Skip to content

SYSTEM Cited by 17 sources

Model Context Protocol (MCP)

Definition

Model Context Protocol (MCP) is an open standard — published at modelcontextprotocol.io — for servers to describe the tools they provide to LLM agents. Each tool advertises a description, parameter schema, and invocation semantics. Clients (Claude Code, Cursor, Goose, Claude Desktop, …) load servers into an agent session and expose their tools to the planner.

Why it exists

Before MCP, every agent framework had its own tool-description format. MCP standardizes the protocol so:

  • Tool servers are portable across MCP-compatible clients.
  • Agent vendors build one integration surface instead of N.
  • Enterprise teams can expose one MCP server that every agent in the company (Claude, Cursor, Goose, …) can use uniformly.

What MCP does well

  • Protocol-level portability — a server written once works in any compliant client.
  • Tool-description as first-class artifact — tools are self-describing; agents pick from them dynamically.
  • Ecosystem leverage — third-party MCP servers (Backstage, Datadog, Dropbox Dash, GitHub, …) proliferate; an agent can compose across them.
  • Local- and remote-server shapes — both stdin/stdout and HTTP/SSE transports supported.

Known limitations (surfaced by production deployments)

Multiple sources converge on the same design concerns:

Production design patterns that assume MCP

Patterns derived from treating MCP tools as a scarce-context surface:

Known MCP servers in this wiki

Seen in

  • sources/2025-11-17-dropbox-how-dash-uses-context-engineering-for-smarter-ai — names MCP as "a robust protocol" while laying out the tool-inventory / context-window limitations it intrinsically surfaces; frames Dash's design as MCP-compatible but context-lean.
  • sources/2026-03-04-datadog-mcp-server-agent-tools — the most detailed MCP-design retrospective in this wiki; five patterns each a specific response to MCP-related failure modes.
  • sources/2026-04-20-cloudflare-internal-ai-engineering-stack — MCP at enterprise scale (Server Portal, proxy pattern, discovery endpoint, progressive tool disclosure).
  • sources/2026-01-28-dropbox-knowledge-graphs-mcp-dspy-dash — Josh Clemm's talk puts concrete latency numbers on MCP-at-scale degradation: simple queries taking up to ~45s via MCP vs "within seconds" against the raw index; Dash caps its context at ~100,000 tokens. Enumerates four production fixes Dash applied in response: (1) collapse retrieval tools into one "super tool" (patterns/unified-retrieval-tool); (2) knowledge-graph bundles as token-efficient result compression ("modeling data within knowledge graphs can significantly cut our token usage"); (3) store tool results locally rather than inline them into the context window (new lever); (4) classifier-routed sub-agents with narrow toolsets (patterns/specialized-agent-decomposition). Frames MCP as the default "make it work" starting point and indexed retrieval as the "make it better" destination at scale.
  • sources/2026-04-16-cloudflare-email-service-public-beta-ready-for-agents — introduces a new Email MCP server on the Cloudflare MCP surface — any MCP-aware agent (Claude / Cursor / Copilot) can discover and call the Email endpoints to send and configure email with a prompt. Paired with the same Code Mode machinery that fits ~3,000 Cloudflare operations into <1,000 tokens. The post also explicitly flags the context-window-bloat failure mode of MCP — "tool definitions can consume tens of thousands of tokens before your agent even starts processing a single message" — and ships Wrangler + Skills as the "near-zero context overhead" complement for agents with bash access. Agentic Inbox additionally ships its own built-in MCP server so external agents can "draft emails for your review before sending" — the email-tier analog of the dashboard elicitation gate.
  • sources/2025-04-10-flyio-30-minutes-with-mcp-and-flyctl — canonical CLI-wrapped-as-MCP-server instance: Fly.io's flymcp exposes 2 flyctl commands (fly logs, fly status) via MCP stdio transport in ~90 lines of Go, built in "30 minutes" on mark3labs/mcp-go. Anchors patterns/wrap-cli-as-mcp-server and surfaces concepts/local-mcp-server-risk"I don't like that I'm giving a Claude instance in the cloud the ability to run a native program on my machine" — with patterns/disposable-vm-for-agentic-loop as the natural sandbox answer. Demonstrates an agentic-observability flow over unpkg (Fly-hosted npm CDN): 10-Machine topology recited, OOM correlation, per-second incident timeline reconstructed from two read-only tools.
  • sources/2025-05-07-flyio-provisioning-machines-using-mcpsmutation-transition sequel (~27 days after the 2025-04-10 read-only prototype): the same flyctl MCP server now exposes the full fly volumes subcommand family — create / list / extend / fork / snapshots / destroy — shipped in flyctl v0.3.117. First wiki instance of patterns/wrap-cli-as-mcp-server crossing the read-only → production-mutation boundary. Load-bearing architectural thesis paragraph for concepts/natural-language-infrastructure-provisioning: "Today's state of the art is K8S, Terraform, web based UIs, and CLIs. Those days are numbered." Introduces the "Make it so" target UX (LLM scans code → presents plan → human adjusts → approves → agent executes → on failure examines logs) and CLI-refusal-as-agent- guardrail ("I would have received an error had I tried to destroy a volume that is currently mounted. Knowing that gave me the confidence to try the command"). Also gestures at MCP servers running on Fly.io's private network"on separate machines, or in 'sidecar' containers, or even integrated into your app" — pairing with the 2025-04-08 robot-routing / long-lived-SSE framing. Names GitHub Copilot as the authoring assistant, Claude Desktop as the canonical client, and MCP Inspector (local port 6274) as the agent-free validation surface for server authors.
  • sources/2025-11-06-flyio-you-should-write-an-agent — Fly.io (Thomas Ptacek, 2025-11-06) is the wiki's first "when MCP is not needed" framing. The post's minimal-agent-loop demonstration (patterns/tool-call-loop-minimal-agent) shows that a 30-LoC Python loop against the OpenAI Responses API with a native-JSON tools list is a complete agent — no MCP involved. Explicit thesis: "we didn't need MCP at all. That's because MCP isn't a fundamental enabling technology. […] MCP is just a plugin interface for Claude Code and Cursor, a way of getting your own tools into code you don't control. Write your own agent. Be a programmer. Deal in APIs, not plugins." The claim is structural, not dismissive: MCP earns its place as an interop protocol for tools consumed by agents other people built (Claude Code, Cursor, Goose) — which is exactly the case the wiki's existing MCP instances (flymcp, systems/datadog-mcp-server, systems/cloudflare-ai-gateway's MCP Server Portal, systems/unity-ai-gateway) are designed for. The corollary Fly flags for production MCP: "one context window bristling with tool descriptions doesn't leave enough token space left to get work done" — independent confirmation of concepts/context-window-as-token-budget and the patterns/tool-surface-minimization / sub-agent (patterns/context-segregated-sub-agents) responses. Also sharpens the wiki's existing MCP-security framing ("When you read a security horror story about MCP your first question should be why MCP showed up at all") — MCP's implicit single-context-window assumption can prevent the operator from splitting tool surfaces across sub-agents, which is the structural fix for prompt-injection blast-radius (concepts/local-mcp-server-risk + patterns/untrusted-input-via-file-not-prompt).

As a generated interface (Cloudflare, 2026-04-13)

Cloudflare's 2026-04-13 CLI announcement reveals that the Code Mode MCP server — which fits Cloudflare's entire ~3,000-operation API into <1,000 tokens — is generated from the same TypeScript schema that produces the cf CLI, Workers bindings, wrangler.jsonc config, Cloudflare SDKs, Terraform provider, Agent Skills, and OpenAPI spec. This positions MCP as one generated surface of a unified interface schema, not a hand-maintained server (Source: sources/2026-04-13-cloudflare-building-a-cli-for-all-of-cloudflare). See also concepts/agent-ergonomic-cli and patterns/schema-driven-interface-generation.

As an agent consumption layer with permission enforcement (Cloudflare Agent Lee, 2026-04-15)

Cloudflare's 2026-04-15 Agent Lee launch is the first wiki instance of MCP deployed to end-users at measurable scale: ~18,000 daily users and ~250,000 tool calls / day across DNS, Workers, SSL/TLS, R2, Registrar, Cache, Cloudflare Tunnel, API Shield, and more (Source: sources/2026-04-15-cloudflare-introducing-agent-lee). Two architectural refinements to the protocol's consumption pattern surface in this deployment:

  • Code Mode instead of direct tool prompting. Agent Lee's MCP surface is just two tools (search + execute); all ~3,000 Cloudflare API operations are reachable through execute via generated TypeScript code. "LLMs have seen a huge amount of real-world TypeScript but very few tool call examples, so they're more accurate when working in code. For multi-step tasks, the model can also chain calls together in a single script and return only the final result, ultimately skipping the round-trips."
  • Elicitation gate at a credentialed-proxy boundary. Agent Lee routes every MCP call through a Durable Object that classifies the generated code as read or write, proxies reads directly, and blocks writes until the user approves via the dashboard elicitation UI. API keys are held inside the DO and injected server-side at forward time — they are never present in generated code. "The security boundary isn't just a sandbox that gets thrown away; it's a permission architecture that structurally prevents writes from happening without your approval." See patterns/credentialed-proxy-sandbox. This is the first in-wiki production instance of the MCP permission system formalised at the protocol-consumer layer rather than hand-coded in the agent loop.

Quantified context-window win vs naive baseline (Project Think, 2026-04-15)

Cloudflare's 2026-04-15 Project Think launch quantifies the Code Mode compression against the explicit naive alternative for the first time (Source: sources/2026-04-15-cloudflare-project-think-building-the-next-generation-of-ai-agents):

"The Cloudflare API MCP server demonstrates this at scale. We expose only two tools (search() and execute()), which consume ~1,000 tokens, vs. ~1.17 million tokens for the naive tool-per-endpoint equivalent. This is a 99.9% reduction."

This is the same number family as the <1,000-tokens-for-~3,000- operations claim in the CLI post, now paired with the baseline it was never previously quantified against. The comparison is directional rather than a refutation of the realistic alternative — a hand-crafted tool-minimised MCP surface following patterns/tool-surface-minimization would not hit 1.17M tokens either. But as a worst-case illustration of why code-gen over tool-calls is load-bearing at scale-of-API-surface, the number is now on the wiki. See also systems/code-mode for the full framing.

Pre-connect discovery via MCP Server Card (2026-04-17)

Cloudflare's 2026-04-17 Agent Readiness Score post surfaces a draft MCP spec extension — the MCP Server Card — that lets a site publish a static JSON document describing an MCP server before any agent connects:

  • Path: /.well-known/mcp/server-card.json (with a slight variant at /.well-known/mcp.json used by some reference implementations including isitagentready).
  • Contents: server identity (name, title, version), protocolVersion, transport (e.g. streamable-http + endpoint), authentication requirements, and the full tool list with input schemas.

An agent can fetch one HTTP GET, evaluate whether the server's tools fit its need, and decide to commit to a session — no authentication dance, no protocol negotiation, no list_tools round-trip against N candidate servers. The shape is analogous to API Catalog (RFC 9727) for classical HTTP APIs but at the MCP layer.

Draft status: proposal at modelcontextprotocol/modelcontextprotocol issue #1649. Early adoption: per Cloudflare Radar on the top 200k domains, MCP Server Card + API Catalog combined appear on fewer than 15 sites. Positioned by the Agent Readiness Score as an early-adopter opportunity under the Agent Actions dimension. See systems/mcp-server-card and patterns/well-known-endpoint-discovery for the broader /.well-known/ cluster of agent-ergonomic standards this belongs to.

  • sources/2026-04-17-cloudflare-introducing-the-agent-readiness-score-is-your-site-agent-ready — canonical wiki instance for MCP Server Card + the broader agent-readiness positioning of MCP as "a first- class discovery primitive for agent actions at site level." Cloudflare's isitagentready.com itself ships an MCP server exposing a scan_site tool over Streamable HTTP — publishing its own Server Card at https://isitagentready.com/.well-known/mcp.json.
  • sources/2025-04-08-flyio-our-best-customers-are-now-robotsMCP framed as the robot interop protocol whose long-lived SSE connections are a session-affinity routing requirement on multitenant deployments. Canonical Fly.io framing: "LLMs all speak a protocol called MCP. MCP is what enables the robots to search the web, use a calculator, launch the missiles, shuffle a Spotify playlist, &c. If you haven't played with MCP, the right way to think about it is POST-back APIs like Twilio and Stripe, where you stand up a server, register it with the API, and wait for the API to connect to you. Complicating things somewhat, more recent MCP flows involve repeated and potentially long-lived (SSE) connections. To make this work in a multitenant environment, you want these connections to hit the same (stateful) instance." Canonical wiki datum for concepts/mcp-long-lived-sse and the session-affinity routing pattern. Also the first wiki disclosure of MCP as an RX-shaping protocol for platform-level routing primitives.
  • sources/2026-04-01-cloudflare-emdash-wordpress-spiritual-successor — MCP shipped as a CMS primitive: every EmDash instance runs its own built-in MCP server exposing the Admin UI's capability set. Gives an agent full programmatic management of the CMS (content, media, schema, collections) via MCP without a per-site integration. Sibling shape to the Cloudflare Email Service MCP server (2026-04-16) and the Agent Lee MCP surface (2026-04-15) — MCP is now the default admin-surface discovery protocol for new Cloudflare products. First wiki instance of MCP in a content- management / CMS context.

  • sources/2025-05-19-flyio-launching-mcp-servers-on-flyiofly mcp launch — remote-MCP-server deploy subcommand (flyctl v0.3.125). Canonical wiki instance of patterns/remote-mcp-server-via-platform-launcher + the canonical motivation statement for concepts/mcp-client-config-fragmentation. The post leads with the three-shape MCP server taxonomy ("basically two types of MCP servers. One small and nimble that runs as a process on your machine. And one that is a HTTP server that runs presumably elsewhere and is standardizing on OAuth 2.1. And there is a third type, but it is deprecated.") and the config-file-fragmentation complaint naming Claude Desktop's ~/Library/Application Support/Claude/claude_desktop_config.json (MCPServer key) vs Zed's ~/.config/zed/settings.json (context_servers key) vs OS-dependent per-tool variants. One command handles it: fly mcp launch "npx -y <server>" --claude --server <name> --secret K=V deploys a Fly Machine running the stdio MCP server as a remote HTTP endpoint, with bearer-token auth on by default on both ends, client-config JSON rewritten in place for 6 built-in clients (Claude, Cursor, Neovim, VS Code, Windsurf, Zed), --secret flags piped through to Machine secrets, and all Fly platform knobs (auto-stop, Flycast, Volumes, region, VM size) available. Pairs with the 2025-04-10 flymcp post to span both axes of MCP-server ergonomics: wrap a local CLI as a local MCP server (flymcp, patterns/wrap-cli-as-mcp-server) and deploy a local MCP server as a remote MCP server (fly mcp launch, patterns/remote-mcp-server-via-platform-launcher). Beta status acknowledged — "examples as shown are thought to work. Maybe."

Last updated · 200 distilled / 1,178 read