zhanj/claude-plugins-official
1
0
Fork 0
mirror of https://github.com/anthropics/claude-plugins-official.git synced 2026-05-03 08:59:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Align mcp-server-dev skills with claude.com/docs connector guidance (#1418)

Browse Source 
- build-mcp-server: load llms-full.txt for Claude-specific context;
  add Phase 6 (test in Claude, review checklist, submit, ship plugin)
- references/auth.md: add Claude auth-type table, callback URL,
  not-supported list
- references/tool-design.md: add Anthropic Directory hard requirements
  (annotations, name length, read/write split, prompt-injection rule)
- build-mcp-app: add Claude host specifics (prefersBorder,
  safeAreaInsets, CSP) and submission asset specs; testing via
  custom connector
- build-mcpb: note remote servers are the recommended directory path
This commit is contained in:
Tobin South
2026-04-17 09:02:48 -07:00
committed by GitHub
parent b992a65037
commit b00abee24e
5 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/mcp-server-dev/skills/build-mcp-server/references/auth.md
View File

@@ -2,6 +2,22 @@
Auth is the reason most people end up needing a **remote** server even when a local one would be simpler. OAuth redirects, token storage, and refresh all work cleanly when there's a real hosted endpoint to redirect back to.
## Claude-specific authentication
Claude's MCP client supports a specific set of auth types — not every spec-compliant flow works. Full reference: https://claude.com/docs/connectors/building/authentication
| Type | Notes |
|---|---|
| `oauth_dcr` | Supported. For high-volume directory entries, prefer CIMD or Anthropic-held creds — DCR registers a new client on every fresh connection. |
| `oauth_cimd` | Supported, recommended over DCR for directory entries. |
| `oauth_anthropic_creds` | Partner provides `client_id`/`client_secret` to Anthropic; user-consent-gated. Contact `mcp-review@anthropic.com`. |
| `custom_connection` | User supplies URL/creds at connect time (Snowflake-style). Contact `mcp-review@anthropic.com`. |
| `none` | Authless. |
**Not supported:** user-pasted bearer tokens (`static_bearer`); pure machine-to-machine `client_credentials` grant without user consent.
**Callback URL** (single, all surfaces): `https://claude.ai/api/mcp/auth_callback`
---
## The three tiers

10
plugins/mcp-server-dev/skills/build-mcp-server/references/tool-design.md
View File

@@ -2,6 +2,16 @@
Tool schemas and descriptions are prompt engineering. They land directly in Claude's context and determine whether Claude picks the right tool with the right arguments. Most MCP integration bugs trace back to vague descriptions or loose schemas.
## Anthropic Directory hard requirements
If this server will be submitted to the Anthropic Directory, the following are pass/fail review criteria (full list: https://claude.com/docs/connectors/building/review-criteria):
- Every tool **must** include `readOnlyHint`, `destructiveHint`, and `title` annotations — these determine auto-permissions in Claude.
- Tool names **must** be ≤64 characters.
- Read and write operations **must** be in separate tools. A single tool accepting both GET and POST/PUT/PATCH/DELETE is rejected — documenting safe vs unsafe within one tool's description does not satisfy this.
- Tool descriptions **must not** instruct Claude how to behave (e.g. "always do X", "you must call Y first", overriding system instructions, promoting products) — treated as prompt injection at review.
- Tools that accept freeform API endpoints/params **must** reference the target API's documentation in their description.
---
## Descriptions