MCP Protocol (Model Context Protocol)
Open standard from Anthropic for exposing tools, resources, and prompts to LLM agents. The 'USB-C of agent tools' — vendor-neutral and composable.
One protocol; any LLM client; any tool server. MCP is the agent-tool interoperability layer that emerged in 2024–2025. Status: STUB — promoted to OUTLINE in Y5 Phase 48.
What this pattern is
The Model Context Protocol (MCP) is an open standard, stewarded by Anthropic, that defines how LLM agents discover and invoke tools, resources, and prompts from external servers. An MCP server advertises a catalog of capabilities (tools the agent can call, resources the agent can read, prompts the agent can use). An MCP client (Claude Desktop, Claude Code, LangGraph runtime, custom agent runtime) consumes the catalog and lets the LLM invoke them through the protocol. The vendor neutrality is the value — the same MCP server can serve any compliant client.
For /root, the Y5 Phase 48 deliverable is three MCP servers: mcp-ops-handbook (exposes RAG over the ops-handbook corpus); mcp-data-tier (exposes telemetry queries against Iceberg + Prometheus); mcp-platform-ctl (exposes platform-ctl operations under approval). The agent runtime composes them; AIOps consumes the composition.
The pattern’s design is intentionally minimal. MCP defines transport (stdio, HTTP, WebSocket), message format (JSON-RPC), capability negotiation (what does the server offer, what does the client want), and message types (tool calls, resource reads, prompt requests). It doesn’t prescribe implementation language, authentication approach, or specific tool semantics. This minimalism is what allows MCP to work across ecosystems.
MCP’s emergence solved a real coordination problem. Before MCP, each LLM vendor had its own tool-use API with slightly different semantics. Building tools that worked with Claude and OpenAI required duplicate implementations. Building tools that also worked with LangChain, LlamaIndex, and custom runtimes required more duplication. MCP is one protocol that any client can consume and any server can implement, so tool implementations are portable.
The pattern parallels earlier interoperability successes. HTTP standardized web transport; sites work with any browser. USB standardized device connectors; devices work with any port. MCP standardizes agent-tool interfaces; tools work with any agent framework. The analogy in vendor talks (“USB-C for AI”) captures this — the value is the network effect of standardization, not any specific technical feature.
Concrete instances in the wild
- Claude Desktop MCP support. First major MCP client. Users can add MCP servers to Claude Desktop for local tool integration.
- Claude Code MCP support. Anthropic’s Claude Code CLI supports MCP servers for tool integration.
- Anthropic MCP SDK. Reference implementations in TypeScript and Python.
- basecamp MCP servers (Y5 Phase 48). mcp-ops-handbook, mcp-data-tier, mcp-platform-ctl. Custom Python MCP servers.
- Filesystem MCP server. Reference implementation for file operations.
- GitHub MCP server. Reference implementation for GitHub API operations.
- Postgres MCP server. Reference implementation for SQL query tools.
- Slack MCP server. Community server for Slack integration.
- Google Drive MCP server. Community server for Drive access.
- LangGraph MCP integration. LangGraph can consume MCP servers as tools.
- OpenAI Assistants + MCP wrappers. Community bridges to use MCP servers via OpenAI Assistants API.
- Custom internal MCP servers at enterprises. Common pattern — expose internal APIs as MCP servers for internal agent workflows.
Why this pattern matters
Without an open protocol, agent-tool integration becomes vendor-locked. If you build tools for Anthropic Claude, they don’t work with OpenAI. If you build tools for OpenAI Assistants, they don’t work with Claude. Switching LLM providers becomes expensive because your tool ecosystem is tied to the vendor. This vendor lock-in is what MCP dissolves.
With MCP, tools become portable across LLM providers. Build an MCP server once; use it from Claude, from OpenAI (via bridges), from local Llama models (via MCP-supporting runtimes), from custom agent frameworks. This is transformative for teams that want to keep options open on LLM provider choice — the tool investment doesn’t need to be rewritten.
The pattern also enables an ecosystem of shared tools. GitHub’s MCP server is built once and used by anyone. Postgres MCP server enables any agent to query any Postgres database. Filesystem MCP server provides file access to any client. These reusable components accelerate agent development significantly — you don’t build tool integrations from scratch for common services.
For enterprise platforms specifically, MCP enables an internal tool marketplace. Platform teams expose their APIs as MCP servers. Application teams consume them in agents. New tools become available to all agents. The pattern parallels service mesh — the platform provides infrastructure primitives; applications consume them uniformly.
For basecamp specifically, MCP is the mechanism by which the platform’s own components expose tools to the AIOps agent. platform-ctl becomes an MCP server so agents can invoke platform operations. The ops-handbook RAG becomes an MCP server so agents can retrieve institutional memory. Telemetry queries become an MCP server. Each is a well-scoped tool integration that any MCP-compliant agent can use.
The pattern also matters for security posture. MCP servers can enforce authentication, authorization, and audit at the server level. The client (agent) doesn’t need to trust the LLM with credentials; the credentials live in the MCP server. This separation means a compromised agent can’t leak credentials — it can only invoke tools the server allows.
The failure modes to know: MCP servers with insufficient auth (any agent can invoke sensitive tools); MCP servers without audit (invocations are invisible to platform teams); MCP servers with poor error handling (agents get confused by cryptic errors); protocol version mismatches (older clients + newer servers). Each has known mitigations, but adopting MCP means engineering for these.
MCP ecosystem maturity is still developing (as of mid-2026). The protocol itself is stable. Reference implementations exist. Client support is broadening beyond Anthropic’s own tools. Third-party MCP servers are emerging. Cross-vendor bridges (using MCP servers with OpenAI Assistants, for example) are appearing. The trajectory looks like an emerging standard rather than a locked-in specification, but the momentum is real.
Depth progression
STUB ← you are here.
OUTLINE Promoted when Y5 Phase 48 ships the 3 MCP servers on basecamp.
DEEP Out of scope unless MCP ecosystem maturity demands DEEP. Default: OUTLINE.
Preview: what OUTLINE will answer
When Y5 Phase 48 promotes this entry to OUTLINE, it will name:
- PROBLEM. How do you make agent tools portable across LLM providers and reusable across teams?
- PRINCIPLES. Server advertises capabilities; client consumes them. Transport-agnostic (stdio, HTTP, WebSocket). Vendor-neutral. Minimal protocol, maximum interoperability. Auth and audit at the server. Reusable components enable ecosystem.
- TRADE-OFFS. MCP (portable, needs client support) vs vendor-specific tool APIs (native, locked in). Local MCP server (fast, personal) vs remote (shared, needs auth). SDK-based (typed) vs raw protocol (flexible). Rich server (many tools, complex) vs narrow (single-purpose, composable).
- TOOLS (time-stamped as of 2026-06): MCP specification, Anthropic MCP SDK (TypeScript/Python), Claude Desktop / Claude Code (clients), community MCP servers (filesystem, GitHub, Postgres, Slack, etc.), custom internal MCP servers.
The DEEP promotion is out of scope for basecamp default; if pursued (e.g., MCP ecosystem maturity or Y5 capstone direction demands it), it would add MASTERY (operating multiple MCP servers on basecamp), COMPARE (MCP vs vendor-specific tool APIs), OPERATE (a specific MCP-related event), and CONTRIBUTE (an MCP server contribution or protocol documentation improvement).
Canonical references
- MCP specification. Free at modelcontextprotocol.io.
- Anthropic MCP announcement and documentation. Free at anthropic.com.
- Anthropic MCP SDK (TypeScript + Python). Free at github.com/modelcontextprotocol.
- Community MCP server directory. Free at modelcontextprotocol.io/servers.
- Simon Willison’s writing on MCP. Free at simonwillison.net.
Cross-references
- Y5 Phase 48: Agent Runtime + MCP
- Related: tool-use, agent-loop, ai-security
- Industry: Platform Patterns — Agent platforms + MCP
- Canonical reference: MCP specification (Anthropic)