# Understanding MCP: The Model Context Protocol Explained | Artificialus

> For the complete content index, see [llms.txt](https://artificialus.com/llms.txt). Markdown versions of all pages are available by appending `.md` to any URL.

- Home
- /
- Articles
- /
- Understanding MCP: The Model Context Protocol Explained

Guides

# Understanding MCP: The Model Context Protocol Explained

A deep dive into the Model Context Protocol, the open standard that enables AI agents to interact with tools, data sources, and services securely.

May 17, 2026

9 min read

D

Written by

Doc | The Researcher

Share

X

Facebook

Reddit

Telegram

Bluesky

Email

The Model Context Protocol (MCP) is an open standard, introduced by Anthropic in November 2024 , that defines how AI applications provide context and tools to large language models. Think of it as USB-C for AI agents: a universal connector that lets any compliant agent work with any compliant tool, without bespoke glue code for every combination.

In just over a year, MCP has gone from a niche specification to one of the fastest-growing standards in the AI tooling space. In November 2025, Anthropic donated the protocol to the Linux Foundation , placing it alongside projects like Kubernetes, Node.js, and PyTorch under neutral, community-driven stewardship.

> The headline numbers. Official MCP SDKs across Python and TypeScript see more than 97 million monthly downloads, the community has built thousands of servers, and the protocol is now stewarded by the Agentic AI Foundation — a directed fund under the Linux Foundation co-founded by Anthropic, Block, and OpenAI, with support from Google, Microsoft, AWS, Cloudflare, and Bloomberg.

## The Problem MCP Solves

Before MCP, every AI coding tool integrated with external services on its own terms. Claude Code relied on custom plugins. ChatGPT used OpenAI's function calling format. GitHub Copilot shipped its own extension system. Cursor had Cursor-specific integrations. Each platform defined its own way of describing tools, passing arguments, handling errors, and managing authentication.

The consequences were predictable. A developer building a useful tool — say, a connector to a vector database, or a wrapper around an internal API — had to choose a platform and commit to it, or spend significant effort maintaining N different integrations in parallel. End users, meanwhile, found that their favorite tool worked beautifully in one environment and not at all in another. The whole space looked uncomfortably like the early days of mobile development, when every app had to be rewritten for iOS, Android, BlackBerry, and Windows Phone.

MCP cuts through that fragmentation with a single, shared protocol. Any MCP-compatible server exposes its capabilities the same way, and any MCP-compatible client can discover and call them. Write it once, run it everywhere. One server now works across Claude Code , Cursor , Windsurf , Zed , Cline , Continue , and dozens of other clients — including, increasingly, the major foundation-model chat apps themselves.

As Dhanji R. Prasanna, CTO at Block, put it in the original launch announcement :

> Open technologies like the Model Context Protocol are the bridges that connect AI to real-world applications.

That framing — MCP as a bridge — has stuck, and it captures the bet underneath the protocol: useful agents need to act on real systems, and acting on real systems needs standards.

## How MCP Works

MCP follows a client–server architecture borrowed in spirit from the Language Server Protocol (LSP) that revolutionized editor tooling a decade ago. The parallel is not accidental: LSP solved an M×N problem (M editors × N languages) by inserting a shared protocol in the middle, and MCP applies the same idea to M agents × N tools.

The client — Claude Code, Cursor, or another AI application — connects to one or more MCP servers, each advertising a specific set of capabilities. Communication flows over standard transport layers: stdio for local processes launched by the client, or HTTP with Server-Sent Events for remote services running across the network. The protocol itself uses JSON-RPC 2.0 for message framing, which keeps it lightweight and easy to implement in any language — there are now official SDKs for Python, TypeScript, Go, Kotlin, C#, Java, Ruby, PHP, and Swift, several maintained in collaboration with their respective platform owners.

An MCP server can expose three kinds of primitives:
- Tools are functions the model can call to take actions: querying a database, sending a message, creating a file. These are the closest analog to traditional function calling.
- Resources are pieces of context the server makes available for the model to read: file contents, API responses, log streams. Unlike tools, resources are passive — the client decides when and how to include them in the model's context.
- Prompts are reusable templates the server provides, often surfaced as slash commands or quick actions in the client UI.
This split matters more than it might seem. Tools handle doing, resources handle knowing, and prompts handle workflow. By separating them at the protocol level, MCP gives clients meaningful structure to work with — for example, a client can decide to auto-include certain resources but require explicit confirmation before calling tools.

In practice, a minimal MCP server is a remarkably small amount of code. Using the Python SDK and FastMCP, an entire working server fits in a dozen lines:

```
`from mcp.server.fastmcp import FastMCP

mcp = FastMCP("weather")

@mcp.tool()
def get_forecast(city: str) -> str:
"""Get the weather forecast for a city."""
# ...fetch the forecast from your API of choice...
return f"Sunny in {city}, 22°C"

if __name__ == "__main__":
mcp.run()
`
```

That's it. Drop it into your client's config, and the model can now call `get_forecast` like any built-in capability.

## What MCP Servers Look Like in Practice

The most common categories give a good sense of the surface area MCP now covers:
- Filesystem — read, write, search, and manage files and directories, typically scoped to a specific project root for safety
- Database — query and modify PostgreSQL, SQLite, MySQL, MongoDB, and just about every other engine you can name
- Cloud — interact with AWS, GCP, and Azure APIs, from EC2 management to BigQuery to Azure DevOps
- Version control — manage repos, pull requests, issues, code reviews, and CI runs on GitHub or GitLab
- Browser — drive Chrome DevTools and Playwright for debugging, scraping, and end-to-end testing
- Web — search and scrape with tools like Firecrawl , Brave, or Tavily
- Design and product — read Figma files, query Linear or Jira tickets, interact with Notion docs
- Communication — send messages through Slack, fetch emails, schedule calendar events
- Specialized stacks — Docker, Kubernetes, Terraform, Unity, Blender, scientific computing libraries
The breadth is striking. A single agent session might invoke half a dozen servers without the user thinking about it: pulling a ticket from Linear, reading the relevant files from the filesystem, querying the production read-replica, drafting a PR on GitHub, and dropping a status update in Slack.

## A Concrete Example

Imagine a developer asking Claude Code: "Look at issue #482, find the bug, and open a PR with a fix."

Under the hood, the assistant might do something like this. It calls the GitHub server's `get_issue` tool to fetch the report. It uses the filesystem server to grep the codebase for the function mentioned in the stack trace. It reads the relevant file as an MCP resource so the contents enter context. It writes a patch, runs the test suite through a shell-execution server, and once the tests pass, it asks the GitHub server to create a branch, commit the change, and open a pull request linked back to the original issue.

None of those servers were written specifically for Claude Code. They are the same servers a Cursor user, a Windsurf user, or a developer running their own agent loop would use. That portability is the whole point.

## The Ecosystem Today

The MCP ecosystem has exploded. Thousands of servers now cover everything from Docker to Figma to Unity to obscure scientific instruments. The official reference-servers repository has crossed 50,000 stars on GitHub, and curated indexes like Awesome MCP Servers and the official MCP Registry track community integrations across every major category.

Anthropic ships and maintains a set of reference servers , but many of the most-used ones come from the platforms themselves. GitHub publishes an official MCP server that hands agents the full GitHub API — issues, PRs, repos, code search, Actions, the lot. Stripe , Cloudflare , Linear , Sentry , Supabase , and Microsoft have all released first-party servers, treating MCP as a peer of their REST and GraphQL APIs. For many companies, an MCP server is now a standard part of the developer-facing surface, alongside the SDK and the CLI.

There is also a growing layer of meta-tooling: registries that index available servers, gateways that proxy and rate-limit them, and frameworks like FastMCP for Python or the official TypeScript SDK that make writing a new server a matter of an afternoon rather than a week.

> 🏛️ A standard, now neutral. With MCP's donation to the Linux Foundation in November 2025, the protocol is no longer governed by any single vendor. The newly established Agentic AI Foundation provides the same neutral stewardship Linux Foundation projects like Kubernetes and PyTorch enjoy — a strong signal that MCP is meant to outlast any individual company's roadmap.

## Security and the Sharp Edges

A protocol that lets AI agents call arbitrary tools naturally raises security questions, and MCP is not immune to them. The standard itself is just plumbing; it does not, on its own, decide which actions are safe.

A few patterns have emerged as best practice. Servers should ship with the principle of least privilege: a filesystem server scoped to a project root, a database server pointed at a read-replica with no DDL permissions, a GitHub server using a fine-grained token. Clients should require user confirmation for tools that take destructive actions, and should make tool descriptions and invocations visible so users can see what is happening. The community has also begun paying serious attention to prompt injection, where untrusted content read through one tool tries to manipulate the agent into misusing another — an attack surface that simply did not exist before agents started chaining tool calls.

None of these problems are unique to MCP — any agent framework faces them — but MCP's success means they are now a shared industry concern rather than something each platform handles in isolation.

## Why It Matters for Developers

For developers, fluency in MCP increasingly means three things. First, knowing how to build servers: what the protocol expects, how to structure tools versus resources, how to test against real clients with utilities like the MCP Inspector . Second, knowing which servers exist for your stack so you can compose them rather than reinvent them. Third, knowing how to debug agent–tool interactions when they go sideways — reading transport logs, inspecting tool schemas, understanding why the model chose tool A over tool B.

This is quickly becoming as foundational a skill as Git or the command line. The agents that ship in 2026 and beyond will assume MCP the way modern web development assumes HTTP: as a layer you reach for without thinking, that quietly makes everything else possible.

The bet underneath the protocol is simple. AI agents are most useful when they can act on the real world — your files, your data, your services. Doing that requires standards. MCP is the first serious candidate, it has the network effects, and for the foreseeable future it is the one to learn.

Further reading: the official MCP documentation , the protocol specification , Anthropic's deep-dive on code execution with MCP , and the Anthropic course "Introduction to MCP" .

### No comments yet

Name

Email

Don't fill this out

Comment

Post Comment

Key Metrics

Read time

9 min

Words

1,773

In this article

## Continue reading

AI Research

6 min

### The Infrastructure Category That Didn't Exist Two Years Ago: AI Agent Observability

Why traditional APM breaks on agent workloads and how LangSmith, Braintrust, and Arize are building the observability stack for the AI era.

AI Research

Jun 3, 2026

Engineering

8 min

### GitHub Copilot Token-Based Billing: What It Means for Developers

GitHub Copilot moves to token-based AI Credits on June 1, 2026. A practitioner's analysis of the new pricing, what it reveals about agentic AI costs, and how to optimize usage.

Engineering

Jun 3, 2026

Landscape

7 min

### Anthropic's IPO: The $965B Test of Safety-First AI at Scale

Anthropic files for IPO after $65B raise at $965B valuation. The safety-first AI company faces its toughest test yet: can principles survive public markets?

Landscape

Analysis

Jun 3, 2026