Production Readiness Scalekit

MCP authentication

• Test MCP server authentication flow end-to-end
• Verify OAuth consent screen displays correctly for MCP clients
• Test token exchange for MCP connections
• Verify resource metadata published at /.well-known/oauth-protected-resource
• Test MCP session management (session creation, expiry, refresh)
• Verify custom auth handlers behave correctly (if using)
• Test MCP client reconnection after token expiry
• Verify scopes are correctly enforced per MCP tool/resource

Monitoring and incident readiness

• Auth logs monitoring configured in Dashboard > Auth Logs
• Alerts set for suspicious activity (repeated auth failures, unusual access patterns)
• Error tracking configured for authentication failures
• Log retention policies configured
• Incident response runbook written (who to contact, how to roll back)
• Rollback plan ready (disable MCP auth without breaking existing sessions)

Key metrics:

• MCP auth success/failure rates
• Token exchange latency
• Session creation and duration
• Token refresh frequency