> ## Documentation Index
> Fetch the complete documentation index at: https://docs.usechar.com/llms.txt
> Use this file to discover all available pages before exploring further.

# MCP Server Styles

> Explanation of MCP server styles and when to choose each one.

This page explains the major MCP server styles and the tradeoffs between them.

## Why This Matters

Most integration issues come from transport mismatch:

* local subprocess workflows expect `stdio`
* hosted/shared workflows expect HTTP transports
* some clients still use older SSE-compatible remote flows

## Style Comparison

| Style                                    | Transport                 | Where it runs                            | Typical auth                                       | Best use case                                            | Official references                                                                                                                                                                                                             |
| ---------------------------------------- | ------------------------- | ---------------------------------------- | -------------------------------------------------- | -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Local subprocess server                  | `stdio`                   | Local machine (spawned process)          | Usually local trust boundary; optional server auth | Browser automation and local dev tooling                 | [MCP transports](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports), [Claude Code MCP](https://docs.anthropic.com/en/docs/claude-code/mcp)                                                              |
| Remote MCP server (modern)               | Streamable HTTP           | Remote service                           | Bearer/session/OAuth (server-defined)              | Shared hosted tools and multi-user environments          | [MCP transports](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports), [Claude Code MCP](https://docs.anthropic.com/en/docs/claude-code/mcp)                                                              |
| Remote MCP server (legacy compatibility) | SSE + POST fallback       | Remote service                           | HTTP auth (server-defined)                         | Backward compatibility with older client/server behavior | [MCP transports](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports)                                                                                                                                     |
| Connector-style remote usage             | Remote HTTP MCP only      | Remote service reachable by API provider | OAuth or bearer token via connector config         | Tool access in API-based agent workflows                 | [Anthropic MCP connector](https://docs.anthropic.com/en/docs/agents-and-tools/mcp-connector)                                                                                                                                    |
| Registry-discovered ecosystem servers    | Varies (`stdio` and HTTP) | Local or hosted                          | Server-defined                                     | Discovering existing production/community servers        | [MCP Registry](https://registry.modelcontextprotocol.io/), [MCP servers repo](https://github.com/modelcontextprotocol/servers), [servers README](https://raw.githubusercontent.com/modelcontextprotocol/servers/main/README.md) |

## How To Choose Quickly

1. Use `stdio` when the tool must run locally and you control the machine.
2. Use Streamable HTTP when the server is shared, hosted, or multi-tenant.
3. Use legacy SSE mode only when a required client/server still depends on it.
4. Use connector-style remote MCP when an API provider requires remote-only integration.

## Security Notes

* Validate `Origin` headers for browser-based transports and avoid exposing local servers beyond trusted boundaries.
* Prefer binding local HTTP listeners to loopback (`localhost`) unless you explicitly need network exposure.
* Treat access tokens as bearer credentials and store/forward them only over TLS.
* Keep remote MCP endpoints authenticated by default; avoid unauthenticated public tool surfaces.

Authoritative guidance: [MCP transports + security considerations](https://modelcontextprotocol.io/specification/2025-06-18/basic/transports)

## Related

* [MCP Setup](/vibe/mcp-setup)
* [Install MCP Servers](/guides/mcp-servers)
* [MCP Tools Reference](/reference/mcp-tools)
