MCP - Model Context Protocol

  • common framework for exposing tools, resources and prompt templates for LLMs to consume
  • can be thought of as a way of exposing structured functionality for consumption by unstructured LLMs
  • origination and background can be found at Model Context Protcol.io

MCP for AI Architects

MCP Servers

  • structured interface and execution platform
  • can be focused on functional areas within the greater architecture
    • e.g. an MCP Server sitting in front of a corporate directory
  • “tools” are structured functions exposed by the MCP Server
    • e.g. /people/search/findByFirstNameOrLastName with parameters firstName= or lastName=
    • the function is a normal REST/JSON-RPC function to search the corporate directory
  • “resources” are select data sets that can be found on the MCP Server
    • e.g. /offices that returns a JSON list of corporate locations
    • e.g. /roles that returns a JSON list of titles and job descriptions
  • “prompts” are a set of pre-tuned prompts that work with this particular MCP Server
    • e.g. You are an experienced Office Administrator. Use the resources and tools to answer the following question.
  • they are not Inference services but frontends to collections of activities, tools and resources
  • they can be deployed in front of a wide variety of services and focused on specific activities
  • they are an architects control-point for letting LLMs define functionality in an agentic system
  • MCP Servers are where tools get run

MCP Clients

  • MCP Servers don’t have to do normal microservice transport protocols (e.g. REST, JSON-RPC)
  • MCP Clients can consume MCP Servers in a number of different ways
  • They can present and use a subset of MCP Server functions
    • e.g. a corporate directory can have one MCP Client that uses non-authenticated tools, and another that uses all tools
  • MCP Clients and Servers together can regulate trust boundaries by providing a trusted pair
  • They don’t are separate from the application itself

MCP Consumers - ‘The Application’

  • An application can use one or more MCP Clients to talk to one or more MCP Servers
  • The application dictates which one to use when, with the MCP Client and MCP Servers providing tooling and structure
  • Using the corporate directory example;
    • ‘The Application’ is going to leverage AI to help facilitate understanding of corporate policy
    • It’s a RAG based application and has a vector database comprising of many internal corporate policy documents
    • As part of an Agentic flow, ‘The Application’ receives events from vector database that it has been updated
    • ‘The Application’ wants to validate that the new content is correct and wants to reach out to a company Subject Matter Expert
    • ‘The Application’ is presented - via the MCP Client - with a the tools, resources and prompts from the ‘Corporate Directory MCP Server’
    • ‘The Application’ sends a prompt to its LLM “An update has been made to the policies document and it needs to be verified by a Subject Matter Expert in the field. The update relates to leave policy. Using the following tools, get a list of the appropriate Subject Matter Experts and send a message to them asking to review.”
    • Handling of the LLMs response is then performed by ‘The Application’ which determines if the LLM has selected a tool, what the values were for the tool, and then uses the MCP Client to invoke the tool on the MCP Server
  • In the above scenario, the roles are;
    • ‘The Application’ has the specific use case logic
    • MCP Client provides a gateway to the MCP Server and allows ‘The Application’ to access tools on the MCP Server
    • MCP Server provides structured access to the Corporate Directory

MCP Considerations

  • MCP Servers can be thought of as domain controllers and as such, need to enforce access and control to tools, resources and prompts
  • Published MCP Clients by the MCP Server owner can help with ensuring trust boundaries are adhered to and controls are in place
  • MCP Server owners shouldn’t expect that only their MCP Clients will be used –> token and Mutual Authentication can be applied
  • MCP is not an Inference service –> it’s not AI; it’s a structured tool for AI
  • LLMs and Inference engines still need to be considered in terms of the ability to process tools –> MCP Server owners need to think about accessible names and desceription

More soon; including a working MCP example!