ZeroMCP v0.1.1 — ~27% faster with schema caching. See what changed →
MIT License 0 Dependencies 1K LOC

Drop a file.
It's an MCP tool.

No 91 packages. No plaintext secrets. 2.1–102x faster than every official SDK. Just a function in a folder.

npm install -g zeromcp
View on GitHub How it works
Node.js
Python
Go
Rust
Java
Kotlin
C#
Swift
Ruby
PHP
Performance

Faster than every official SDK. Every language.

Same hello tool. HTTP transport. 5-minute sustained load. Docker containers. Run them yourself.

Rust
5,879
2,452
2.4x
Node.js
5,497
2,610
2.1x
C#
5,260
2,517
2.1x
Ruby
4,762
2,163
2.2x
Go
4,740
893
5.3x
Java
4,512
2,658
1.7x
Python
3,528
635
5.6x
Kotlin
3,163
548
5.8x
Swift
2,244
74
30x
PHP
1,726
17
102x
ZeroMCP req/s Official SDK req/s

Built-in sandbox. Credential injection. 21 chaos attacks survived. See the security model.

Full benchmarks → All comparisons →
The Problem

MCP is a great protocol with a
terrible developer experience

Hand-edited JSON. Zombie processes. Plaintext secrets. Config drift across the team. These are real quotes from developers who've had enough.

"MCP configuration is a sh*tshow, especially when secrets like API keys and database passwords are involved."

Hagen Hubel, Medium

"Every AI coding session spawns a tree of child processes. When the session ends, these processes are supposed to terminate. They don't."

thestack_ai, DEV Community

"You drop plaintext secrets into your Claude config. Any server you define can read your environment variables, access your filesystem, and send data anywhere on the internet."

Cyata.ai, Security Research
14 GB RAM consumed by orphaned MCP server processes
2+ hrs Average onboarding time for MCP configuration
17 Dependencies in the official MCP SDK
Features

Everything you need. Nothing you don't.

2.1–102x faster than official SDKs

HTTP benchmarks across all 10 languages. Same tool, same transport, 5-minute sustained load. ZeroMCP wins every language. See the data.

File-based tools

Node.js, Python, Ruby, PHP: drop a file in ./tools/ and it's live. Hot reload on change. No server restart.

19 HTTP frameworks

Express, Fastify, Starlette, Chi, Actix, Javalin, Ktor, ASP.NET, Vapor, Rack, Slim — embed ZeroMCP as a handler function. Framework benchmarks.

Compose MCP servers

Connect existing MCP servers into one process. Auto-namespaced. Layer local tools on top. One stdio connection. The official SDK can't do this.

Built-in sandbox

Network allowlists, sandboxed fetch, credential injection per directory, permission enforcement at runtime. Not advisory — enforced.

Zero dependencies

Most languages need nothing beyond stdlib. The official Node SDK installs 91 packages. Ruby installs 90. ZeroMCP installs none.

10 languages

Node.js, Python, Go, Rust, Java, Kotlin, Swift, C#, Ruby, PHP. Same architecture, idiomatic per language. Compare all.

How It Works

File becomes tool in
three seconds

1

Drop a file

Write a JavaScript file with a description, inputs, and an execute function. Put it in ./tools/.

2

ZeroMCP scans it

Recursive directory scan. Auto-namespacing from folder structure. Credential injection. Permission enforcement.

3

Serve over MCP

One command. stdio for Claude Code and Cursor. Library export for Express, Lambda, Workers.

JS tools/stripe/list.js
Z zeromcp scan
MCP stripe_list
Comparison

ZeroMCP vs the alternatives

ZeroMCP Official SDK @modelcontextprotocol/sdk Separate Servers N individual MCP servers
Configuration Drop a file Server class + Zod schemas JSON per server
Dependencies 0 17 N x each server's deps
Code size ~1K LOC 4.3 MB N x server packages
Processes 1 1 (per server) N separate processes
Composability Built-in Not supported Not supported
Credential injection ctx.credentials DIY Plaintext JSON
Sandboxed fetch Domain allowlisting No No
Hot reload Built-in Manual restart Manual restart
Library export Express / Lambda / Workers Custom integration No
Getting Started

Three commands. That's it.

1

Install

npm install -g zeromcp
2

Drop a tool file

tools/hello.js 
export default {
  description: "Say hello",
  input: { name: "string" },
  execute: async ({ name }) => `Hello, ${name}!`
}
3

Serve

zeromcp serve

That's it. Your MCP client can now call hello.

Security

Security is the default,
not an afterthought

Tools can't phone home to undeclared domains. They can't access other tools' credentials. They can't touch the filesystem without declaring it.

Permission declarations

Tools declare what they need: network domains, filesystem paths, exec access. Enforced at runtime, not advisory.

permissions: { network: ["api.stripe.com"] }

Sandboxed fetch

ctx.fetch only reaches declared domains. Undeclared network calls are blocked. All calls logged when logging is enabled.

ctx.fetch("https://api.stripe.com/v1/...")

Credential injection

Tools use ctx.credentials. Keys are mapped from env vars or files in one config. Never hardcoded, never passed as arguments.

credentials: { stripe: { env: "STRIPE_KEY" } }

Audit CLI

zeromcp audit runs static analysis on tool files. Catches undeclared network access, credential leaks, and permission violations. Gates the community registry.

$ zeromcp audit ./tools

Replace your MCP config
in 60 seconds

Install ZeroMCP, drop a tool file, and connect it to Claude Code or Cursor.

npm install -g zeromcp
View on GitHub Read the docs

MIT License. No accounts. No telemetry. 0 runtime dependencies.