Question 1

What is an MCP server, and why do I need one?

Accepted Answer

Model Context Protocol (MCP) is the standard way to give an AI assistant — Claude, ChatGPT, internal agents — controlled, audited access to your tools and data. If you want your team to ask questions in plain language and get answers from your own systems (not from a generic LLM hallucinating), you need MCP servers wired to those systems.

Question 2

How much does an MCP server cost?

Accepted Answer

Essential is $4,900 (single stdio server, up to 3 tools, 1–2 week delivery). Professional is $9,900 (multi-tool, OAuth 2.1 + PKCE, audit logging, 3–5 weeks). Business is $18,900 (up to 20 tools across multiple domains, optional zero-knowledge / E2EE, CI/CD, 6–10 weeks). All prices are fixed; all source code ships in your private repository.

Question 3

What's the difference between Essential and Professional?

Accepted Answer

Essential is the right call for an internal tool — a single stdio server wrapping one system, run locally, used by your team. Professional adds the things you need when external agents or non-engineers will use it: OAuth 2.1 + PKCE auth, audit trails, scoped tokens, human-in-the-loop confirmation on destructive operations. If anyone outside your immediate team will use it, you want Professional.

Question 4

Does Essential really use Clean Architecture? Isn't that overkill for a small server?

Accepted Answer

Yes — every plan, including Essential. Even small MCP servers grow. Clean Architecture from day one means adding a tool is one file, swapping transports doesn't touch business logic, and tests stay sane. The cost of including it now is much smaller than the cost of retrofitting it later.

Question 5

What is OAuth 2.1 + PKCE, and do I need it?

Accepted Answer

OAuth 2.1 with PKCE is the auth standard the MCP spec mandates for remote servers. It's what lets a Claude Desktop or external agent client authenticate to your server without you passing API keys around. If your server runs locally (stdio) and only your team uses it, you can skip OAuth — Essential is fine. If you want a remote server that any team member or agent client can use, Professional includes it.

Question 6

What does 'scoped tokens' mean in practice?

Accepted Answer

It means each agent or user gets a token that only unlocks the specific tools and records they're allowed to touch — not your whole API. A support agent's token can read tickets but not delete them. A read-only analytics agent can query orders but not refund them. The boundary is enforced at the server, so even a misbehaving AI can't step outside it.

Question 7

What is 'zero-knowledge' in this context?

Accepted Answer

It means your MCP server can let an AI agent operate over data without the model — or anyone running the model — being able to read the underlying plaintext. The server returns derived signals (counts, classifications, encrypted blobs the user re-decrypts client-side) instead of raw values. The same E2EE approach we use in our Flutter clients, applied to agent tooling. Hard, almost no one does it, and worth it for healthcare, finance, legal, or anything with a serious privacy regime. Available in Business.

Question 8

Do I own the code? Can I extend it later without you?

Accepted Answer

Yes — every plan ships full source code into your private repository from day one. Each tool is a separate, well-documented file. Your team can extend, modify, replace, or audit any part of it without us. There's no vendor lock-in because there's no vendor.

Question 9

What does the post-ship support cover?

Accepted Answer

Bug fixes and clarifications on the delivered code (30/60/90 days depending on tier). It's not a maintenance retainer — adding new tools, integrating new systems, or expanding scope is a separate engagement, quoted separately when it comes up.

Question 10

What about HIPAA, SOC2, GDPR?

Accepted Answer

We build servers whose architecture supports those regimes — encryption at rest and in transit, scoped access, tamper-evident audit logs, data-minimisation by design. The certification itself depends on the surrounding infrastructure: your hosting, your BAAs, your audit. We write the system; your compliance partner certifies it. We don't claim certifications we don't hold.

MCP Server Development

Essential

Professional

Business

What every plan ships with

Clean Architecture, every tier

Source code, day one

Typed tool surface · Zod validation

Structured logging

Test suite

Honest scope

Ready to Start Your Project?