Model Context Protocol (MCP)
MCP is an open protocol (created by Anthropic, now widely adopted) for connecting AI agents to external tools, data sources, and services. An MCP server exposes resources (data) and tools (actions); an MCP client (the agent) connects and uses them.
MCP is USB-C for AI agents — one protocol, any device. Plug a Postgres server, plug a GitHub server, plug a Slack server; the agent (laptop) just uses the cable.
Architecture: client (Claude Code, Cursor, etc.) ↔ stdio or Streamable HTTP transport ↔ MCP server (separate process). The server advertises its tools and resources via JSON-RPC. The client surfaces them to the model as tools. MCP is what makes 'connect Claude to GitHub/Slack/Postgres' work without each app building bespoke integrations. Servers are usually written in TypeScript or Python with the official SDKs.
MCP separates the protocol (how clients and servers talk) from the implementations. A single Postgres MCP server works in Claude Code, Cursor, Continue.dev, etc. — if they all speak MCP. Transport layers: stdio (local, simple) and Streamable HTTP (remote, scalable — replaced the older HTTP+SSE transport from spec 2024-11-05). Auth varies by server — usually env vars or OAuth flows. Discovery: the client lists tools at startup; tool schemas count toward context window like any other tool. Limitations: MCP servers are processes, so startup time and resource usage matter; bad servers can leak file descriptors or hang. Trust model: MCP servers run with full user permissions — vetted servers only.
MCP is an open protocol Anthropic created so AI agents can connect to external tools without each agent building bespoke integrations. An MCP server exposes tools and resources; an MCP client (the agent) lists them and lets the model call them. The win is portability: a Postgres MCP server works in Claude Code, Cursor, and any other MCP-aware client. Transports are stdio for local servers and Streamable HTTP for remote (the older HTTP+SSE transport is deprecated). Trust is the gotcha — MCP servers run with full user permissions, so I only install vetted ones.
Treating MCP servers as untrusted by default. They run locally with your shell's permissions — a malicious or buggy server can read your home directory, exfiltrate keys, or run arbitrary commands. Install MCP servers like you install npm packages: from sources you trust.