Understanding MCP
MCP Architecture Deep Dive
5 min read
Understanding MCP's architecture is crucial for building effective integrations. Let's explore each component and how they communicate.
The Three Layers
1. Transport Layer
MCP supports two transport mechanisms:
| Transport | Use Case |
|---|---|
| stdio | Local processes, CLI tools |
| SSE (Server-Sent Events) | Remote servers, web-based |
# stdio transport (local)
server = Server(name="my-server")
async with stdio_server() as (read_stream, write_stream):
await server.run(read_stream, write_stream)
# SSE transport (remote)
server = Server(name="my-server")
async with sse_server(port=8000) as (read_stream, write_stream):
await server.run(read_stream, write_stream)
2. Protocol Layer
The protocol layer handles message formatting using JSON-RPC 2.0:
{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "search_database",
"arguments": {
"query": "user emails"
}
}
}
3. Capability Layer
This is where your logic lives - the tools, resources, and prompts you expose.
Message Flow
Here's how a typical MCP interaction works:
- Initialization: Host connects, exchanges capabilities
- Discovery: Host queries available tools/resources
- Invocation: AI calls tools or reads resources
- Response: Server returns results
Host Server
│ │
│──initialize────────▶│
│◀───capabilities─────│
│ │
│──tools/list────────▶│
│◀───available tools──│
│ │
│──tools/call────────▶│
│◀───result───────────│
Security Model
MCP implements security through:
- Capability-based access: Servers only expose what they choose
- User consent: Hosts must confirm before calling tools
- Sandboxing: Servers run in isolated processes
- No direct network access: Servers can't make arbitrary requests
Important: Never expose sensitive operations without proper authentication and authorization in your MCP server.
Next, we'll set up your development environment for MCP. :::