--- title: "Best Practices" description: "Recommended patterns and anti-patterns for MCP configuration" author: "Onli Platform" date: "2024-01-01" tags: ["mcp", "best-practices", "patterns", "optimization"] --- # MCP Configuration Best Practices This guide outlines recommended patterns, anti-patterns, and optimization strategies for MCP configuration. ## Configuration Management ### Recommended Patterns #### Use Environment-Specific Configurations ```json // config/development.json { "onli-mcp": { "url": "https://stg.onli.app", "headers": { "User-Id": "${ONLI_DEV_USER_ID}", "App-Key": "${ONLI_DEV_APP_KEY}", "App-Symbol": "ENGMA" }, "options": { "debug": true, "timeout": 30000 } } } ``` #### Implement Configuration Validation ```javascript function validateConfig(config) { const required = ['url', 'headers.User-Id', 'headers.App-Key', 'headers.App-Symbol']; for (const field of required) { if (!getNestedValue(config, field)) { throw new Error(`Missing required field: ${field}`); } } return true; } ``` #### Use Configuration Factories ```javascript class MCPConfigFactory { static createConfig(environment) { const baseConfig = { headers: { 'User-Id': process.env.ONLI_USER_ID, 'App-Key': process.env.ONLI_APP_KEY, 'App-Symbol': process.env.ONLI_APP_SYMBOL || 'ENGMA' } }; switch (environment) { case 'development': return { ...baseConfig, url: 'https://stg.onli.app', options: { debug: true, timeout: 30000 } }; case 'production': return { ...baseConfig, url: 'https://api.onli.app', options: { debug: false, timeout: 15000 } }; default: throw new Error(`Unknown environment: ${environment}`); } } } ``` ### Anti-Patterns to Avoid #### Hardcoding Credentials ```javascript // DON'T DO THIS const config = { "onli-mcp": { "url": "https://api.onli.app", "headers": { "User-Id": "user_12345_hardcoded", // Never hardcode "App-Key": "ak_secret_key_123", // Security risk "App-Symbol": "ENGMA" } } }; ``` #### Single Configuration for All Environments ```javascript // DON'T DO THIS - Use environment-specific configs const oneConfigForAll = { url: "https://api.onli.app", // Should vary by environment debug: true // Should be false in production }; ``` #### Missing Error Handling ```javascript // DON'T DO THIS const client = new MCPClient(config); // No validation or error handling client.connect(); // No error handling ``` ## Security Best Practices ### Credential Management #### Use Environment Variables ```bash # .env.development ONLI_USER_ID=dev_user_12345 ONLI_APP_KEY=ak_dev_secret_key ONLI_APP_SYMBOL=ENGMA # .env.production ONLI_USER_ID=prod_user_67890 ONLI_APP_KEY=ak_prod_secret_key ONLI_APP_SYMBOL=ENGMA ``` #### Implement Credential Rotation ```javascript class CredentialManager { constructor() { this.refreshInterval = 24 * 60 * 60 * 1000; // 24 hours this.setupRotation(); } async rotateCredentials() { const newCredentials = await this.fetchNewCredentials(); this.updateConfig(newCredentials); this.scheduleNextRotation(); } setupRotation() { setInterval(() => { this.rotateCredentials(); }, this.refreshInterval); } } ``` #### Monitor API Usage ```javascript class APIMonitor { trackRequest(endpoint, method, timestamp) { // Log API usage patterns console.log(`API Call: ${method} ${endpoint} at ${timestamp}`); // Check for unusual patterns this.detectAnomalies(endpoint, method); } detectAnomalies(endpoint, method) { // Implement anomaly detection logic const recentCalls = this.getRecentCalls(endpoint, 5 * 60 * 1000); // 5 minutes if (recentCalls.length > this.thresholds[endpoint]) { this.alertSuspiciousActivity(endpoint, recentCalls.length); } } } ``` ### Network Security #### Always Use HTTPS ```javascript const config = { url: "https://api.onli.app", // Always HTTPS options: { rejectUnauthorized: true, // Verify SSL certificates secureProtocol: 'TLSv1_2_method' // Use secure protocols } }; ``` #### Implement Request Signing ```javascript class SecureClient { signRequest(request) { const timestamp = Date.now(); const signature = this.generateSignature(request, timestamp); return { ...request, headers: { ...request.headers, 'X-Timestamp': timestamp, 'X-Signature': signature } }; } } ``` ## Performance Optimization ### Connection Management #### Connection Pooling ```javascript const config = { "onli-mcp": { "url": "https://api.onli.app", "headers": { "User-Id": "${ONLI_USER_ID}", "App-Key": "${ONLI_APP_KEY}", "App-Symbol": "ENGMA" }, "options": { "pooling": { "maxConnections": 10, "keepAlive": true, "keepAliveMsecs": 30000 } } } }; ``` #### Appropriate Timeouts ```javascript const timeoutConfig = { development: { connectionTimeout: 10000, requestTimeout: 30000, retryDelay: 2000 }, production: { connectionTimeout: 5000, requestTimeout: 15000, retryDelay: 1000 } }; ``` ### Retry Strategies #### Exponential Backoff ```javascript class RetryManager { async executeWithRetry(operation, maxRetries = 3) { let attempt = 0; while (attempt < maxRetries) { try { return await operation(); } catch (error) { if (!this.isRetryableError(error) || attempt === maxRetries - 1) { throw error; } const delay = Math.pow(2, attempt) * 1000; // Exponential backoff await this.sleep(delay); attempt++; } } } isRetryableError(error) { return error.code === 'TIMEOUT' || error.code === 'NETWORK_ERROR' || (error.status >= 500 && error.status < 600); } } ``` ## Error Handling ### Comprehensive Error Handling ```javascript class MCPErrorHandler { handleError(error, context) { switch (error.type) { case 'AUTHENTICATION_ERROR': this.handleAuthError(error, context); break; case 'NETWORK_ERROR': this.handleNetworkError(error, context); break; case 'TIMEOUT_ERROR': this.handleTimeoutError(error, context); break; default: this.handleGenericError(error, context); } } handleAuthError(error, context) { // Log security event this.logSecurityEvent('auth_failure', { error, context }); // Attempt credential refresh this.refreshCredentials(); // Notify administrators this.notifyAdmins('Authentication failure detected'); } } ``` ### Circuit Breaker Pattern ```javascript class CircuitBreaker { constructor(threshold = 5, timeout = 60000) { this.failureThreshold = threshold; this.timeout = timeout; this.failureCount = 0; this.state = 'CLOSED'; // CLOSED, OPEN, HALF_OPEN this.lastFailureTime = null; } async execute(operation) { if (this.state === 'OPEN') { if (Date.now() - this.lastFailureTime > this.timeout) { this.state = 'HALF_OPEN'; } else { throw new Error('Circuit breaker is OPEN'); } } try { const result = await operation(); this.onSuccess(); return result; } catch (error) { this.onFailure(); throw error; } } } ``` ## Monitoring and Logging ### Structured Logging ```javascript const logger = { logMCPOperation(operation, duration, success, metadata = {}) { const logEntry = { timestamp: new Date().toISOString(), operation, duration, success, environment: process.env.NODE_ENV, ...metadata }; if (success) { console.log('MCP_SUCCESS', JSON.stringify(logEntry)); } else { console.error('MCP_FAILURE', JSON.stringify(logEntry)); } } }; ``` ### Health Checks ```javascript class HealthChecker { async performHealthCheck() { const checks = [ this.checkConnectivity(), this.checkAuthentication(), this.checkLatency() ]; const results = await Promise.allSettled(checks); return { healthy: results.every(r => r.status === 'fulfilled'), checks: results.map((r, i) => ({ name: ['connectivity', 'authentication', 'latency'][i], status: r.status, value: r.value, error: r.reason })) }; } } ``` ## Testing Best Practices ### Mock External Dependencies ```javascript // test/mcp-client.test.js describe('MCP Client', () => { beforeEach(() => { nock('https://stg.onli.app') .get('/health') .reply(200, { status: 'healthy' }); }); it('should connect successfully with valid config', async () => { const config = createTestConfig(); const client = new MCPClient(config); const result = await client.healthCheck(); expect(result.status).toBe('healthy'); }); }); ``` ### Test Different Environments ```javascript const testConfigs = { development: createDevConfig(), staging: createStagingConfig(), production: createProdConfig() }; Object.entries(testConfigs).forEach(([env, config]) => { describe(`${env} environment`, () => { it('should have valid configuration', () => { expect(() => validateConfig(config)).not.toThrow(); }); }); }); ``` ## Next Steps - Review [Setup Instructions](/mcp-configuration/setup) for implementation details - Check [Troubleshooting Guide](/mcp-configuration/troubleshooting) for common issues - Join our [Developer Community](https://forum.onli.app) for best practice discussions ## Support For questions about best practices: - **Email**: [support@onli.one](mailto:support@onli.one) - **Documentation**: [Configuration Guides](/mcp-configuration/guides) - **Community**: [Onli Developer Forum](https://forum.onli.app)