos/remote-mcp-server
In contrast to the previously prevalent use of local MCP
servers are different, the remote MCP
The server is publicly accessible. Users simply log in and grant permissions through a familiar authorization process, theMCP
Clients (e.g. AI Agent
) will be able to access the required tools. This is considered a huge step forward. Over the past few months, it has been a challenge to bring coding Agent
Connect to local MCP
servers have given developers an initial taste of their potential, and remote MCP
In turn, it is expected to extend a similar working model to a wider group of users, including more everyday consumer-grade application scenarios. This is not just a difference in technical implementation, but could herald AI Agent
A fundamental shift in the application paradigm.
From Local to Remote: A Critical Step for MCP to Reach the Masses
MCP
is rapidly becoming a generalized protocol that allows large language models (LLM
The ability to go beyond simple reasoning (inference
) and retrieval enhancement generation (RAG
) that can perform operations that require access to external resources (e.g., sending emails, deploying code, posting blogs, etc.). It makes it possible to AI Agent
(MCP
Client) can be accessed through an external service (MCP
server) to interact with the tools and resources provided by the server.
However, to date, theMCP
applications are mostly limited to running locally. If you want the AI Agent
pass (a bill or inspection etc) MCP
To access a tool on the web, developers usually need to set up a local server on their own machine. This means that it is not possible to use a web interface or mobile application from the MCP
, also lacks mechanisms to allow ordinary users to authenticate and authorize themselves.MCP
The server is not really "online".
off-site MCP
Connected support changes this. It creates opportunities to reach a wider range of Internet users who are less likely to go to a local installation and run desktop apps just to use the MCP
Server. Remote MCP
support, as if moving from desktop software to Web
Transition of software. Users expect to work continuously across devices and have everything work when they log in. Local MCP
It's convenient for developers, but it's the remote connection that makes the MCP
The critical missing link for services to reach all Internet users. Of course, remote connections also need to take into account the possible impact of network latency, which is different from local stdio
Communication is different.
Making authentication and authorization work "out of the box" in MCP
commander-in-chief (military) MCP
Pushing from local to remote is more than just changing the transport layer (from the stdio
to flowable HTTP
). When building a remote that requires access to user account information MCP
server, the authentication (authentication
) and authorizations (e.g.authorization
) became critical. There needs to be a way for users to log in and prove their identity, and there needs to be a way for users to control AI Agent
What can be accessed when using the service.
MCP
The specification uses the OAuth 2.0
to solve this problem.OAuth
is a standard protocol that allows users to authorize applications to access their information or services without sharing passwords. In the MCP
Scenario.MCP
The server itself plays OAuth Provider
The role of the However, complete self-realization conforms to the MCP
formal OAuth
The process is quite complex and error prone.Cloudflare
The programs offered are designed to address this pain point.
workers-oauth-provider
: Customized OAuth 2.1 Provider Library for Cloudflare Workers
When the developer is in the Cloudflare
deploy on top of MCP
server when its Worker
It is possible to utilize workers-oauth-provider
This new TypeScript
The library to act as a OAuth Provider
. The library encapsulates the Worker
code for the API
Endpoints (including but not limited to) MCP
server endpoints) adds an authorization layer.
MCP
The server receives the authenticated user's information directly as a parameter and does not need to perform token validation or management on its own. At the same time, the developer still has full control over how the user is authenticated: from the login screen (UI
) to what identity provider to choose (e.g. Google
, GitHub
(or build your own system).
complete MCP OAuth
The process is as follows:
In this process, theMCP
The server is both an upstream service (e.g. GitHub
, Google
(used for emphasis) OAuth
Clients, in turn, are oriented to MCP
Clients (e.g. AI Agent
(used for emphasis) OAuth
Server (Provider
). Developers can use any upstream authentication process, and the workers-oauth-provider
assure MCP
Server Compliance MCP
Specification of authorization requirements to work with a variety of client applications and websites. This includes support for dynamic client registration (RFC 7591
) and authorization server metadata (RFC 8414
). Using this library significantly reduces development complexity and improves security and compliance compared to self-implementation.
Simple, pluggable OAuth interface
utilization Cloudflare Workers
construct (sth abstract) MCP
When the server is used, the developer only needs to provide the OAuth Provider
Examples of related paths (authorizations, tokens, client registration endpoints), as well as the MCP
Processor for server and authentication logic (handler
):
import OAuthProvider from "@cloudflare/workers-oauth-provider";
import MyMCPServer from "./my-mcp-server";
import MyAuthHandler from "./auth-handler";
export default new OAuthProvider({
apiRoute: "/sse", // MCP 客户端连接服务器的路由
apiHandler: MyMCPServer.mount('/sse'), // MCP 服务器实现
defaultHandler: MyAuthHandler, // 认证实现
authorizeEndpoint: "/authorize",
tokenEndpoint: "/token",
clientRegistrationEndpoint: "/register",
});
This abstraction makes it easy to insert custom authentication logic. For example, a program that uses the GitHub
as an identity provider MCP
servers, which can be used by implementing the /callback
cap (a poem) /authorize
routing and integration in less than 100 lines of code.
Why do MCP servers issue their own Token?
In the authorization diagram above and MCP
The authorization portion of the specification, notably MCP
The server will send a message to the MCP
The client issues its own Token
instead of directly passing the upstream service from which the Token
The
Specifically.Worker
The access token obtained from upstream (access token
) Encrypted storage (e.g., using Workers KV
), and then generate and issue a new, stand-alone Token
for the benefit of MCP
Client.workers-oauth-provider
The library handles this process automatically, and the developer's code does not need to directly touch the upstream token in plaintext or manage the storage itself, thus avoiding potential security risks.
// 调用 completeAuthorization 时传入的 accessToken 会被加密存储,绝不会暴露给 MCP 客户端
// 一个新的、独立的 token 会在 /token 端点生成并提供给客户端
const { redirectTo } = await c.env.OAUTH_PROVIDER.completeAuthorization({
request: oauthReqInfo,
userId: login,
metadata: { label: name },
scope: oauthReqInfo.scope,
props: {
accessToken, // 加密存储,不发送给 MCP 客户端
},
})
return Response.redirect(redirectTo)
On the surface, this indirect approach seems more complex. Why is it so designed?
By issuing its own Token
(math.) genusMCP
Servers can enforce finer-grained access control than upstream providers. Even when issued to MCP
client-side Token
compromised, and the attacker gains access to just that MCP
Limited privileges explicitly granted by the server (via its provided tools
), rather than full access to the upstream service.
For example, suppose a MCP
Server requests user authorization to read Gmail
Mail permissions (using gmail.readonly scope
). However, the server exposes the tool
The functionality is narrower, allowing only the reading of a specific sender's travel booking notification to answer questions such as "What time is my hotel checkout tomorrow?" and so on. Developers can add the MCP
This constraint is enforced in the server. If issued to the MCP
client-side Token
Stolen, as the Token
Corresponds to MCP
server instead of the original upstream provider (Google
), the attacker can't use it to read arbitrary emails, but can only call the MCP
specific tools provided by the server.OWASP
To replace the term "over-agent" (Excessive Agency
) is listed as a constructed AI
One of the main risks of applying By issuing its own Token
and enforcing restraints.MCP
The server can restrict access to the tool to provide only the functionality required by the client, following the principle of least privilege.
Another example, based on the aforementioned GitHub
authentication, you can force only certain users to access a tool. In the following example, only whitelisted users (geelen
) in order to see and call the generateImage
tool, which uses the Workers AI
Follow the prompts to generate an image:
import { McpAgent } from "agents/mcp";
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { z } from "zod";
const USER_ALLOWLIST = new Set(["geelen"]); // 使用 Set 提高查找效率
export class MyMCP extends McpAgent<Props, Env> {
server = new McpServer({
name: "Github OAuth Proxy Demo",
version: "1.0.0",
});
async init() {
// 根据用户身份动态添加工具
if (USER_ALLOWLIST.has(this.props.login)) {
this.server.tool(
'generateImage',
'使用 flux-1-schnell 模型生成图像。',
{
prompt: z.string().describe('你想要生成的图像的文本描述。')
},
async ({ prompt }) => {
const response = await this.env.AI.run('@cf/black-forest-labs/flux-1-schnell', {
prompt,
steps: 8
});
// 检查 response.image 是否存在
if (!response.image) {
throw new Error("图像生成失败,未返回图像数据。");
}
return {
content: [{ type: 'image', data: response.image, mimeType: 'image/jpeg' }],
}
}
)
}
}
}
Introduction of McpAgent: Compatible with current and future teleportation
commander-in-chief (military) MCP
The next step in bringing out the local machine is to open up the remote transport layer. The locally running MCP
Servers are usually configured with standard inputs and outputs (stdio
) to communicate, but let the MCP
servers can be invoked over the Internet, it is necessary to implement a teleportation protocol, which is currently in the draft specification based on the HTTP
(used form a nominal expression) Server-Sent Events (SSE)
The
Cloudflare
in its Agents SDK
void void McpAgent
class handles the complexity of remote transfers. It does this in the background using the Durable Objects
to maintain a persistent connection, making the MCP
The client can pass the SSE
toward MCP
The server sends the message. The developer does not need to write the underlying code that handles transmission or serialization. A minimalist MCP
The server can be implemented with just a dozen lines of code:
import { McpAgent } from "agents/mcp";
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { z } from "zod";
export class MyMCP extends McpAgent {
server = new McpServer({
name: "Demo",
version: "1.0.0",
});
async init() {
this.server.tool("add", "计算两个数字的和", { a: z.number(), b: z.number() }, async ({ a, b }) => ({
content: [{ type: "text", text: String(a + b) }],
}));
}
}
It is worth noting that after community discussionsMCP
The teleportation in the specification is being revised with plans to use streamable HTTP
(Streamable HTTP
) replaces the current HTTP+SSE
Program. This will allow for the integration with the MCP
The server establishes stateless, pure HTTP
connection and optionally upgrade to SSE
The client can send messages to different endpoints, while eliminating the complexity of having to send messages to different endpoints.Cloudflare
indicate McpAgent
Classes will evolve with specification updates to support new Streamable HTTP
standards, ensuring that developers don't have to rewrite code to adapt to changes in transmission methods.
This consideration of future transmission protocol evolution is equally important. Currently, the vast majority of MCP
Server Main Exposure tools
They are essentially simple remote procedure calls (RPC
), which can be provided by stateless transmission. But the more complex "man-in-the-loop" (human-in-the-loop
) and Agent
Interaction scenarios that will require prompts
cap (a poem) sampling
et al. (and other authors) MCP
Conceptual support. These scenarios requiring bidirectional, real-time communication are difficult to realize efficiently without a bidirectional transport layer. By then, theCloudflare
Platform,Agents SDK
cap (a poem) Durable Objects
All natively supported WebSockets
The ability to provide full-duplex, bi-directional, real-time communication capabilities provides the opportunity for future, more advanced MCP
The application lays the foundation.
Stateful MCP server with Agent features
exist Cloudflare
superstructure MCP
When the server, each MCP
Client sessions are all controlled by a Durable Object
Support (via Agents SDK
). This means that each session can manage and persist its own state, and can even have its own SQL
Database.
This sets the stage for building stateful MCP
The server opens the door.MCP
Servers are no longer just a place for client applications and external API
stateless transition layers between them, which can themselves be stateful applications - such as games, checkout processes with shopping carts, persistent knowledge graphs, and so on. In the Cloudflare
Up.MCP
The potential of servers goes far beyond serving as REST API
of the front end.
A simple counter example is used to understand the basic principles of its operation:
import { McpAgent } from "agents/mcp";
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { z } from "zod";
type State = { counter: number }
export class MyMCP extends McpAgent<Env, State, {}> {
server = new McpServer({
name: "Demo",
version: "1.0.0",
});
// 定义初始状态
initialState: State = {
counter: 1,
}
async init() {
// 定义一个资源,用于读取计数器当前值
this.server.resource(`counter`, `mcp://resource/counter`, (uri) => {
return {
contents: [{ uri: uri.href, text: String(this.state.counter) }],
}
})
// 定义一个工具,用于增加计数器的值
this.server.tool('add', '增加存储在 MCP 服务器中的计数器的值', { a: z.number() }, async ({ a }) => {
// 更新状态
this.setState({ ...this.state, counter: this.state.counter + a });
return {
content: [{ type: 'text', text: `增加了 ${a}, 当前总数是 ${this.state.counter}` }],
}
})
}
// 状态更新时的回调(可选)
onStateUpdate(state: State) {
console.log({ stateUpdate: state });
}
}
For a given session, the above MCP
The server will take a number of tool
Remember the state of the counter between calls.
exist MCP
Inside the server, developers can utilize the Cloudflare
Complete developer platform capabilities, such as enabling MCP
The server launches the browser for web browsing, triggering Workflow
Call AI
models, etc. This presupposes that the MCP
The ecosystem will evolve to more advanced and intelligent use cases.
Connecting an Existing MCP Client to a Remote Server
Cloudflare
Early support for remote MCP
Even in the mainstream MCP
Client applications generally support remote, authenticated MCP
Before. This provides developers with the opportunity to be one step ahead.
But this also poses a real challenge: if there is not yet support for remote MCP
clients, how developers can test and get users to use the remotes they've built MCP
Servers?
Cloudflare
Two new tools are provided to respond:
Workers AI Playground
update: This online chat interface is now a fully functional remoteMCP
Client that supports connecting to any remoteMCP
server with a built-in authentication process. The developer simply enters the remote server'sURL
(e.g.https://remote-server.example.com/sse
) and click connect to test it immediately without any local software installation.After clicking Connect, the user will go through the authentication process (if set up), after which they will be able to chat directly with the
MCP
Server tool interactions.mcp-remote
adapter (device): For those who already supportMCP
Clients that have not yet handled remote connections and authentication (such as theClaude Desktop
maybeCursor
), you can use themcp-remote
. It's anpm
package that acts as a bridge between local clients and remote servers. It allows developers and users to preview the interface with the remote server in their familiar tools.MCP
server interaction experience without waiting for the client itself to update its support.Cloudflare
Provides information on how to incorporatemcp-remote
together withClaude Desktop
,Cursor
,Windsurf
epidemicMCP
Guidelines for using the client in conjunction with the client. For exampleClaude Desktop
in the configuration file, simply add a configuration similar to the following:{ "mcpServers": { "remote-example": { "command": "npx", "args": [ "mcp-remote", "https://remote-server.example.com/sse" // 替换为你的远程服务器 URL ] } } }
Remote MCP's are coming of age
Remote Model Context Protocol (Remote MCP
) is undoubtedly AI Agent
field is an important development direction. When client applications widely support remote MCP
server when its user base will expand from developers to a much wider group of people - who may never even have heard of the MCP
The term.
For service providers, building remote MCP
A server is a server that integrates its own services to the millions of users using the AI
The critical path in assistants and tools. Many large Internet companies are reported to have been actively building MCP
servers, and at the same time, it makes you look forward to those who are known for their Agent-first
,MCP-native
way to the birth of an emerging business.
on the basis of Cloudflare
provides tools and platforms that developers can use now to start building future-proof remote MCP
Applications. This is not only an upgrade of the tech stack, it is an upgrade of the AI Agent
An important exploration of how to integrate Internet services. As the ecosystem matures, remote MCP
promises to spawn smarter and more personalized user experiences. Developers can check out the Cloudflare Developer Documentation Get more information and start practicing.