Practical building · Module 4

Model Context Protocol (MCP)

The Model Context Protocol (MCP) is an open protocol for connecting AI clients to external tools and data sources.

1h 3 outcomes Practical building

Previously

Workflow automation with n8n

n8n (pronounced "n-eight-n") is a workflow automation platform that lets you connect different apps and services.

This module

Model Context Protocol (MCP)

The Model Context Protocol (MCP) is an open protocol for connecting AI clients to external tools and data sources.

Next

Integration and APIs

Computer use is moving from demo territory into real workflows, but the safe lesson is not which model tops which benchmark.

Progress

Mark this module complete when you can explain it without rereading every paragraph.

Why this matters

Before MCP .

What you will be able to do

  • 1 Explain what MCP is and what problem it solves.
  • 2 Build a small MCP server with one safe tool.
  • 3 Connect an MCP client and test a tool call end to end.

Before you begin

  • Core concepts completed or equivalent understanding
  • Basic confidence with workflow and integration terms

Common ways people get this wrong

  • Overexposed capability. If MCP exposes powerful tools without policy, one prompt becomes a breach.
  • Untrusted tool output. Tool output can contain malicious strings. Validate and sanitise before using it.

Main idea at a glance

MCP Architecture

Stage 1

MCP Clients

Desktop clients, IDE integrations, and custom agents. These are applications that need external tools and data.

Any AI application that needs external tools should use a standard integration path instead of bespoke glue.

3.4.1 What is MCP?

The Model Context Protocol (MCP) is an open protocol for connecting AI clients to external tools and data sources. Use the current published specification and changelog rather than blog summaries when you need implementation detail.

Before MCP. Every AI app needed custom integrations with every tool. 10 apps x 100 tools = 1,000 integrations

With MCP. Each app implements MCP once, each tool implements MCP once. 10 apps + 100 tools = 110 implementations

3.4.2 MCP as a real protocol

Agentic AI Foundation

MCP is now governed as a broader open protocol effort rather than a single-vendor convenience layer. The practical lesson is simple. Treat it like any other protocol: read the current specification, understand the transport and auth assumptions, and avoid building on blog-post folklore.

What the current specification adds (2025-11-25)

The published specification and changelog matter more than ecosystem hype. By 2025-11-25, the protocol had formalised long-running operations, clearer transport guidance, stronger authentication expectations, and richer tool metadata. If you are about to build on MCP, read the current spec and the changelog before you assume a transport, auth flow, or client capability is stable.

Three core building blocks

MCP organises everything around three server-facing building blocks.

  1. Resources provide data and context. Think of these as files, database records, or API responses that the AI can read.

  2. Prompts are reusable templates. They help standardise how the AI interacts with specific tools or data.

  3. Tools are executable functions. These are the actions the AI can take, from searching to writing to calculating.

Client support is expanding across desktop apps, IDEs, and custom agents, but availability is product-specific and changes quickly. Verify the current MCP support in each client's official documentation before you promise a workflow to users.

A2A (Agent-to-Agent) Protocol

A2A is a complementary protocol for agent-to-agent interoperability. MCP is about tools and context. A2A is about communication between agents. They solve different coordination problems and can coexist in the same system.

3.4.3 Building an MCP server

"""
Simple MCP Server
=================
An MCP server providing weather information.

Run with: python weather_mcp_server.py
Then connect from an MCP client.
"""

import asyncio
import json
from typing import Any, Dict
from dataclasses import dataclass


@dataclass
class Tool:
    """An MCP tool definition."""
    name: str
    description: str
    input_schema: Dict[str, Any]


class MCPServer:
    """Basic MCP Server implementation."""
    
    def __init__(self, name: str, version: str = "1.0.0"):
        self.name = name
        self.version = version
        self.tools: Dict[str, Tool] = {}
        self._tool_handlers: Dict[str, callable] = {}
    
    def register_tool(
        self,
        name: str,
        description: str,
        input_schema: Dict[str, Any],
        handler: callable
    ):
        """Register a tool with the server."""
        self.tools[name] = Tool(name, description, input_schema)
        self._tool_handlers[name] = handler
    
    async def handle_request(self, request: Dict) -> Dict:
        """Handle an incoming MCP request (JSON-RPC 2.0)."""
        method = request.get("method")
        params = request.get("params", {})
        request_id = request.get("id")
        
        if method == "tools/list":
            result = {
                "tools": [
                    {
                        "name": t.name,
                        "description": t.description,
                        "inputSchema": t.input_schema
                    }
                    for t in self.tools.values()
                ]
            }
        elif method == "tools/call":
            tool_name = params.get("name")
            arguments = params.get("arguments", {})
            
            if tool_name in self._tool_handlers:
                handler = self._tool_handlers[tool_name]
                result_data = handler(**arguments)
                result = {
                    "content": [{"type": "text", "text": json.dumps(result_data)}]
                }
            else:
                return {"error": {"code": -32601, "message": f"Unknown tool: {tool_name}"}}
        else:
            return {"error": {"code": -32601, "message": f"Unknown method: {method}"}}
        
        return {"jsonrpc": "2.0", "id": request_id, "result": result}


# Create server and register tools
server = MCPServer("weather-server")

WEATHER_DATA = {
    "london": {"temp": 12, "condition": "cloudy"},
    "paris": {"temp": 15, "condition": "sunny"},
    "tokyo": {"temp": 18, "condition": "clear"},
}

def get_weather(location: str) -> Dict:
    """Get weather for a location."""
    loc = location.lower()
    if loc in WEATHER_DATA:
        return {"location": location, **WEATHER_DATA[loc]}
    return {"error": f"No weather data for: {location}"}

server.register_tool(
    name="get_weather",
    description="Get current weather for a city",
    input_schema={
        "type": "object",
        "properties": {
            "location": {"type": "string", "description": "City name"}
        },
        "required": ["location"]
    },
    handler=get_weather
)

3.4.4 Connecting a desktop client

Create a client-specific configuration file:

macOS: check the client documentation for the configuration path Windows: check the client documentation for the configuration path

{
  "mcpServers": {
    "weather": {
      "command": "python",
      "args": ["/path/to/weather_mcp_server.py"]
    }
  }
}

Restart the client. It now has access to your weather tools.

Mental model

A standard way to connect tools

MCP is a structured way to expose tools so an agent can use them safely and consistently.

  1. 1

    Agent

  2. 2

    MCP server

  3. 3

    Tool catalogue

  4. 4

    Tools

  5. 5

    Access policy

Assumptions to keep in mind

  • Tools are least privilege. Expose the minimum set of tools and parameters needed for the task.
  • Auth is explicit. If the agent can call tools, you need clear identity and audit.

Failure modes to notice

  • Overexposed capability. If MCP exposes powerful tools without policy, one prompt becomes a breach.
  • Untrusted tool output. Tool output can contain malicious strings. Validate and sanitise before using it.

Key terms

Agentic AI Foundation
MCP is now governed as a broader open protocol effort rather than a single-vendor convenience layer. The practical lesson is simple. Treat it like any other protocol: read the current specification, understand the transport and auth assumptions, and avoid building on blog-post folklore.
A2A (Agent-to-Agent) Protocol
A2A is a complementary protocol for agent-to-agent interoperability. MCP is about tools and context. A2A is about communication between agents. They solve different coordination problems and can coexist in the same system.

Check yourself

Quick check. MCP basics

0 of 4 opened

What problem does MCP solve

A shared way for AI clients to connect to tools and data sources without bespoke integrations for every pairing.

What is a tool contract in MCP terms

A description of the tool, its input schema, and what it returns so the client can call it safely.

Scenario. A tool takes a location string. What is one input check you should add

Validate type and length, and reject suspicious patterns that look like code or injection.

Why should you test a failure case on purpose

So you know the client receives a clear error and the system fails safely.

Artefact and reflection

Artefact

A tiny MCP server you can extend later.

Reflection

Where in your work would explain what mcp is and what problem it solves. change a decision, and what evidence would make you trust that change?

Optional practice

Step through the JSON-RPC message flow, build a tool schema, and see the MCP ecosystem at a glance.

Back to AI Agents