·11 min read

The 15 Best MCP Servers for Coding in 2026

We ranked the 15 best MCP servers for coding in 2026 — GitHub, Playwright, Context7, and more — with install snippets, token costs, and security notes.

The best MCP servers for coding are the ones that give your agent context it can't get from the filesystem: the GitHub MCP server for pull requests and CI, Playwright for a real browser, Context7 for current library docs, and a database server for your actual schema. MCP (Model Context Protocol) is the open standard that lets tools like Claude Code, Cursor, and Windsurf call out to these external systems mid-task, so your agent stops guessing and starts checking.

If you only install three, make it GitHub, Playwright, and Context7 — they cover code review, verification, and documentation, the three places agents most often go wrong. Everything past that depends on your stack. If you're new to the protocol itself, start with what an MCP server actually is; this post assumes the basics and focuses on which servers earn their place.

How we ranked the best MCP servers for coding

We use these servers in daily work across Claude Code, Cursor, and Windsurf, and ranked them on four things:

  1. Impact — how often the server changes the agent's output for the better, not just adds a capability you'll never invoke.
  2. Token cost — every connected server injects its tool definitions into your context window on every request. A server with dozens of tools has to justify that overhead.
  3. Setup friction — one command is great; API key scavenger hunts are not.
  4. Security posture — sane defaults like read-only modes, OAuth instead of pasted tokens, and scoped access.

One meta-rule before the list: fewer is better. The ranking below is a menu, not a shopping list. Pick 3–5 for a given project and skip the rest.

The 15 best MCP servers for coding, ranked

1. GitHub MCP server

The official GitHub MCP server is the highest-impact connection for most developers. It lets your agent read and comment on pull requests, search code across repos, triage issues, and inspect failing CI runs — the exact context you'd otherwise paste in by hand. It runs as a hosted remote server with OAuth or as a local process. One caveat: it exposes a lot of tools, so enable only the toolsets you use (repos, issues, PRs) rather than everything.

2. Playwright MCP

Microsoft's Playwright MCP gives your agent a real browser it can drive through the accessibility tree — navigate, click, fill forms, read the page. It turns "I made the change" into "I made the change and verified it renders." For anyone doing frontend work with an agent, this is the difference between plausible code and working code.

3. Context7

Context7 fetches current, version-specific documentation for libraries and frameworks and injects it into context on demand. It directly attacks the most common agent failure mode: confidently writing against an API that changed two majors ago. If your dependencies move fast (Next.js, anything in the AI SDK space), this pays for itself daily.

4. Chrome DevTools MCP

Google's Chrome DevTools MCP exposes what you'd normally see in the DevTools panel: console messages, network requests, and performance traces. Where Playwright is for driving the browser, this is for debugging it — "why is this request 404ing" or "what's spamming the console" become questions the agent can answer itself.

5. Sentry MCP

The Sentry MCP server pulls production errors, stack traces, and issue context straight into your session. Instead of describing a crash to your agent, you point it at the Sentry issue and it works from the real stack trace. Hosted with OAuth, so setup is quick.

6. Postgres MCP server

A Postgres MCP server lets the agent inspect your real schema and run queries instead of inferring table shapes from ORM files. Great for writing migrations and debugging data issues. Connect it with a read-only role — the agent doesn't need DELETE to be useful.

7. Linear MCP

Linear's hosted MCP server puts your issue tracker in reach: the agent reads the ticket it's implementing, checks acceptance criteria, updates status, and files follow-ups. It closes the loop between "what was asked" and "what got built" without you copy-pasting ticket text.

8. Figma MCP

Figma's Dev Mode MCP server feeds real design context — components, variables, layout values — to your agent instead of a screenshot approximation. If your team hands off designs in Figma, this noticeably tightens design-to-code fidelity.

9. Supabase MCP

The Supabase MCP server manages your projects, tables, migrations, and logs conversationally. It's the fastest path from "agent wrote the feature" to "agent also wired up the backing table." Point it at a development project, not production.

10. Cloudflare MCP

Cloudflare ships MCP servers for its docs and platform — useful for looking up Workers APIs, checking bindings, and pulling observability data. If you deploy on Workers, the docs server alone prevents a lot of hallucinated configuration.

11. Grafana MCP

The Grafana MCP server lets an agent search dashboards and run Prometheus and Loki queries during an investigation. For incident debugging with an agent — "when did latency spike, and what deployed around then" — it turns dashboards into queryable context.

12. Filesystem MCP server

The reference filesystem server provides scoped read/write access to directories you allowlist. Claude Code, Cursor, and Windsurf already have native file tools, so skip it there — but it matters for MCP clients that don't, and the explicit directory scoping is a genuinely good security pattern.

13. Sequential Thinking MCP

A reference server with essentially one tool: a scratchpad that forces stepwise, revisable reasoning on gnarly problems. It's nearly free in token terms and occasionally rescues an agent from committing to a bad plan early. Low ceiling, but the cost is so small it's easy to justify.

14. Memory MCP server

The reference memory server maintains a knowledge-graph store that persists across sessions — entities, relations, observations. Used deliberately ("remember that our staging DB is refreshed nightly"), it reduces re-explaining. Used carelessly, it accumulates stale facts, so prune it like you'd prune a config file.

15. localskills MCP server

Disclosure: this one is ours. The localskills MCP server lets agents search the skill registry and install skills over MCP, with OAuth and scoped access. Instead of you hunting for a well-written convention or workflow, the agent can find and pull in a versioned skill mid-session. Details are in the docs.

All 15 at a glance

ServerBest forRuns as
GitHubPRs, issues, CI contextRemote or local
PlaywrightBrowser automation and verificationLocal
Context7Current library docsRemote or local
Chrome DevToolsFrontend debuggingLocal
SentryProduction errorsRemote
PostgresSchema and query accessLocal
LinearIssue tracking contextRemote
FigmaDesign-to-codeLocal (Dev Mode)
SupabaseBackend managementLocal
CloudflareWorkers docs and platformRemote
GrafanaObservability queriesLocal
FilesystemScoped file accessLocal
Sequential ThinkingStructured reasoningLocal
MemoryCross-session memoryLocal
localskillsSkill search and installRemote

Install snippets for Claude Code, Cursor, and Windsurf

The same servers work across all three tools; only the config location differs.

Claude Code — one command per server, stdio or HTTP:

# Local (stdio) server via npx
claude mcp add playwright -- npx -y @playwright/mcp@latest

# Remote (HTTP) server
claude mcp add --transport http github https://api.githubcopilot.com/mcp/

Use claude mcp list to confirm what's connected, and --scope project to commit the config for your team. The full walkthrough — scopes, auth, troubleshooting — is in our Claude Code MCP guide.

Cursor — add servers to .cursor/mcp.json in the project (or ~/.cursor/mcp.json globally):

{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": ["-y", "@playwright/mcp@latest"]
    }
  }
}

Windsurf — same shape, in ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": ["-y", "@playwright/mcp@latest"]
    }
  }
}

Restart or refresh the tool after editing JSON configs so the server list reloads.

Token cost: when a server isn't worth its context

Every MCP server you connect injects its tool names, descriptions, and parameter schemas into the model's context on every single request — whether or not the agent uses them. Connect ten servers and you can burn a meaningful slice of your context window before you've typed a word, which means less room for your actual code and worse instruction-following.

Practical rules:

  • Connect 3–5 servers per project, not 15. The ranking above is ordered so you can cut from the bottom.
  • Measure it. In Claude Code, run /context and look at how much MCP tool definitions consume. If a server you haven't invoked in a week is eating context, remove it.
  • Prefer servers with few, focused tools. A server exposing 40 tools you use 2 of is a bad trade; check whether it supports enabling subsets (the GitHub server's toolsets, for example).
  • Scope per project. Your Figma server has no business in a backend-only repo.

We've written a deeper breakdown of this failure mode — including how tool bloat degrades output quality, not just cost — in too many MCP tools: the token bloat problem.

Security notes before you connect anything

MCP servers run with real credentials and feed untrusted content into your model, so treat each connection like adding a dependency:

  • Prompt injection is the headline risk. Anything a server returns — an issue comment, a web page, a database row — can contain text that tries to steer your agent. Be most careful with servers that read arbitrary external content, and keep a human in the loop for destructive actions.
  • Scope credentials down. Read-only database roles, fine-grained tokens over classic PATs, OAuth flows over long-lived keys pasted into JSON.
  • Pin versions. npx -y some-server@latest executes whatever was published last night. Pin a version for anything you didn't author.
  • Prefer official servers. For a given service, use the vendor's server over a random third-party wrapper with the same name.
  • Audit project-level configs in code review. A .cursor/mcp.json committed to the repo is an execution vector; review changes to it like you'd review a CI workflow.

The complete checklist — allowlists, sandboxing, and what to log — is in our guide to MCP security best practices.

FAQ: MCP servers for developers

What are the best MCP servers for Claude Code?

The same top picks apply: the GitHub MCP server, Playwright, and Context7 are the best MCP servers for Claude Code for most developers, plus a database server for your stack. Skip the filesystem server — Claude Code already has native file tools, so it would only duplicate capability and cost context.

How many MCP servers should I connect at once?

Three to five per project. Tool definitions from every connected server load into context on each request, so past a handful you pay in tokens and in degraded instruction-following. Configure servers per project rather than globally.

Do MCP servers work the same in Cursor and Windsurf?

Yes. Both use the same protocol and a nearly identical mcpServers JSON config — only the file location differs (.cursor/mcp.json vs ~/.codeium/windsurf/mcp_config.json). A server that works in one almost always works in the others.

Are MCP servers safe to use?

They're as safe as the credentials and content you give them. The main risks are prompt injection through returned content and over-scoped tokens. Stick to official servers, scope credentials read-only where possible, pin versions, and review project-level MCP configs like any other executable change.


MCP servers give your agent tools; skills give it judgment about how to use them. Sign up for localskills.sh to publish and share versioned skills and rules across Claude Code, Cursor, and Windsurf.

npm install -g @localskills/cli
localskills login
localskills install your-org/your-first-skill