Building an MCP Server with the TypeScript SDK: Full Walkthrough

The MCP TypeScript SDK 1.0 makes server development straightforward and type-safe. A walkthrough from scaffold to a deployed Cloud Run service ready for production traffic.

This walkthrough is for engineers who already know what they want to build and are here for the concrete steps, not the marketing copy. We will move through the architecture, the code, and the operational lessons in roughly that order. Teams in Toronto are already shipping production deployments built on this stack, and the lessons are starting to filter into the wider community.

If your team is already using MCP, TypeScript, SDK, the patterns below should map cleanly onto your stack. If you are still evaluating, the comparison sections will give you the trade-off math without forcing you to wade through marketing pages.

The Architecture in One Page

Building an MCP Server with the TypeScript SDK matters in 2026 not because of any single feature but because of where it sits in the agent stack. Production teams shipping MCP agents need three things: predictable behavior, ops-friendly observability, and a clear migration path when the underlying tools change. The April 2026 update lands meaningful improvements on all three.

The ecosystem context matters too. With MCP and TypeScript as the current center of gravity, decisions made now will compound over the next 12 to 18 months. The teams that get this right will spend less time on infrastructure and more time on product. The teams that pick wrong will spend a quarter on a migration they did not budget for.

One detail that often gets buried: the official documentation describes the happy path, but production deployments live in the unhappy path. Patterns for handling partial failures, network blips, and tool timeouts deserve as much attention as the architecture diagram.

The Code Walkthrough

Underneath the marketing surface, the architecture has three moving parts that matter: the runtime, the state model, and the observability surface. Each one has a "default" path and an "advanced" path, and the difference between them often determines whether a team gets to production in six weeks or six months.

The runtime decides how fast your agent can react and how cleanly it scales. The state model decides whether your agent can recover from a crash, branch a conversation, or hand work between specialists without dropping context. The observability surface decides whether your on-call engineer can debug a 3am incident in 10 minutes or 3 hours. Skip any one of these and you have a demo, not a product.

The interesting trade-off is between flexibility and operational simplicity. More flexibility means more code to maintain. More opinion in the framework means less code but also less wiggle room when your use case does not match the assumed shape. Production deployments in Toronto have settled on a few common patterns — the kind of patterns that show up in three different vendors' reference architectures because they are the only patterns that actually work at scale.

The Step-by-Step

The steps, in the order they actually matter:

1. Pick stdio for desktop tools, Streamable HTTP for hosted services — Streamable HTTP scales horizontally. stdio is great for local dev or single-tenant desktops.
2. Sign your servers via the Anthropic registry — Signed servers reduce supply-chain risk and unlock better client UX. The signing flow takes 20 minutes.
3. Scope tool permissions tightly — An MCP server with full Salesforce write access is a footgun. Scope to specific objects and fields.
4. Audit tool calls in production — Log every tool invocation, args, and result. You will need this on day one of an incident.
5. Pin a stable runtime version — Treat the underlying framework version as you would a database — pinned, tested, and upgraded on a schedule, not on every minor release.
6. Make state durable from day one — The cost of bolting on durable state at month 6 is roughly 5x the cost of getting it right at week 2. Pick a checkpointer or memory store before your first real deploy.
7. Wire up evals before features — An eval harness that scores every PR catches 80% of regressions before they hit staging. PromptFoo, Braintrust, or LangSmith all work — pick one and stop debating.

Operational Gotchas

Cost and performance numbers are where the marketing usually breaks down. The honest summary for Building an MCP Server with the TypeScript SDK as of April 16, 2026 looks like this: median latency is good, p99 latency is fine, and cost-per-request is competitive — but each of those is contingent on the deployment model you pick.

Self-hosted deployments give you control and unpredictable ops cost. Managed deployments give you predictability and a vendor-priced ceiling. The break-even point sits around the volume where you would need a half-FTE of ops to keep the self-hosted version healthy. For teams under 100k requests/day, managed almost always wins. Above 1M/day, self-hosted starts to make financial sense if you have the engineering bench to support it.

Two things tend to go wrong when teams adopt this stack without a careful plan. First, they over-architect for scale they do not have yet. Second, they under-invest in evals because the demo "felt right" — and then they have no way to measure regressions when they ship the next change. The teams that get the cost story right tend to share three traits: they instrument cost from day one, they cache aggressively at multiple layers, and they pick a single primary model rather than letting every agent call the most expensive option by default.

Going from Prototype to Production

Looking forward, the next 90 days are likely to bring three meaningful changes. First, observability standards will continue to consolidate around OpenTelemetry's GenAI conventions — teams that emit them today will be ahead of the curve. Second, more managed agent platforms will ship MCP-native interfaces, reducing the integration glue every team writes today. Third, evals will move from a nice-to-have to a CI gate, just like unit tests did a decade ago.

The teams that ship the cleanest agent products in late 2026 will be the ones that took infrastructure decisions seriously now. The trade-offs covered above are not novel — they are the same boring infrastructure questions every previous wave of platform technology had to answer. The names are different. The decisions are not.

FAQ

When should I use Building an MCP Server with the TypeScript SDK in production?

Building an MCP Server with the TypeScript SDK is the right pick when you need a clean, signed, swappable interface between agents and the systems they need to act on. If your workload is simpler — for example, a single-turn classification task — you do not need this stack and lighter-weight tooling will get you to production faster. The break-even tends to land around the point where you have at least one multi-step agent serving real users with measurable cost or accuracy implications.

What does Building an MCP Server with the TypeScript SDK cost at scale?

MCP itself is free — the cost is in the underlying API calls and the inference cost of the agent making the calls. The protocol overhead is negligible compared to the LLM call cost.

What is the leading alternative to Building an MCP Server with the TypeScript SDK in 2026?

Common alternatives include OpenAI function calling for OpenAI-only stacks, custom JSON-RPC for tightly controlled environments, Anthropic Tools for Claude-only setups. The right pick depends on your existing stack, team experience, and which set of trade-offs you can live with operationally.

What is the security story for third-party MCP servers?

Treat third-party MCP servers like third-party packages: source from signed registries, pin versions, scope permissions tightly, and audit calls in production. The Anthropic signed registry is the right default. Anything outside it gets a manual security review.

Sources

• https://modelcontextprotocol.io/
• https://www.anthropic.com/news/model-context-protocol
• https://github.com/modelcontextprotocol