// GLOSSARY -- MCP & TOOL INFRASTRUCTURE

What is the stdio Transport?

2 min read Updated

The stdio transport is the local MCP transport in which the client launches the MCP server as a subprocess and exchanges newline-delimited JSON-RPC messages over the server's standard input and standard output.

WHY IT MATTERS

stdio is one of two standard transports defined by the Model Context Protocol, alongside the Streamable HTTP transport. The spec says clients SHOULD support stdio whenever possible, and it remains the default way to run a local MCP server from clients like Claude Code or Cursor.

The mechanics are deliberately simple: the client spawns the server process, writes JSON-RPC messages to its stdin, and reads responses from its stdout. Messages are delimited by newlines and must not contain embedded newlines. The server may write logs to stderr, but must not write anything to stdout that is not a valid MCP message.

The transport choice has operational consequences:

  • Process lifetime — the server lives and dies with the client session; shutdown is signalled by closing stdin, then SIGTERM, then SIGKILL.
  • Credentials via environment — stdio servers typically receive API keys as environment variables in the client's MCP JSON configuration, with the full privileges of the local user.
  • No network authorisation layer — there is no HTTP layer, so MCP's OAuth-based authorisation does not apply; access control is whatever the local process can reach.
  • Invisible to network controls — traffic never crosses a network boundary, so proxies and egress filters cannot observe it.

See stdio transport working in your own stack — route your MCP servers through PolicyLayer and every tool call is checked against policy before it runs.

GOVERN YOUR MCP SERVERS →

Enforced before the call runs. Nothing to install.

HOW POLICYLAYER USES THIS

PolicyLayer's public catalogue at policylayer.com/tools classifies the tools exposed by thousands of MCP servers, most of which are distributed as stdio packages on npm. The npx policylayer CLI scans the stdio servers in a local MCP configuration and reports per-tool risk before they reach an AI client.

For fleet enforcement, teams route clients through the PolicyLayer gateway over HTTP, which brings the policy evaluation and audit trail that a directly-spawned stdio subprocess cannot provide on its own.

Browse the MCP server catalogue →

FREQUENTLY ASKED QUESTIONS

When should I use stdio instead of Streamable HTTP?
Use stdio for servers that run on the same machine as the client, such as filesystem or local development tooling. Use Streamable HTTP for remote servers, shared deployments, or anywhere you need network-level authentication and session management.
How are messages framed on the stdio transport?
Each JSON-RPC request, notification, or response is a single line: messages are delimited by newlines and must not contain embedded newlines. All messages must be UTF-8 encoded.
Can a stdio server log without corrupting the protocol?
Yes. The server may write UTF-8 log strings to stderr, which the client may capture, forward, or ignore. Only stdout is reserved for MCP messages.

FURTHER READING

Let agents act without letting them run wild.

Route your MCP servers through PolicyLayer and every tool call is checked against your policy before it runs — allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

GOVERN YOUR MCP SERVERS →

Free to start. No card required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.