MCP (Model Context Protocol) Explained

Model Context Protocol (MCP) is an open standard that enables AI models to connect with external tools, data sources, and services. Think of it as a USB-C for AI—a universal connector that lets any AI model work with any compatible tool.

Originally developed by Anthropic for Claude, MCP has become the de facto standard for building AI agents that need to interact with the real world. This guide explains what MCP is, how it works, and how you can use it to build powerful AI applications.

1. What is MCP?

Model Context Protocol (MCP) is an open protocol that standardizes how AI models interact with external systems. It defines a common interface for:

• Tools — Functions the AI can call (e.g., search a database, send an email)
• Resources — Data the AI can read (e.g., files, API responses, system state)
• Prompts — Pre-built templates for common tasks

Before MCP, every AI integration required custom code. If you wanted Claude to query your database and GPT to use the same integration, you'd write two different implementations. MCP eliminates this duplication by providing a single standard.

2. Why MCP Matters

For Developers

• Write once, deploy everywhere — One integration works with Claude, GPT, Llama, and any MCP-compatible model
• Standardized interfaces — No more reverse-engineering different tool-calling formats
• Growing ecosystem — Thousands of pre-built MCP servers available

For Organizations

• Vendor flexibility — Switch between AI providers without rewriting integrations
• Consistent security model — One protocol to audit and secure
• Future-proof architecture — New models automatically work with existing tools

For the AI Ecosystem

• Interoperability — Different AI systems can share capabilities
• Innovation — Tool builders focus on functionality, not compatibility
• Composability — Combine multiple MCP servers for complex workflows

3. Core Concepts

MCP Servers

An MCP server is a program that exposes capabilities to AI models. It can be:

• A local process (communicating via stdio)
• A remote service (communicating via HTTP/SSE)
• A containerized application

MCP Clients

MCP clients are AI applications that connect to MCP servers. Examples include:

• Claude Desktop
• Claude Code (CLI)
• Custom applications using MCP SDKs

4. How MCP Works

MCP uses a request-response model over JSON-RPC. Here's the typical flow:

1. Client connects to MCP server
2. Server advertises available tools/resources
3. AI model decides to use a tool
4. Client sends tool call request to server
5. Server executes the tool
6. Server returns result to client
7. Client provides result to AI model

Example: Database Query Tool

// Tool definition advertised by server
{
  "name": "query_database",
  "description": "Execute a read-only SQL query",
  "inputSchema": {
    "type": "object",
    "properties": {
      "query": {
        "type": "string",
        "description": "SQL SELECT query to execute"
      }
    },
    "required": ["query"]
  }
}

// Tool call from client
{
  "method": "tools/call",
  "params": {
    "name": "query_database",
    "arguments": {
      "query": "SELECT * FROM users WHERE active = true"
    }
  }
}

// Response from server
{
  "content": [
    {
      "type": "text",
      "text": "[{id: 1, name: 'Alice'}, {id: 2, name: 'Bob'}]"
    }
  ]
}

5. Building MCP Servers

MCP servers can be built in any language. The official SDKs support TypeScript and Python, with community implementations for Go, Rust, and others.

TypeScript Example

import { Server } from "@modelcontextprotocol/sdk/server";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio";

const server = new Server({
  name: "my-mcp-server",
  version: "1.0.0"
});

// Define a tool
server.setRequestHandler("tools/list", async () => ({
  tools: [{
    name: "get_weather",
    description: "Get current weather for a city",
    inputSchema: {
      type: "object",
      properties: {
        city: { type: "string" }
      },
      required: ["city"]
    }
  }]
}));

// Handle tool calls
server.setRequestHandler("tools/call", async (request) => {
  if (request.params.name === "get_weather") {
    const city = request.params.arguments.city;
    const weather = await fetchWeather(city);
    return { content: [{ type: "text", text: weather }] };
  }
});

// Start server
const transport = new StdioServerTransport();
await server.connect(transport);

6. Security Considerations

MCP servers can perform powerful actions, making security critical:

• Principle of least privilege — Only expose necessary capabilities
• Input validation — Validate all parameters before execution
• Authentication — Require credentials for sensitive operations
• Rate limiting — Prevent abuse through request throttling
• Audit logging — Record all tool calls for review

7. MCP and Governance

Raw MCP gives AI models direct access to tools—powerful but dangerous for production use. Adding a governance layer between the AI and MCP servers enables:

• Policy enforcement — Block or constrain dangerous tool calls
• Approval workflows — Require human sign-off for sensitive operations
• Audit trails — Record what tools were called and why
• Rate limiting — Prevent runaway tool usage

Architecture with Governance

AI Model → Control Plane → MCP Servers → External Systems
              ↓
         Policy Check
         Approval Gate
         Audit Log

This is exactly what Cordum provides—a governance layer that's MCP-native. Every tool call is evaluated against your policies before execution.

Getting Started with MCP

Ready to build with MCP? Here are your next steps:

1. Explore existing servers — Browse the MCP server directory
2. Build your own — Use the official SDKs to create custom integrations
3. Add governance — Deploy Cordum for production-grade policy enforcement