A TypeScript MCP server exposing internal tools behind auth.
Internal tools and data are only reachable by hand, so agents can't use them safely. An MCP server needs typed tool definitions and auth so an agent can call internal capabilities without bypassing access control.
A TypeScript server implementing the Model Context Protocol: each internal capability is registered as a typed tool with an input schema, requests are authenticated before dispatch, and the server speaks MCP to any compatible client.
Internal capabilities are wrapped as typed MCP tools with input schemas.
An MCP client connects and discovers the available tools.
A tool call arrives and is authenticated before dispatch.
Inputs are validated against the tool's schema.
The tool runs against the internal system and returns a typed result.
The result is streamed back to the client over MCP.
TypeScript with the MCP server SDK
Typed tool definitions with input schemas
An auth layer in front of tool dispatch
Adapters to the internal systems each tool wraps
A transport compatible with MCP clients
Tool discovery requests from clients
Each tool call with the authenticated caller
Validated inputs and the tool that handled them
Authorization decisions and any rejections
Tool outcomes and errors
Contract tests validate each tool's input schema and auth behaviour, and an integration suite exercises tool calls end to end against a sandbox of the internal systems.
An unauthenticated call reaches a tool — auth runs before dispatch so it's refused.
A client sends malformed input — schema validation rejects it before the internal call.
An internal system is down — the tool returns a typed error rather than hanging.
A new tool is added without a schema — registration requires a schema, so untyped tools can't ship.
That internal tools can be exposed to agents safely — typed contracts and auth at the boundary instead of unguarded direct access.
Build logs, agentic engineering decisions, agent failures, evals, and what survives real users. Sent weekly, never more.