MCP.do

Instead of 69+ narrow-purpose tools, MCP.do provides just one tool (do) that executes any semantic pattern, integrates with any API, and orchestrates complex workflows.

One Tool to Rule Them All

Unlike traditional MCP servers with dozens of tools, MCP.do has just one tool:

do - Execute code with two properties (at least one required):

module - Define context, functions, or components using MDXLD or ESM
script - Execute code via secure RPC

// Simple script execution
await client.useTool('do', {
  script: '$.Business.create({ name: "Acme Corp" })'
})

// Define a function via MDX module (no script needed!)
await client.useTool('do', {
  module: `
    ---
    $type: Function
    name: processOrder
    ---
    export default async function processOrder(orderId) {
      const order = await db.get($.Order, orderId)
      await api.stripe.charge({ amount: order.total })
      return order
    }
  `
})

// Module with script execution
await client.useTool('do', {
  module: {
    $context: 'https://schema.org',
    $type: 'Organization'
  },
  script: 'db.list($.Business)'
})

// Complex workflows (script only)
await client.useTool('do', {
  script: `
    const order = await $.Order.create({ total: 99.99 })
    await api.stripe.charge({ customer: order.customerId, amount: order.total })
    await api.sendgrid.send({ to: order.email, template: 'receipt' })
    return order
  `
})

Every expression is executed securely via RPC with full authentication, validation, and error handling.

Why One Tool?

The Problem with Traditional MCP

Traditional MCP servers define individual tools for each operation:

{
  "tools": [
    { "name": "cloudflare_account_get", "description": "..." },
    { "name": "stripe_customer_create", "description": "..." },
    { "name": "database_query", "description": "..." },
    // ... 66 more tools
  ]
}

Issues:

~15,000 tokens consumed just listing tools
Multiple round trips for complex operations
New features require new tools and updates
Limited composability - can't combine tools
Steep learning curve - 69 tools to learn

The MCP.do Solution

MCP.do provides just 1 tool that executes any code:

{
  "tools": [
    {
      "name": "do",
      "description": "Execute code with module (MDXLD/ESM) and/or script properties",
      "inputSchema": {
        "type": "object",
        "properties": {
          "module": {
            "type": ["object", "string"],
            "description": "MDXLD context, ESM imports/exports, or MDX component definitions"
          },
          "script": {
            "type": "string",
            "description": "Code to execute"
          }
        },
        "anyOf": [
          { "required": ["module"] },
          { "required": ["script"] }
        ]
      }
    }
  ]
}

Benefits:

~800 tokens (95% reduction)
Single call for complex operations
Instant access to new SDK features
Full composability - it's just code
Natural for AI - models know code

Comparison: Traditional vs MCP.do

Aspect	Traditional (69 Tools)	MCP.do (1 Tool)
Tools	69 narrow-purpose tools	1 universal tool
Token Cost	~15,000 tokens	~800 tokens (95% less)
Round Trips	Multiple for complex ops	Single call
New Features	Require new tools	Instant via SDK
Composability	Limited	Full (it's code)
Learning Curve	Learn 69 tools	Learn SDK once
Maintenance	Update 69 tools	Update SDK

Endpoint

MCP.do is available at: https://mcp.do

This is a simple HTTP endpoint that implements the Model Context Protocol via JSON-RPC 2.0 over:

HTTP POST - For request/response calls
Server-Sent Events (SSE) - For streaming and long-lived connections

Quick HTTP Example

curl https://mcp.do \
  -H "Authorization: Bearer sk_live_xxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "do",
      "arguments": {
        "script": "await db.list($.Business)"
      }
    },
    "id": 1
  }'

Authentication

MCP.do supports three authentication modes via the Authorization header:

Anonymous (No Header)

Rate Limit: 10 requests/minute
Permissions: Read-only operations
Timeout: 10 seconds

OAuth (`Bearer oauth_xxx`)

Rate Limit: 100 requests/minute
Permissions: User's permissions
Timeout: 30 seconds

API Key (`Bearer sk_xxx`)

Rate Limit: 100 requests/minute
Permissions: Full access
Timeout: 30 seconds

Security

All code execution happens via secure RPC:

Authentication - Every request requires valid credentials
Validation - Code is parsed and validated before execution
Sandboxing - Execution in isolated Durable Objects
Rate Limiting - Sliding window per user/session
Timeout Enforcement - 10s anonymous, 30s authenticated
Readonly Enforcement - AST analysis blocks writes for anonymous users
Audit Logging - All operations logged with auth context

graph TB subgraph "Transport Layer" HTTP[HTTP JSON-RPC POST Requests] SSE[Server-Sent Events Streaming] end subgraph "Protocol Layer" JSONRPC[JSON-RPC 2.0 Method Calls] AUTH[Authentication Anon/OAuth/API Key] RATE[Rate Limiting 10-100 req/min] end subgraph "Application Layer" TOOL[1 Tool: do module + script] SANDBOX[Execution Sandbox Durable Objects] READONLY[Readonly Check AST Analysis] end subgraph "Platform Integration" SDK[SDK Primitives $, db, ai, api, on, send, every, user] PAYLOAD[Payload CMS Data Layer] WORKERS[Cloudflare Workers 90+ Services] end HTTP --> JSONRPC SSE --> JSONRPC JSONRPC --> AUTH AUTH --> RATE RATE --> TOOL TOOL --> SANDBOX SANDBOX --> READONLY READONLY --> SDK SDK --> PAYLOAD SDK --> WORKERS

Next Steps

Getting Started - Set up Claude Desktop and start executing code
The do Tool - Complete guide to module and script properties
Modules vs Scripts - Understanding execution models
.do Primitives - SDK primitives available in scripts

Resources

Endpoint: https://mcp.do
Cloudflare Code Mode Blog - Inspiration for this approach
Model Context Protocol Spec - Official MCP specification
SDK Documentation - Complete .do platform SDK reference
CLI Documentation - Command-line interface with same patterns