A Production Readiness Checklist for Remote MCP Servers

The remote MCP question has changed. A few months ago, the conversation was mostly: can I get this tool working from my agent? Now the real production question is different: What can this server touch, whose credentials does it act with, and how do you contain the blast radius when prompts go bad? That shift matters. Because a remote MCP server that "works" in a demo can still be completely unfit for unattended production use. The recent issue stream around MCP servers keeps converging on the same operator concerns: missing or weak authentication unconstrained tool parameters prompt-injection-driven blast radius weak tenant isolation repo / filesystem write exposure runaway spend or token burn with no governors Those are not side quests. They are the product. If you're evaluating remote MCP for real workloads, here's the checklist I would use. 1. Treat local stdio and remote MCP as different trust classes A lot of confusion starts here. A local MCP tool running on your own machine is o