Skip to main content

Overview

Server-Sent Events (SSE) provide a standard way for a web server to send updates to a client over a single, long-lived HTTP connection. In the context of MCP, SSE is used for remote servers to stream data (like tool responses) to your CrewAI application in real-time.

Key Concepts

  • Remote Servers: SSE is suitable for MCP servers hosted remotely.
  • Unidirectional Stream: Typically, SSE is a one-way communication channel from server to client.
  • MCPServerAdapter Configuration: For SSE, you’ll provide the server’s URL and specify the transport type.

Connecting via SSE

You can connect to an SSE-based MCP server using two main approaches for managing the connection lifecycle: Using a Python context manager (with statement) is the recommended approach. It automatically handles establishing and closing the connection to the SSE MCP server.
Replace "http://localhost:8000/sse" with the actual URL of your SSE MCP server.

2. Manual Connection Lifecycle

If you need finer-grained control, you can manage the MCPServerAdapter connection lifecycle manually.
You MUST call mcp_server_adapter.stop() to ensure the connection is closed and resources are released. Using a try...finally block is highly recommended.

Security Considerations for SSE

DNS Rebinding Attacks: SSE transports can be vulnerable to DNS rebinding attacks if the MCP server is not properly secured. This could allow malicious websites to interact with local or intranet-based MCP servers.
To mitigate this risk:
  • MCP server implementations should validate Origin headers on incoming SSE connections.
  • When running local SSE MCP servers for development, bind only to localhost (127.0.0.1) rather than all network interfaces (0.0.0.0).
  • Implement proper authentication for all SSE connections if they expose sensitive tools or data.
For a comprehensive overview of security best practices, please refer to our Security Considerations page and the official MCP Transport Security documentation.