Model Context Protocol (MCP)

MCP separates tool provision from tool consumption using three roles. A host is the application that runs the AI model, such as Claude Desktop, Claude Code, or a custom application. The host contains an MCP client, which is the protocol layer that connects to MCP servers and makes their tools available to the model. MCP servers are separate processes (or remote services) that expose capabilities without knowing anything about which model or host is using them.

This separation is the key innovation. The model does not call your PostgreSQL database directly. It calls the MCP client, which calls the MCP server, which executes the query with its own credentials. The model never sees the database password.

MCP exposes three primitive types to the model. Tools are callable functions that may have side effects, such as creating a GitHub issue or running a database query. Resources are read-only data sources the model can access for context, such as company documentation or a user profile. Prompts are reusable templates that the model or user can invoke, such as "Summarise this pull request" or "Review this code for security issues."

MCP supports two transport methods. The stdio (standard input/output) transport runs the server as a subprocess. Communication happens via the process's stdin and stdout streams. This is the right choice for local tools running on the same machine as the host application: developer tools, local file access, CLI integrations.

The SSE (Server-Sent Events) transport runs the server as an HTTP server. The client connects via HTTP and receives events as a stream. This is the right choice for remote servers, shared team infrastructure, or tools that must remain running continuously. SSE transport requires HTTPS and authentication; stdio transport relies on process isolation.

If your MCP server is for personal developer use only, use stdio. If ten engineers in your team need to share the same server, use SSE with authentication.

Install the MCP Python SDK with pip install mcp. A minimal server requires three things: declaring which tools it exposes via a list_toolshandler, executing tool calls via a call_tool handler, and running the server via the stdio transport. The structure below is a complete, runnable MCP server that exposes two tools to any MCP-compatible host.

# my_server.py
from mcp.server import Server
from mcp.server.models import InitializationOptions
from mcp.server.stdio import stdio_server
from mcp.types import Tool, TextContent
import asyncio, json
from datetime import datetime

app = Server("company-tools-v1")

@app.list_tools()
async def list_tools() -> list[Tool]:
    return [
        Tool(
            name="get_business_hours",
            description="Return business hours for a given office location. Use when users ask about opening times.",
            inputSchema={
                "type": "object",
                "properties": {
                    "location": {
                        "type": "string",
                        "description": "Office location: 'london', 'new_york', or 'singapore'",
                        "enum": ["london", "new_york", "singapore"]
                    }
                },
                "required": ["location"]
            }
        )
    ]

BUSINESS_HOURS = {
    "london": {"open": "09:00", "close": "17:30", "timezone": "Europe/London"},
    "new_york": {"open": "09:00", "close": "18:00", "timezone": "America/New_York"},
    "singapore": {"open": "09:00", "close": "18:00", "timezone": "Asia/Singapore"}
}

@app.call_tool()
async def call_tool(name: str, arguments: dict) -> list[TextContent]:
    if name == "get_business_hours":
        location = arguments.get("location", "london")
        hours = BUSINESS_HOURS.get(location)
        result = hours if hours else {"error": f"Unknown location: {location}"}
        return [TextContent(type="text", text=json.dumps(result))]
    return [TextContent(type="text", text=json.dumps({"error": f"Unknown tool: {name}"}))]

async def main():
    async with stdio_server() as (read_stream, write_stream):
        await app.run(read_stream, write_stream,
            InitializationOptions(server_name="company-tools", server_version="1.0.0",
                capabilities=app.get_capabilities(notification_options=None, experimental_capabilities={})))

if __name__ == "__main__":
    asyncio.run(main())

Claude Desktop reads MCP server configuration from a JSON file. On macOS, this file is at ~/Library/Application Support/Claude/claude_desktop_config.json. Add a key under mcpServers with the server name, the command to launch it, and any required arguments or environment variables.

{
  "mcpServers": {
    "company-tools": {
      "command": "python3",
      "args": ["/path/to/my_server.py"],
      "env": {
        "PYTHONPATH": "/path/to/my_project"
      }
    }
  }
}

Restart Claude Desktop after saving the file. The tools declared in your server will appear in Claude's tool list and can be called directly in conversation. Check the Claude Desktop log file at ~/Library/Logs/Claude/mcp-server-company-tools.log if the server fails to start.

An MCP server configured with stdio transport runs with the same file system and network access as the user who launched the host application. A server that exposes a file-reading tool and accepts an arbitrary path argument could be manipulated, through prompt injection, into reading /etc/passwd, SSH private keys, or.env files containing API credentials.

Apply the principle of least privilege: expose only the tools that are explicitly needed, scope file access to a specific directory and validate that paths do not traverse outside it using os.path.realpath(), and store all credentials in environment variables rather than hardcoded in the server source code. For SSE transport, require authentication on every endpoint.