Skip to main content
sunpeak API

Overview

The optional src/server.ts file configures authentication and server metadata. When present, the framework calls auth() on every MCP request and populates extra.authInfo in tool handlers. Under the hood, the returned AuthInfo is set as req.auth on the HTTP request — the same mechanism the MCP SDK uses. This gives you the same flexibility as using the SDK directly.

File Convention

Example

Exports

auth (function, optional)

Called on every MCP request. Return AuthInfo to authenticate, or null to reject the request with 401.
req
IncomingMessage
required
The incoming HTTP request from Node’s http module. Access headers, cookies, query params, etc.
Returns AuthInfo | null (sync or async):
Return null to reject the request — Sunpeak responds with 401 Unauthorized and a WWW-Authenticate: Bearer header.

server (object, optional)

Server metadata reported to hosts during the MCP handshake.
name
string
Server name displayed in the host.
version
string
Server version.
title
string
Human-readable display name. Shown by hosts when more polish is needed than name.
description
string
Short description of what the server does.
websiteUrl
string
URL of the server’s homepage.
icons
Icon[]
64x64 PNG icons (data URIs preferred). Light and dark variants supported via the theme field on each icon.
instructions
string
Server-wide instructions sent in the MCP initialize response. Hosts (ChatGPT, Claude) may surface this to the model, typically by injecting it into the system prompt. Use it for guidance that spans multiple tools or describes the server as a whole — e.g., “Always call get_user before update_user” or “This server is read-only between 5pm and 9am UTC”. Per-tool guidance still belongs in each tool’s description.

Using Auth in Tool Handlers

The authInfo from the server entry is available in every tool handler:

Custom Server

If you need middleware, custom routes, or full control over the HTTP server, use createMcpHandler (Node.js) or createHandler (Web Standard) to mount the MCP protocol on your own server:
These handlers accept pre-loaded tool and resource objects — they don’t auto-discover from dist/. See the Production Server API for config types and the Deployment Guide for complete examples.

See Also

Tool File

Define tool metadata, schemas, and handlers.

Deployment Guide

Production server setup and custom server integration.