A comprehensive guide to making a web app accessible to AI agents via the Model Context Protocol (MCP). Covers building an MCP server with JSON-RPC 2.0, implementing OAuth 2.1 with PKCE and Dynamic Client Registration, setting up protocol discovery endpoints (MCP Server Card, API Catalog, OAuth metadata), configuring robots.txt and sitemap for discoverability, serving Markdown via content negotiation, controlling bot access with Content Signals and Web Bot Auth, and optionally integrating agentic commerce protocols (x402, UCP, ACP). Includes concrete JSON examples, common pitfalls like RLS issues with Bearer tokens, and end-to-end testing with Claude Code.
Table of contents
The MCP 🔗1. The MCP server 🔗2. OAuth 2.1 with PKCE and Dynamic Client Registration 🔗3. Protocol Discovery: telling agents you exist 🔗4. Discoverability: the boring-but-required bits 🔗5. Content Accessibility: Markdown content negotiation 🔗6. Bot Access Control: who can read your content, who can train on it 🔗7. Commerce: x402, UCP, ACP 🔗Testing it end-to-end 🔗References 🔗Sort: