Core concepts
How Noodle Seed turns one server.ts into a governed, multi-tenant MCP server. Authoring, compilation, the shared runtime, tenancy, connectors, credentials, and policy.
Noodle Seed is built on one idea: thin language, fat runtime. You author a small, declarative description of your server, and a large shared runtime does the work of serving it.
Thin language, fat runtime
Every MCP server needs the same machinery: a protocol server, request validation, HTTP clients, retries, auth, and policy. Building that into each project is repetitive and hard to review. Noodle Seed keeps that machinery in a runtime that is written once and shared, so your server stays small.
Your server is data
server.ts compiles to a small, portable artifact that references capabilities rather
than implementing them. It describes tools, resources, prompts, and connector operations. It reads
and diffs like data.
The runtime is a shared engine
A stateless, multi-tenant runtime holds the protocol layer, schema validation, connector execution, the credential broker, and the policy gate. It is built once and serves every server.
The payoff is reviewability (a server is data you can read), reuse (every connector and capability the runtime gains benefits every server), and scale (one runtime serves many servers).
The pipeline: author, compile, serve
You edit only server.ts. The compiler validates structure, resolves schemas, checks connector
references against the catalog, and derives the advertised capabilities, producing a normalized
runtime artifact that the platform stores and versions. A shared, stateless runtime loads a tenant's
artifact on demand and serves MCP over HTTP. Shipped
The artifact is internal
The compiled manifest and runtime artifact are a system-owned intermediate representation for the
compiler, runtime, and tooling. They are not an authoring surface: you never hand-write or edit
manifest JSON. server.ts is the one place you author.
Multi-tenancy and routing
The runtime is multi-tenant: one deployment serves many servers. Every request is routed by
server identity and validated against that tenant's own manifest, issuer, policy, connector
catalog, and credential scope, so tenants stay isolated. Hosted servers live under a path like
/o/{org}/{app}/mcp, following the Org > App > Env > Deployment hierarchy.
Shipped for tenant routing and Google-membership-gated
management. Wildcard org subdomains and the full per-org governance layer are
Roadmap.
The MCP surface
Your server exposes standard MCP capabilities, backed by fulfilment flows:
Tools
Typed actions the model can call. Zod input/output, a fulfil flow.
Resources
Readable context at a fixed URI (docs://changelog) or a {var} template (case://{case_id}).
Prompts
Reusable, argument-driven prompt templates surfaced through prompts/list.
Apps & widgets
React UI delivered as a ui:// MCP App resource, linked to a tool.
Partial (Phase 2)
Connectors as data
Backing systems (a SaaS API, a first-party service, your own API) are normalized into connectors.
A connector publishes operations with a uniform shape, so a tool calls booking.create_appointment
or stripe.create_payment_link the same way. The server references operations; it never embeds the
implementation.
- HTTP connectors call real APIs with declarative request/response mapping and SSRF-guarded, allowlisted hosts. Shipped
- Compute connectors run self-contained TypeScript in a sandbox with no ambient authority (no network, filesystem, secrets, or tokens) when a bit of logic is genuinely needed. Shipped
- Adopting an external MCP server or generating a connector from an OpenAPI spec as a first-class
connector is Roadmap. (
noodle import openapitoday generates starter code, not a managed connector.)
Credentials and the broker
Noodle Seed never forwards an inbound MCP or OAuth bearer token to a business backend. Instead the credential broker exchanges validated identity for a downstream-scoped credential, and secrets never appear in manifests, logs, widget payloads, or artifacts.
- Service credentials (the connector's own bearer, API key, or OAuth2 client-credentials) are resolved per tenant by the broker. Shipped
- Per-user delegated credentials (end-user OAuth,
${user.*}) are Roadmap (Phase 3).
Policy is central
Authorization, quotas, rate limits, redaction, and audit happen in the runtime before any
connector side effect. A UI-initiated tool call from a widget re-enters the same authentication and
policy path as a model-initiated call. The admission gate (allow / deny 403 / limit 429) is
Alpha; the full policy engine, audit, and OpenTelemetry
tracing are Roadmap (Phase 4).
A request, end to end
Design principles
Noodle Seed's design follows seven principles:
- Thin language, fat runtime. The server references capabilities; complexity lives in the runtime.
- Structure is declarative, logic is the exception. Selecting capabilities and mapping data is declarative; arbitrary code is an explicit, sandboxed exception.
- One construct for every backing system. Everything is a connector with a uniform reference shape.
- Operation signatures are contracts. Connectors publish names, inputs, outputs, auth, and errors; servers reference, never embed.
- State is explicit and visible. Within a call, data flows through named steps; across calls, state passes as explicit handles.
- Validation has two layers. Static schema validation plus compile-time resolution against the live catalog, then runtime validation of inbound calls and connector results.
- Policy is central. Governance runs in the runtime before connector side effects.
What is shipped today
Status
Noodle Seed is in alpha. This table reflects docs/STATUS.md at the time of writing.
| Capability | Status |
|---|---|
Author server.ts, compile to artifact, serve from a shared stateless runtime | Shipped |
| Multi-tenant routing by server identity | Shipped |
| Tools, resources, prompts | Shipped |
| HTTP connectors + sandboxed compute connectors | Shipped |
| Credential broker: service credentials | Shipped |
| Local dev, validate, deploy, rollback, secrets, variables | Shipped |
Apps & widgets (React view to ui://) | Partial (Phase 2) |
| Policy admission gate | Alpha |
| Per-user delegated OAuth credentials | Roadmap (Phase 3) |
| Connector adoption (import MCP / OpenAPI to connector) | Roadmap |
| Full policy engine, audit, OpenTelemetry | Roadmap (Phase 4) |
| Resumable / suspending flows | Roadmap |
Build with coding agents
Noodle Seed is built for agentic engineering. Author MCP servers with Codex and Claude Code using project-local agent files, a self-correcting validate loop, and ready-to-paste prompts.
SDK reference
Every export of the @noodleseed/one authoring SDK, with signatures and import paths. The complete surface a coding agent authors against.