Model Context Protocol (MCP): The Universal Standard for AI Tool Integration
on Mcp, Ai integration, Llm, Developer tools, Anthropic
Model Context Protocol (MCP): The Universal Standard for AI Tool Integration
Every developer building AI-powered applications in the last two years has faced the same problem: wiring your LLM to external data sources and tools is a spaghetti nightmare. You write custom integration code for every combination — OpenAI + Notion, Claude + GitHub, Gemini + Postgres. Each integration is bespoke, fragile, and impossible to reuse.
Model Context Protocol (MCP) changes that. It’s an open, JSON-RPC-based protocol that standardizes how AI models connect to external resources. Think of it as the USB-C of AI integration — one standard plug for everything.
The Problem MCP Solves
Before MCP, connecting an LLM to external tools meant:
- Writing custom function-calling schemas for each model provider
- Building bespoke authentication flows per integration
- Duplicating logic across every AI product you ship
- Breaking changes in the LLM API rippling through all your integrations
The result: teams spent more time on integration plumbing than on actual AI features. A small company wanting to connect their LLM assistant to Slack + Jira + Postgres needed three separate, non-transferable implementations.
MCP inverts this. Now you build one MCP server for Postgres, and every MCP-compatible model client — Claude, Cursor, Windsurf, your custom app — can use it immediately.
Core Architecture
MCP is built on three primitives:
1. Servers
MCP Servers expose capabilities — tools, resources, and prompts — over the protocol. A server can be:
- A local process communicating over
stdio - A remote service communicating over HTTP with Server-Sent Events (SSE)
from mcp.server import Server
from mcp.server.models import InitializationOptions
import mcp.types as types
server = Server("my-database-server")
@server.list_tools()
async def handle_list_tools() -> list[types.Tool]:
return [
types.Tool(
name="query_database",
description="Execute a read-only SQL query against the analytics database",
inputSchema={
"type": "object",
"properties": {
"query": {
"type": "string",
"description": "SQL SELECT query to execute"
}
},
"required": ["query"]
}
)
]
@server.call_tool()
async def handle_call_tool(name: str, arguments: dict) -> list[types.TextContent]:
if name == "query_database":
result = await db.execute(arguments["query"])
return [types.TextContent(type="text", text=str(result))]
raise ValueError(f"Unknown tool: {name}")
2. Clients
MCP Clients are the AI applications that consume servers. They maintain connections, discover capabilities, and pass tool calls through to the model.
import { Client } from "@modelcontextprotocol/sdk/client/index.js";
import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
const client = new Client({ name: "my-app", version: "1.0.0" }, {
capabilities: { tools: {} }
});
const transport = new StdioClientTransport({
command: "python",
args: ["./my_mcp_server.py"]
});
await client.connect(transport);
// Discover what the server offers
const tools = await client.listTools();
console.log(tools.tools.map(t => t.name));
// ["query_database"]
// Call a tool
const result = await client.callTool({
name: "query_database",
arguments: { query: "SELECT COUNT(*) FROM users WHERE active = true" }
});
3. The Three Capability Types
| Capability | Direction | Description |
|---|---|---|
| Tools | Model → Server | Functions the model can invoke (database queries, API calls, file operations) |
| Resources | Server → Model | Data the server exposes for the model to read (files, live feeds, context documents) |
| Prompts | Server → Model | Reusable prompt templates with arguments |
Building Your First MCP Server
Let’s build a production-ready MCP server that gives AI models access to a REST API:
#!/usr/bin/env python3
"""MCP server for GitHub integration"""
import asyncio
import httpx
from mcp.server import Server
from mcp.server.stdio import stdio_server
import mcp.types as types
API_TOKEN = os.environ["GITHUB_TOKEN"]
BASE_URL = "https://api.github.com"
server = Server("github-mcp")
async def gh_get(path: str) -> dict:
async with httpx.AsyncClient() as client:
r = await client.get(
f"{BASE_URL}{path}",
headers={
"Authorization": f"Bearer {API_TOKEN}",
"Accept": "application/vnd.github+json",
"X-GitHub-Api-Version": "2022-11-28",
}
)
r.raise_for_status()
return r.json()
@server.list_tools()
async def list_tools() -> list[types.Tool]:
return [
types.Tool(
name="list_repos",
description="List repositories for an organization or user",
inputSchema={
"type": "object",
"properties": {
"owner": {"type": "string", "description": "GitHub org or username"}
},
"required": ["owner"]
}
),
types.Tool(
name="get_pull_requests",
description="Get open pull requests for a repository",
inputSchema={
"type": "object",
"properties": {
"owner": {"type": "string"},
"repo": {"type": "string"},
"state": {
"type": "string",
"enum": ["open", "closed", "all"],
"default": "open"
}
},
"required": ["owner", "repo"]
}
),
]
@server.call_tool()
async def call_tool(name: str, arguments: dict) -> list[types.TextContent]:
try:
if name == "list_repos":
data = await gh_get(f"/orgs/{arguments['owner']}/repos?per_page=30")
summary = [{"name": r["name"], "stars": r["stargazers_count"],
"language": r["language"]} for r in data]
return [types.TextContent(type="text", text=str(summary))]
elif name == "get_pull_requests":
owner, repo = arguments["owner"], arguments["repo"]
state = arguments.get("state", "open")
data = await gh_get(f"/repos/{owner}/{repo}/pulls?state={state}")
prs = [{"number": pr["number"], "title": pr["title"],
"author": pr["user"]["login"], "created_at": pr["created_at"]}
for pr in data]
return [types.TextContent(type="text", text=str(prs))]
raise ValueError(f"Unknown tool: {name}")
except httpx.HTTPStatusError as e:
return [types.TextContent(
type="text",
text=f"GitHub API error: {e.response.status_code} — {e.response.text}"
)]
async def main():
async with stdio_server() as (read_stream, write_stream):
await server.run(read_stream, write_stream, InitializationOptions(
server_name="github-mcp",
server_version="0.1.0",
capabilities=server.get_capabilities(
notification_options=None,
experimental_capabilities={}
)
))
if __name__ == "__main__":
asyncio.run(main())
Configure it in Claude Desktop’s claude_desktop_config.json:
{
"mcpServers": {
"github": {
"command": "python",
"args": ["/path/to/github_mcp_server.py"],
"env": {
"GITHUB_TOKEN": "ghp_..."
}
}
}
}
Now Claude can list repos, read PRs, and fetch code — all through a standardized interface that any MCP-compatible client can reuse.
Remote MCP Servers over HTTP+SSE
Stdio transport is great for local tools. For shared team infrastructure, you want remote MCP servers:
from mcp.server.fastmcp import FastMCP
from fastapi import FastAPI
# FastMCP makes it trivially easy to expose over HTTP
mcp = FastMCP("company-data-server")
@mcp.tool()
async def query_analytics(sql: str) -> str:
"""Run a read-only query against the analytics warehouse"""
result = await warehouse.execute(sql)
return result.to_markdown()
@mcp.resource("metrics://daily-summary")
async def daily_summary() -> str:
"""Today's key business metrics"""
metrics = await get_daily_metrics()
return metrics.to_json()
# Mount on FastAPI for HTTP transport
app = FastAPI()
app.mount("/mcp", mcp.get_asgi_app())
Teams can now share a single MCP server across all their AI tools, with proper auth, rate limiting, and monitoring at the HTTP layer.
The Ecosystem in 2026
MCP has exploded. As of early 2026:
- Claude Desktop, Cursor, Windsurf, Cline, and dozens of other AI clients natively support MCP
- 1,000+ official MCP servers on the official registry covering Slack, Google Drive, Jira, Salesforce, PostgreSQL, S3, and more
- All major cloud providers publish MCP servers for their services
- OpenAI and Google have announced MCP compatibility in their tool-calling APIs
The bet has paid off. MCP is becoming the standard.
Security Considerations
MCP servers have real permissions. Get security right:
1. Principle of least privilege — only expose the capabilities an AI actually needs. Don’t give read/write if read-only suffices.
2. Input validation — treat MCP tool arguments like untrusted user input. SQL injection through LLM tool calls is a real attack vector.
import sqlparse
@server.call_tool()
async def call_tool(name: str, arguments: dict):
if name == "query_database":
query = arguments["query"]
# Reject anything that's not a SELECT
parsed = sqlparse.parse(query)[0]
if parsed.get_type() != "SELECT":
raise ValueError("Only SELECT queries are permitted")
# Use parameterized queries, not string interpolation
...
3. Authentication for remote servers — use OAuth 2.0 or API keys with short expiry. Never hardcode credentials.
4. Audit logging — log every tool call with the initiating session, timestamp, and arguments. AI tool calls should be as auditable as human API calls.
Key Takeaways
MCP is the right abstraction at the right time. It solves a real problem — integration sprawl in AI applications — with a simple, extensible protocol.
If you’re building AI tooling in 2026, the calculus is clear:
- Build MCP servers instead of provider-specific function schemas
- Use remote HTTP transport for shared team infrastructure
- Start with the official SDK (Python or TypeScript) — don’t hand-roll the protocol
- Take security seriously from the start — MCP servers are privileged
The ecosystem is maturing fast. Build on the standard.
이 글이 도움이 되셨다면 공감 및 광고 클릭을 부탁드립니다 :)
