CoursifyCoursify

Model Context Protocol (MCP)

Model Context Protocol (MCP)

Verified Sources
Jun 15, 2026

The Model Context Protocol (MCP) is an open standard introduced by Anthropic in November 2024 that standardizes how AI systems—particularly large language models (LLMs)—integrate with external data sources, tools, and services. Before MCP, developers faced what Anthropic described as the N×MN \times M integration problem: every AI application (NN) needed a custom connector for each data source (MM), resulting in exponential fragmentation. MCP replaces this with a single, universal protocol—often likened to "USB-C for AI".

At its core, MCP provides a standardized interface for three primitives: tools (model-controlled actions), resources (application-controlled data), and prompts (user-controlled workflow templates). The protocol uses JSON-RPC 2.0 as its wire format and supports multiple transport layers including standard I/O (stdio) and HTTP with Server-Sent Events (SSE).

MCP draws architectural inspiration from the Language Server Protocol (LSP), which standardized how programming languages integrate with development tools. In a similar way, MCP standardizes how context and tools integrate into the ecosystem of AI applications.

Footnotes

  1. Introducing the Model Context Protocol - Anthropic - Original announcement and motivation for MCP as a universal open standard.

  2. Model Context Protocol - Wikipedia - Summary of MCP's history, adoption by OpenAI and Google DeepMind, and key use cases.

  3. MCP Specification 2025-06-18 - modelcontextprotocol.io - Authoritative protocol specification including base protocol, authorization, and security requirements.

Understanding MCP — The Model Context Protocol

MCP Evolution and Adoption Timeline

MCP Announced

Nov 2024

Anthropic introduces MCP as an open standard with SDKs, local server support in Claude Desktop, and pre-built servers for GitHub, Postgres, Slack, and more."

OpenAI Adopts MCP

Mar 2025

OpenAI officially integrates MCP across ChatGPT Desktop, Agents SDK, and the Responses API. First MCP authorization specification (OAuth 2.1) released."

Google DeepMind Joins

Apr 2025

CEO Demis Hassabis confirms MCP support in Gemini, calling it 'an open standard for the AI agentic era.' Security researchers publish first MCP vulnerability analyses."

Microsoft & IDE Integration

May 2025

VS Code announces native MCP support in GitHub Copilot Agent Mode. Microsoft makes MCP generally available across Azure and Copilot ecosystems."

Spec Revision & Auth Solutions

Jun 2025

Major MCP spec revision (2025-06-18) addresses authorization concerns. Auth0, Stytch, WorkOS launch MCP authentication solutions."

Infrastructure Matures

Jul 2025

Cloudflare launches MCP server hosting infrastructure. MCP Registry launches for server discovery in September."

One-Year Anniversary Spec

Nov 2025

Spec 2025-11-25 adds Tasks API for async orchestration, Client ID Metadata Documents, and other advanced capabilities. 97M+ monthly SDK downloads reported."

Linux Foundation Stewardship

Dec 2025

Anthropic donates MCP to the newly formed Agentic AI Foundation under the Linux Foundation, with founding members including OpenAI, AWS, Google, Microsoft, and Block."

Architecture: Host, Client, and Server

MCP follows a client-server architecture with three core components working in concert:

ComponentRoleExample
HostThe LLM-powered application the user interacts withClaude Desktop, VS Code, Cursor
ClientAn intermediary managed by the host, maintaining a 1:1 connection with a specific serverProtocol negotiator, session manager
ServerA program implementing the MCP standard, exposing capabilitiesGitHub server, Postgres server, Slack server

The Host Process can connect to multiple MCP servers simultaneously, spinning up a dedicated MCP Client for each. This one-to-one mapping ensures security sandboxing and isolation between different data sources. Each client maintains a stateful session over which JSON-RPC 2.0 messages flow bidirectionally.

The initialization handshake is critical: before any tool calls, the client and server exchange capabilities, protocol version, and server metadata. This ensures compatibility and informs the host about what operations are available.

Footnotes

  1. Anthropic's Model Context Protocol: A Deep Dive - Medium - Detailed architecture explanation of host, client, and server components.

  2. How MCP Servers Work - WorkOS - In-depth look at MCP server components, request handling, session orchestration, and capability discovery. 2

Tools are the most commonly used MCP primitive. They are model-controlled—the LLM decides when and which tool to invoke based on user context.

Each tool has:

  • A name (unique identifier)
  • A description (natural-language guidance for the model)
  • An inputSchema (JSON Schema defining parameters)

Example tool definition:

1{
2  "name": "sql_query",
3  "description": "Execute a read-only SQL query against the database",
4  "inputSchema": {
5    "type": "object",
6    "properties": {
7      "query": { "type": "string" }
8    },
9    "required": ["query"]
10  }
11}

The LLM generates a structured tools/call request with arguments. The server processes it and returns results in a standardized format. Tools can return text, images, or embedded resources.

MCP Connection Lifecycle: From Handshake to Termination

  1. 1
    Step 1

    The host creates an MCP Client for each server it needs. The transport layer (stdio for local, HTTP/SSE for remote) is initialized, establishing the communication channel.

  2. 2
    Step 2

    The client sends an initialize request with its protocol version and capabilities. The server responds with its own version and capabilities. Both sides negotiate a compatible protocol version—if incompatible, the connection aborts. This ensures forward/backward compatibility.

  3. 3
    Step 3

    After initialization, the client queries the server's offerings: tools/list, resources/list, and prompts/list. Each returns structured metadata including names, descriptions, and input schemas. The client registers these with the host, making them available to the LLM.

  4. 4
    Step 4

    The LLM analyzes user input and decides which tools to call. The client sends tools/call requests with appropriate arguments. The server processes each request (e.g., queries a database, reads a file, sends a message) and returns structured results. Resources can also be read via resources/read.

  5. 5
    Step 5

    The stateful session maintains context across interactions. The server can send notifications (e.g., resources/updated when data changes). Subscriptions allow the client to receive real-time updates. This ongoing dialogue distinguishes MCP from simple one-off API calls.

  6. 6
    Step 6

    When the host shuts down or the connection is no longer needed, the client sends a shutdown notification or the transport is closed cleanly. Any pending requests are resolved before termination to prevent data loss.

Transport Layer: How Messages Move

The transport layer handles connection setup, message framing, and secure channel creation. MCP currently supports two transport mechanisms:

TransportUse CaseDirectionCharacteristics
stdioLocal serversBidirectional via stdin/stdoutFast, synchronous, no network overhead
Streamable HTTPRemote serversHTTP POST (client→server), SSE (server→client)Scalable, supports OAuth 2.1 authorization

Regardless of transport, all MCP messages use the JSON-RPC 2.0 format and must be UTF-8 encoded. The transport interface abstracts these details so that protocol logic remains consistent across different deployment scenarios:

1interface Transport {
2  start(): Promise<void>;
3  send(message: JSONRPCMessage): Promise<void>;
4  close(): Promise<void>;
5  onclose?: () => void;
6  onerror?: (error: Error) => void;
7  onmessage?: (message: JSONRPCMessage) => void;
8}

MCP defines four message types: Requests (expect a response), Results (successful responses), Errors (failure responses with code and message), and Notifications (fire-and-forget, no response expected).

Footnotes

  1. Transports – Model Context Protocol - Official documentation on transport layers: stdio, SSE, and the Transport interface specification. 2

MCP SDK Monthly Downloads Growth (2025)

Estimated monthly SDK downloads across all languages

When to Choose Which Primitive

Use tools when the LLM needs to decide what action to take (e.g., query a database, send a message). Use resources when the application should inject context automatically (e.g., project config files). Use prompts when users need standardized, repeatable workflows (e.g., code review templates, incident response playbooks). Choosing the right primitive is your first and most important MCP design decision.

Security Is Not Optional

MCP enables powerful capabilities including arbitrary data access and code execution. Every implementation MUST address: (1) User consent — explicit permission before accessing tools/resources, (2) Data protection — servers should not read sensitive data beyond what's needed, (3) Tool execution safety — users must approve destructive operations before execution, (4) OAuth 2.1 for remote servers — enforce authentication and authorization. MCP clients must not trust servers blindly; always validate and sanitize inputs/outputs.

Security Architecture

The MCP specification defines critical security and trust principles:

  1. User Consent and Control: Users must explicitly consent to all data access and operations. Clear UIs must be provided for reviewing and authorizing activities.
  2. Data Privacy: Servers must not read sensitive resources beyond what is explicitly requested. Tool results should not exfiltrate data beyond what is needed.
  3. Tool Safety: Users must retain control over what actions are taken. Dangerous operations require explicit approval.
  4. OAuth 2.1 Authorization: For remote servers, MCP embeds HTTP-level authorization using a subset of OAuth 2.1. MCP clients act as OAuth clients requesting access tokens from an authorization server.
  5. LLM Sampling Security: MCP servers can request the host's LLM to perform sampling (completions). This must require explicit user approval, as it allows servers to craft prompts that influence the model.

The N×MN \times M integration problem isn't just about quantity—it's about security surface area. Every custom integration is a potential attack vector. MCP reduces this to N+MN + M integrations (one per client, one per server), dramatically shrinking the attack surface.

Footnotes

  1. MCP Specification 2025-06-18 - modelcontextprotocol.io - Authoritative protocol specification including base protocol, authorization, and security requirements.

  2. Transports – Model Context Protocol - Official documentation on transport layers: stdio, SSE, and the Transport interface specification.

Industry Adoption: The De Facto Standard

By late 2025, MCP achieved remarkable adoption metrics:

  • 97M+ monthly SDK downloads across all languages
  • 10,000+ active MCP servers in production
  • Hundreds of distinct AI clients integrated with MCP
  • Virtually every major AI platform supports it
ProviderIntegration
AnthropicClaude Desktop, Claude APIs — native MCP support since launch
OpenAIChatGPT Desktop, Agents SDK, Responses API (March 2025)
Google DeepMindGemini models and SDK (April 2025)
MicrosoftCopilot, Azure AI Studio (May 2025)
MetaOpen-source tooling for MCP-based memory orchestration
IDEsVS Code, Cursor, Zed, Replit, Sourcegraph, Codeium
CloudCloudflare (MCP hosting), MongoDB, Auth0

In December 2025, Anthropic donated MCP to the newly formed Agentic AI Foundation under the Linux Foundation, with founding members including Block, OpenAI, AWS, Google, and Microsoft. This move ensures long-term governance neutrality and positions MCP as a community-driven standard.

Footnotes

  1. MCP Enterprise Adoption Guide - Deepak Gupta - Comprehensive analysis of MCP adoption timeline, market metrics (97M+ downloads), and Linux Foundation donation. 2

Frequently Asked Questions & Edge Cases

Advanced Capabilities: Async Orchestration & Beyond

The November 2025 specification update (2025-11-25) introduced significant new features:

  • Tasks API: Enables AI agents to kick off long-running asynchronous operations via MCP and check back later for results. This is crucial for workflows like data processing pipelines, multi-step tool invocations, or background computations that would otherwise block the interactive session.

  • Client ID Metadata Documents (CIMD): Simplify client registration and trust establishment, making it easier for servers to identify and authorize connecting clients without manual configuration.

  • Enhanced Authorization: Refined OAuth 2.1 implementation with clearer trust boundaries and security considerations.

These additions transformed MCP from a synchronous request-response protocol into a platform capable of orchestrating complex, multi-step agent workflows—exactly what the emerging generation of AI agents requires.

Footnotes

  1. MCP Enterprise Adoption Guide - Deepak Gupta - Comprehensive analysis of MCP adoption timeline, market metrics (97M+ downloads), and Linux Foundation donation.

Building Your First MCP Server

  1. 1
    Step 1

    Choose your language (Python or TypeScript are most common). Install the SDK:

    1# Python
2pip install mcp
3
4# TypeScript  
5npm install @modelcontextprotocol/sdk
  2. 2
    Step 2

    Use decorators to register tools, resources, and prompts:

    1from mcp.server.fastmcp import FastMCP
2
3mcp = FastMCP("my-server")
4
5@mcp.tool()
6def query_database(sql: str) -> str:
7    """Execute a read-only SQL query."""
8    return execute_sql(sql)
9
10@mcp.resource("resource://config")
11def get_config() -> str:
12    return json.dumps(app_config)
13
14@mcp.prompt()
15def review_code(file_path: str) -> str:
16    return f"Review the code at {file_path} for security, performance, and readability."
  3. 3
    Step 3

    For local development, use stdio. For remote deployment, use Streamable HTTP with SSE:

    1# stdio (local)
2mcp.run()  # Default is stdio transport
3
4# HTTP (remote)
5from mcp.server.sse import SseServerTransport
6transport = SseServerTransport("/messages")
7# Mount on HTTP server (e.g., Starlette, Express)
  4. 4
    Step 4

    Use the official MCP Inspector tool to validate your server. It connects to your server, discovers capabilities, and lets you test tool calls, resource reads, and prompt invocations interactively. This is essential for debugging before connecting to a real AI client.

  5. 5
    Step 5

    Configure your MCP server in an AI client (e.g., Claude Desktop's claude_desktop_config.json):

    1{
2  "mcpServers": {
3    "my-server": {
4      "command": "python",
5      "args": ["path/to/server.py"]
6    }
7  }
8}

    The client will discover your server at startup and register all its capabilities with the LLM.

The Bigger Picture: MCP and the AI Agent Revolution

MCP is not merely a protocol—it is an infrastructure layer for the agentic AI era. As AI agents move from simple chat interfaces to autonomous systems that plan, execute, and iterate across multiple tools and data sources, they need a standardized way to:

  1. Discover what tools and data are available
  2. Authenticate securely with enterprise systems
  3. Execute operations with user consent and oversight
  4. Maintain context across multi-step workflows
  5. Orchestrate asynchronously for long-running tasks

The analogy to LSP is instructive: before LSP, every editor needed custom support for every language. After LSP, any editor could support any language through a single protocol. MCP aims to do the same for AI-tool integration—any AI application can connect to any tool or data source through a single protocol.

The donation to the Linux Foundation signals that MCP is transitioning from an Anthropic project to an industry-standard infrastructure, much like how HTTP, SMTP, and USB became universal through open governance. Organizations investing now in MCP architecture, security, and integration patterns will be best positioned for the AI agent revolution it enables.

Footnotes

  1. MCP Specification 2025-06-18 - modelcontextprotocol.io - Authoritative protocol specification including base protocol, authorization, and security requirements.

  2. MCP Enterprise Adoption Guide - Deepak Gupta - Comprehensive analysis of MCP adoption timeline, market metrics (97M+ downloads), and Linux Foundation donation.

Knowledge Check

Question 1 of 5
Q1Single choice

What is the primary architectural pattern used by MCP for communication between AI applications and external systems?

Explore Related Topics

1

tRPC Crash Course: End-to-End Type Safe APIs

tRPC is a TypeScript‑only RPC framework that lets frontend code call backend functions with full, compile‑time type safety, no code generation, and minimal runtime overhead.

  • API endpoints are defined as simple TypeScript procedures (queries, mutations, subscriptions) grouped in routers.
  • The builder pattern lets you chain input validation, middleware, and the handler, creating reusable base procedures (e.g., protectedProcedure).
  • Context provides shared data (session, DB) to every procedure, while middleware can enforce auth, logging, or other cross‑cutting concerns.
  • Tight integration with Next.js (App or Pages Router) enables zero‑config type sharing and React Query hooks for caching and SSR.
  • Features like httpBatchLink batch multiple calls into one request, but tRPC is best for internal TypeScript services and isn’t suited for public non‑TS clients.
2

Model Quantization from First Principles

Model quantization maps high‑precision tensors to low‑bit integer representations using affine scaling, enabling smaller models and faster integer‑only inference while preserving the network’s input‑output behavior.

  • Affine quantization: q=round(r/s)+zq=\operatorname{round}(r/s)+z and r^=s(qz)\hat{r}=s(q-z), with scale ss and zero‑point zz chosen to fit [rmin,rmax][r_{\min},r_{\max}] into an integer range (e.g., [128,127][-128,127] for INT8).
  • Scale ss controls the trade‑off between rounding error (smaller ss → higher precision) and clipping error (larger ss → wider range).
  • Symmetric (r^=sq\hat{r}=sq) suits weight tensors; asymmetric (r^=s(qz)\hat{r}=s(q-z)) handles shifted activation ranges, and per‑channel quantization assigns separate s,zs,z per output channel for improved accuracy.
  • Calibration (min‑max, histogram, percentile) estimates activation ranges from representative data; static, dynamic, and quantization‑aware training (QAT) are the three main deployment pipelines.
  • Practical success depends on bit‑width choice, granularity, hardware support for integer kernels, and evaluation of accuracy, latency, memory, and stability on the target platform.
3

Microservices Architecture: Design Principles, Patterns, and Best Practices

Microservices architecture breaks applications into independent, domain‑focused services, offering scalability, agility, and fault isolation compared with monolithic designs.

  • Microservices use bounded contexts, loose coupling, and high cohesion to enable polyglot, independently deployable services.
  • Key patterns include the API Gateway for unified entry, Database‑per‑Service for data ownership, and the Strangler Fig for incremental migration.
  • Avoid “distributed monoliths” by fully decoupling databases and eliminating synchronous chains.
  • Challenges such as cross‑service transactions, service discovery, and debugging are addressed with the Saga pattern, discovery registries, and distributed tracing.
  • The “smart endpoints, dumb pipes” principle keeps business logic inside services, not in the communication layer.
Coursify logoBrowse all research articles