MCP Architectures
Page 1

What's in this lesson

Explore the infrastructure layer enabling modern AI systems to securely connect with tools, memory, and external environments through the Model Context Protocol (MCP). We'll cover architecture, primitives, tool discovery, structured context exchange, and sandboxed execution.

Why this matters (WIIFM)

AI models are no longer isolated brains. To build practical agentic applications (like coding assistants or research agents), AIs need secure, scalable ways to access real-world tools. MCP is the open standard that makes this interoperability possible without building custom integrations for every new tool.

The Isolated AI vs The Connected AI

Traditionally, Large Language Models (LLMs) have been isolated—like a brilliant brain trapped in a glass box. They know vast amounts of information up to their training cutoff, but they cannot fetch a live web page, query your local database, or execute code.

Isolated AI brain in a box looking at tools outside

Experience the difference

Toggle the state of the AI model to see how connectivity changes its capabilities.

"I am a language model. I cannot browse the internet or access your local files to answer your question."

Introduction to the Model Context Protocol

If you wanted to give an AI access to GitHub, Slack, and a local PostgreSQL database, you previously had to write custom API integrations for each one. This resulted in fragmented, brittle codebases.

The Model Context Protocol (MCP), introduced by Anthropic as an open standard, solves this. It acts as a universal plug—a "USB-C for AI applications". It standardizes secure, two-way communication between AI models and external data sources or tools.

Before MCP

Custom scripts for every integration. High maintenance, low security.

O(N*M) Complexity

After MCP

Standardized protocol. Build a server once, any client can connect.

O(N+M) Complexity

The Architecture of MCP

MCP follows a specific client-server architecture designed to keep the AI model, the host application, and the tools cleanly separated.

Blueprint of MCP architecture

Interactive Architecture Map

Click on each component to understand its role.

MCP Host
MCP Client
MCP Server

Core Primitives

MCP defines three core primitives that standardise how context and capabilities are exposed to the AI.

Resources

Resources expose data or content. They are analogous to files or database reads. The AI can read them, but they are typically read-only.

uri: "postgres://schema/users" mimeType: "application/json" name: "User Table Schema"

Knowledge Check

In the MCP architecture, what is the role of an MCP Client?

Tool Registration and Discovery

How does the AI know what it can do? When an MCP Client connects to a Server, it initiates a discovery phase.

The client sends a `tools/list` request. The server replies with a list of available functions and, crucially, a JSON Schema describing exactly what arguments each function requires.

Simulate Discovery

> Waiting for connection...

Structured Context Exchange

Under the hood, all this communication happens via JSON-RPC 2.0. This ensures that context—such as file contents, tool inputs, and execution results—is strictly typed.

Data packets flowing as JSON

MCP supports different transports. The two most common are:

  • stdio: Standard input/output. Used when the server runs locally on the same machine as the client (highly secure).
  • SSE (Server-Sent Events): Over HTTP. Used for connecting to remote servers.

Dynamic Tool Invocation

When the LLM decides it needs to use a tool to fulfill a user request, a specific capability routing sequence occurs.

Capability Routing Flow

Click step-by-step to see how a tool is invoked.

1. LLM generates tool call (e.g. `get_weather(city="London")`)
2. Host passes request to MCP Client
3. Client sends `tools/call` via JSON-RPC to Server
4. Server executes local code/API
5. Server returns result; routed back to LLM context

Knowledge Check

How does an MCP Client know what tools are available on an MCP Server?

Security & Sandboxed Execution

Giving an AI access to tools can be dangerous. What if it tries to run `rm -rf /` or leak a database? MCP's architecture inherently promotes security through isolation.

Digital lock on server vault

Security Posture Checklist

Enable these MCP security features to see their impact.

Security Rating: Low

Multi-Tool Orchestration

Real power emerges when a single MCP Client connects to multiple MCP Servers simultaneously, allowing the AI to orchestrate complex workflows across different domains.

Robotic conductor orchestrating digital tools

Orchestration Simulation

Task: "Investigate the user bug report in Jira, check the log file, and write a PR fix."

Click to equip the necessary servers to complete the task.

No servers connected yet...

Building Agentic Ecosystems

MCP enables an ecosystem where tools are built once and used by any compliant AI agent (Claude, custom agents, etc.).

Agentic Ecosystems Hub

Select a Use Case

Knowledge Check

Why is running an MCP Server locally (using stdio transport) considered a major security benefit?

Key Takeaways

  • 1
    Universal Standard: MCP acts as a "USB-C" for AI, standardizing how models connect to external tools and data via JSON-RPC.
  • 2
    Architecture: It separates concerns into Hosts (the app), Clients (the connection manager), and Servers (the capability providers).
  • 3
    Dynamic Discovery: Clients dynamically discover available tools and their required JSON schemas upon connection.
  • 4
    Secure & Scalable: Enables safe local execution, sandboxing, and complex multi-server orchestration for autonomous agents.

Assessment

You have reached the end of the tutorial. It is time to test your knowledge of the Model Context Protocol.

Instructions:

  • There are 5 questions.
  • You must select an answer to proceed to the next question.
  • You need a score of 80% (4/5) to pass and earn your certificate.

Good luck!