Understanding MCP
MCP Architecture Deep Dive
Understanding MCP's architecture is crucial for building effective integrations. Let's explore each component and how they communicate.
The Three Layers
1. Transport Layer
MCP supports two transport mechanisms:
| Transport | Use Case |
|---|---|
| stdio | Local processes, CLI tools |
| Streamable HTTP | Remote servers, web-based (introduced in spec 2025-03-26) |
Note: The older HTTP+SSE transport was deprecated in the March 2025 spec update in favor of Streamable HTTP, which uses a single HTTP endpoint and optionally upgrades to SSE for streaming. Legacy SSE servers still work but new projects should use Streamable HTTP.
# stdio transport (local)
server = Server(name="my-server")
async with stdio_server() as (read_stream, write_stream):
await server.run(read_stream, write_stream)
# Streamable HTTP transport (remote)
server = Server(name="my-server")
async with streamable_http_server(port=8000) as (read_stream, write_stream):
await server.run(read_stream, write_stream)
2. Protocol Layer
The protocol layer handles message formatting using JSON-RPC 2.0:
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "search_database",
"arguments": {
"query": "user emails"
}
}
}
3. Capability Layer
This is where your logic lives - the tools, resources, and prompts you expose.
Message Flow
Here's how a typical MCP interaction works:
- Initialization: Host connects, exchanges capabilities
- Discovery: Host queries available tools/resources
- Invocation: AI calls tools or reads resources
- Response: Server returns results
Host Server
│ │
│──initialize────────▶│
│◀───capabilities─────│
│ │
│──tools/list────────▶│
│◀───available tools──│
│ │
│──tools/call────────▶│
│◀───result───────────│
Security Model
MCP implements security through:
- Capability-based access: Servers only expose what they choose
- User consent: Hosts must confirm before calling tools
- Sandboxing: Servers run in isolated processes
- No direct network access: Servers can't make arbitrary requests
Important: Never expose sensitive operations without proper authentication and authorization in your MCP server.
Next, we'll set up your development environment for MCP. :::
Sign in to rate