Reference implementation of an MCP transport extension over gRPC using a hybrid model:
- typed hot-path RPCs (
Initialize,ListTools,CallTool, etc.), - bidirectional
Connectenvelope stream for forward-compatible JSON-RPC traffic.
This repo ships:
- transport specification:
SPEC.md, - protocol definition:
proto/mcp/v1/mcp.proto, - Go reference server/client + auth package,
- Python (
grpc.aio) reference server/client + auth package, - cross-language interop tests.
Compared to Streamable HTTP, gRPC gives:
- binary protobuf framing for typed paths,
- long-lived HTTP/2 multiplexed streams,
- built-in backpressure and cancellation propagation,
- straightforward unary + streaming auth interceptors.
SPEC.md- normative transport extension draft.proto/mcp/v1/mcp.proto- MCP and AuthDiscovery services.internal/gen/mcp/v1- generated Go stubs.pkg/server- Go MCP server adapter and memory backend.pkg/client- Go MCP client wrapper.pkg/auth- Go auth policy, interceptor, and credential helpers.cmd/mcp-grpc-server/cmd/mcp-grpc-client- Go runnable examples.python/mcp_grpc- Python client/server/auth modules.python/examples- Python runnable examples.python/tests/test_interop.py- Go<->Python interop tests.
- Go 1.25+
- Python 3.11+
protoc(3.21+)
make protoTerminal 1:
go run ./cmd/mcp-grpc-server --addr 127.0.0.1:50051 --auth bearerTerminal 2:
go run ./cmd/mcp-grpc-client --addr 127.0.0.1:50051 --auth bearer --bearer-token dev-tokenInstall:
python3 -m pip install -e "./python[dev]"Terminal 1:
python3 python/examples/server.py --addr 127.0.0.1:50052 --auth bearerTerminal 2:
python3 python/examples/client.py --addr 127.0.0.1:50052 --auth bearer --bearer-token dev-tokengo test ./...
cd python && python3 -m pytest -qSupported modes in both references:
- Bearer token (
authorizationmetadata) - API key (
x-mcp-api-key) - mTLS mode hook
- Unix-socket peer mode hook
AuthDiscovery/GetMetadata exposes protected resource metadata for OAuth bootstrap.
Note: mTLS in examples is a local demo mode (policy wiring path) rather than full certificate provisioning. For production, use real server certificates, client cert verification, and JWKS-backed token validation.
| Feature | stdio | Streamable HTTP | gRPC-MCP (this repo) |
|---|---|---|---|
| Primary deployment | local subprocess | networked HTTP endpoint | networked gRPC endpoint |
| Message shape | JSON-RPC newline-delimited | JSON-RPC over POST/SSE | typed protobuf + JSON-RPC envelope |
| Bidirectional messages | process IO loop | SSE + extra request flow | native bidi stream (Connect) |
| Streaming progress | possible | SSE events | server-streaming RPC (CallTool) |
| Auth model | env/local process | MCP HTTP auth framework | metadata + interceptors + AuthDiscovery |
| Forward compatibility | method-level | method-level | envelope stream fallback |
buf.yamlandbuf.gen.yamlare provided per plan; generation in this repo usesprotoc/grpc_toolsviaMakefile.- Go code is formatted with
gofmt. - Python code is validated by
py_compileand exercised by pytest interop runs.