Real-World Servers

Six production MCP server patterns that developers use every day. For each pattern, you will see the architecture, the tools it exposes, real code, and the security considerations that matter most.

Server Gallery

Six production MCP server patterns that developers use every day. Each pattern is covered in detail below.

1. Database Server

Lets Claude query, analyze, and understand data in your database through natural language. The most common pattern — nearly every team has data they want Claude to explore.

Tools Exposed

query — Execute SELECT statements
list_tables — Show available tables
describe_table — Show columns and types
insert / update — Write data (if enabled)

Key Architecture

Maintains a connection pool — the DB connection stays open across calls, so Claude can run multiple queries without reconnection overhead. Typically 5-10 connections in the pool.

Database Server PatternTypeScript
import pg from "pg";

// Connection pool: stays open across tool calls
const pool = new pg.Pool({
  connectionString: process.env.DATABASE_URL,
  max: 5,  // max concurrent connections
});

server.tool("query", {
  sql: z.string().describe("SQL SELECT statement to execute"),
}, async ({ sql }) => {
  // SECURITY: Only allow SELECT statements
  if (!sql.trim().toUpperCase().startsWith("SELECT")) {
    return { content: [{ type: "text", text: "Only SELECT queries are allowed." }], isError: true };
  }
  const result = await pool.query(sql);
  return { content: [{ type: "text", text: JSON.stringify(result.rows, null, 2) }] };
});

🛡 Security: Always use a read-only database user (see Lesson 9). The SQL prefix check above is a defense-in-depth layer, not the primary protection. A determined prompt injection can craft SQL that starts with SELECT but contains subqueries that modify data. The read-only user is what truly prevents damage.

2. GitHub Server

Lets Claude manage repositories, pull requests, issues, and code reviews. The official GitHub MCP server is one of the most popular in the ecosystem.

Tools Exposed

search_repositories
create_pull_request
list_issues / create_issue
get_file_contents
create_or_update_file

Authentication

Uses fine-grained personal access tokens (PATs). You choose exactly which repos and permissions to grant. Token goes in the env field of your config — never in code.

claude_desktop_config.jsonJSON
{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_your_token_here"
      }
    }
  }
}

🔑 Best Practice: Create a fine-grained PAT with read-only access to start. Only add write permissions (create PR, push commits) after you are comfortable with how Claude uses the tools. You can always upgrade permissions later.

3. Slack Server

Lets Claude read channels, search messages, and post updates. Powerful for team coordination, standup summaries, and automated notifications.

Tools Exposed

read_channel — Get recent messages
search_messages — Full-text search
send_message — Post to a channel
list_channels — Discover channels

Authentication

Uses a Slack Bot token (xoxb-...) with scoped OAuth permissions. The bot must be invited to any channel it needs to read or post in.

⚠ Caution: Be very careful with send_message. A prompt injection that tricks Claude into posting to #general could be embarrassing or worse. Consider using the human-in-the-loop pattern (Lesson 9) for any send/post tools, or restricting the bot to a dedicated channel.

🔒

This lesson is for Pro members

Unlock all 520+ lessons across 52 courses with Academy Pro.

Go Pro — $49/mo ← Back to course

Already a member? Sign in to access your lessons.