stdio (Standard Input/Output)
// Server const transport = new StdioServerTransport(); await server.connect(transport); // Client const transport = new StdioClientTransport({ command: "./mcp-server", args: ["--model", "gpt-4"] });
Best for: Anything local, such as command-line tools or scripting. Stdio excels when you need simple communication between processes on the same machine without network complexity.
Benefits: Simple process isolation, easy debugging. Each server runs as a separate process with its own memory space.
Limitations: Local only, single client. Stdio connections are inherently 1:1 and cannot be accessed remotely, making them unsuitable for web services or multi-user scenarios.
HTTP with SSE (Server-Sent Events)
// Endpoint handles both POST and SSE app.post("/mcp/v1/session", async (req, res) => { const response = await server.handleRequest(req.body); if (needsStreaming) { res.setHeader("Content-Type", "text/event-stream"); res.setHeader("Cache-Control", "no-cache"); res.setHeader("Connection", "keep-alive"); // Stream multiple responses... } else { res.json(response); } });
Best for: Anything remote, such as web integrations. HTTP+SSE enables MCP servers to be accessed from web browsers, cloud services, or any HTTP-capable client across networks.
Benefits: Stateful sessions, resumable connections. Sessions persist across requests using session IDs, and clients can resume interrupted connections using the Last-Event-ID header.
Security: Requires origin validation, should bind to localhost when local. Always check the Origin header to prevent DNS rebinding attacks, and use 127.0.0.1 instead of 0.0.0.0 for local services.
stdio (Standard Input/Output)
// Server const transport = new StdioServerTransport(); await server.connect(transport); // Client const transport = new StdioClientTransport({ command: "./mcp-server", args: ["--model", "gpt-4"] });
Best for: Anything local, such as command-line tools or scripting. Stdio excels when you need simple communication between processes on the same machine without network complexity.
Benefits: Simple process isolation, easy debugging. Each server runs as a separate process with its own memory space.
Limitations: Local only, single client. Stdio connections are inherently 1:1 and cannot be accessed remotely, making them unsuitable for web services or multi-user scenarios.
HTTP with SSE (Server-Sent Events)
// Endpoint handles both POST and SSE app.post("/mcp/v1/session", async (req, res) => { const response = await server.handleRequest(req.body); if (needsStreaming) { res.setHeader("Content-Type", "text/event-stream"); res.setHeader("Cache-Control", "no-cache"); res.setHeader("Connection", "keep-alive"); // Stream multiple responses... } else { res.json(response); } });
Best for: Anything remote, such as web integrations. HTTP+SSE enables MCP servers to be accessed from web browsers, cloud services, or any HTTP-capable client across networks.
Benefits: Stateful sessions, resumable connections. Sessions persist across requests using session IDs, and clients can resume interrupted connections using the Last-Event-ID header.
Security: Requires origin validation, should bind to localhost when local. Always check the Origin header to prevent DNS rebinding attacks, and use 127.0.0.1 instead of 0.0.0.0 for local services.
stdio (Standard Input/Output)
// Server const transport = new StdioServerTransport(); await server.connect(transport); // Client const transport = new StdioClientTransport({ command: "./mcp-server", args: ["--model", "gpt-4"] });
Best for: Anything local, such as command-line tools or scripting. Stdio excels when you need simple communication between processes on the same machine without network complexity.
Benefits: Simple process isolation, easy debugging. Each server runs as a separate process with its own memory space.
Limitations: Local only, single client. Stdio connections are inherently 1:1 and cannot be accessed remotely, making them unsuitable for web services or multi-user scenarios.
HTTP with SSE (Server-Sent Events)
// Endpoint handles both POST and SSE app.post("/mcp/v1/session", async (req, res) => { const response = await server.handleRequest(req.body); if (needsStreaming) { res.setHeader("Content-Type", "text/event-stream"); res.setHeader("Cache-Control", "no-cache"); res.setHeader("Connection", "keep-alive"); // Stream multiple responses... } else { res.json(response); } });
Best for: Anything remote, such as web integrations. HTTP+SSE enables MCP servers to be accessed from web browsers, cloud services, or any HTTP-capable client across networks.
Benefits: Stateful sessions, resumable connections. Sessions persist across requests using session IDs, and clients can resume interrupted connections using the Last-Event-ID header.
Security: Requires origin validation, should bind to localhost when local. Always check the Origin header to prevent DNS rebinding attacks, and use 127.0.0.1 instead of 0.0.0.0 for local services.