Production Readiness Checklist
Ship a reliable, secure MCP server that others can depend on
Security
Input validation (Zod + manual checks)
Secrets in env variables only
Principle of least privilege
Never expose internals in errors
Reliability
Structured error handling (McpError vs isError)
Rate limiting on all tools
Graceful shutdown handling
Timeout on external calls
Observability
Structured logging to stderr
Tool invocation metrics
Response time tracking
Error rate monitoring
Distribution
npm package with bin field
Shebang in entry file
Published to mcp.run / smithery.ai
README with usage examples
Building a working server is step one. Shipping a reliable, secure server that others can depend on is the real challenge. This module covers the gap between "works on my machine" and "production-ready."
Production Readiness Checklist
Four categories to audit before shipping an MCP server
Security
Input validation on all tool parameters
Least-privilege database access
Auth token rotation schedule
Reliability
Error handling with typed error codes
Graceful shutdown on SIGTERM
Retry logic for transient failures
Observability
Structured logging (JSON format)
Tool call latency tracking
Error rate monitoring and alerting
Distribution
npm package with bin entry
Docker image for remote deployment
README with connection instructions