Model Context Protocol (MCP)

The Model Context Protocol (MCP) is an open-source specification designed to standardize how AI applications provide context to and interact with Large Language Models (LLMs). Its primary goal is to create a universal interface, much like USB-C for hardware, that decouples AI applications from the specific data sources and tools they need to function. This allows for a more modular and interoperable ecosystem of AI agents and workflows.

Core Architecture

MCP operates on a client-server architecture composed of two distinct layers.

Participants and Architecture

The protocol defines three key roles:

• MCP Host: The end-user AI application (e.g., an AI-powered IDE or a chat interface like Claude.ai). The Host manages one or more MCP Clients.
• MCP Client: A component within the Host that is responsible for maintaining a dedicated, one-to-one connection with a single MCP Server.
• MCP Server: A program that provides context or capabilities. A server can be a local process (e.g., accessing a local filesystem) or a remote service (e.g., connecting to Sentry or a database).

The Host application can connect to multiple MCP servers simultaneously, instantiating a separate client for each connection. This allows an AI application to aggregate context and tools from various sources—like a filesystem, a database, and a project management tool—at the same time.

The Two Layers

MCP's architecture is split into two layers that handle different aspects of communication:

Transport Layer
This is the outer layer responsible for the communication channel. It handles how messages are physically sent and received, including connection establishment and authentication. MCP supports two transport mechanisms:

• Stdio: Uses standard input/output for efficient, low-overhead communication between processes on the same machine.
• Streamable HTTP: Uses HTTP POST requests (with optional Server-Sent Events for streaming) to communicate with remote servers, allowing for standard web authentication methods like OAuth.

Data Layer
This is the inner layer that defines the content and structure of the communication. It uses the JSON-RPC 2.0 specification to define the messages. This layer manages the protocol's lifecycle (initialization, capability negotiation) and the core primitives used to exchange context.

The Primitives

The core of MCP's functionality lies in its primitives, which are the specific types of information and capabilities that clients and servers can offer each other.

Server-Exposed Primitives
These are the capabilities that an MCP Server can provide to an AI application (the Host).

• Tools: Executable functions that the LLM can call to perform actions, like querying a database, sending an email, or calling an API. The server defines the tool's name, description, and input schema.
• Resources: Data sources that provide context to the application, such as file contents, database records, or API responses. The application can read these resources and decide how to use them (e.g., pass them to the LLM as context).
• Prompts: Reusable, parameterized templates that help structure interactions and workflows. For example, a server could offer a "plan-vacation" prompt that guides the user and LLM through the necessary steps.

Client-Exposed Primitives
These are capabilities that the Host application can provide to an MCP Server, allowing for more dynamic and interactive experiences.

• Sampling: Allows a server to request an LLM completion from the client's host application. This is powerful because it lets a tool perform an "agentic" sub-task without needing its own LLM access or API keys. The host retains full control over the model call.
• Elicitation: Enables a server to pause its operation and request specific information from the end-user through a structured prompt. This is useful for confirmations or when required data is missing.
• Roots: Allows a client to define filesystem boundaries (i.e., root directories) to guide a server's operations, ensuring it only works within relevant and permitted project folders.

Limitations and Technical Considerations

MCP presents a powerful and structured approach, but its design comes with inherent challenges and limitations.

Implementation Complexity
MCP is a stateful protocol with a defined lifecycle, capability negotiation, and multiple primitives. This introduces more implementation overhead compared to using simple, stateless REST APIs. Developers must manage connection states, handle notifications, and correctly implement the JSON-RPC message flow, which can be more complex than standard web requests.

Security and Trust Burden on Implementors
The MCP specification explicitly states that it cannot enforce security principles at the protocol level. The responsibility for safe implementation falls entirely on the developers of the Host application. The Host must:

• Obtain explicit user consent for every tool execution and data access.
• Build robust UI/UX for reviewing and authorizing actions to prevent unintended consequences.
• Handle potential prompt injection through tools, sampling, and elicitation requests. This places a significant trust and safety burden on the application developer, as a poorly implemented Host could easily expose users to risks.

Ecosystem Dependency
The value of a standardized protocol like MCP is directly proportional to the size and quality of its ecosystem. While it allows for custom integrations, its true power as a "USB-C for AI" depends on the wide availability of third-party MCP servers. If the ecosystem of pre-built servers remains small, the utility of adopting the protocol is diminished.

State Management Challenges
Stateful connections are powerful but can be brittle. Managing reconnections, synchronizing state after a disconnection, and ensuring consistency across multiple active servers can be challenging, especially in distributed or unreliable network environments. The protocol relies on notifications (list_changed) to keep state synchronized, which requires careful handling on the client side.