Companion to the talk. Each lab is one static page with a copy-pasteable recipe you run on your laptop. We start with the six-line hello world, pivot it to production transport, wire in three of your own functions, then bolt on the OAuth handshake. No SDK shortcuts. You write the server.
What you build tonight: a working MCP server with three tools an agent can call, reachable over the public internet.FastMCP, one decorator, one tool, one run() call. The minimum legal MCP server. Boot it over stdio and call add(a, b) with a raw JSON-RPC ping. Ninety seconds to "the server lives."
Change one argument and the same server speaks production transport at /mcp. Then expose it to the public internet with ngrok and curl the endpoint from anywhere. The single most memorable lesson of the night.
Wrap three real functions as tools, then expose a Resource so the agent has context, not just actions. Watch a verbose schema make a small model fail, then fix it in one line. Your repo becomes agent-callable.
Serve /.well-known/oauth-protected-resource, return a 401 with a WWW-Authenticate pointer, and watch a client discover where to get a token. The step you skip in dev and pay for in prod. Don't roll your own.
Laptop. Python 3.11+. pip install fastmcp (v3.x). A free ngrok account for Lab 02 (the authtoken takes a minute to mint). No API keys, no cloud account, no GPU. Everything runs local until you choose to expose it.
Twenty minutes: do 01 then 02. You leave with a public MCP server. Full hour: all four in order, each builds the mental model the next one needs. Lab 04 is the one most people skip, so we make it the smallest stub that still proves the handshake.
All four labs are single-file, no build step, view-source friendly. Every Python recipe is ASCII-only so it runs on Windows without UnicodeEncodeError (the cp1252 trap that has killed workshops before). Lift any pattern you want.