Skip to main content

Model Context Protocol

Model Context Protocol

{
  "jsonrpc": "2.0",
  "id": 2,
  "method": "tools/call",
  "params": {
    "name": "get_weather",
    "arguments": {
      "location": "New York"
    }
  }
}

Tool

  • name
  • title
  • description
  • inputSchema
  • outputSchema
  • annotations: destructiveHint, idempotentHint, openWorldHint, readOnlyHint.
{
  "name": "get_stock_price",
  "title": "Stock Price Retrieval Tool",
  "description": "Get stock price for a specific ticker symbol. If 'date' is provided, it will retrieve closing price.",
  "inputSchema": {
    "type": "object",
    "properties": {
      "symbol": {
        "type": "string",
        "description": "Stock ticker symbol"
      },
      "date": {
        "type": "string",
        "description": "Date to retrieve (in YYYY-MM-DD format)"
      }
    },
    "required": ["symbol"]
  },
  "outputSchema": {
    "type": "object",
    "properties": {
      "price": {
        "type": "number",
        "description": "Stock price"
      },
      "date": {
        "type": "string",
        "description": "Stock price date"
      }
    },
    "required": ["price", "date"]
  },
  "annotations": {
    "readOnlyHint": "true"
  }
}

Error Handling

{
  "jsonrpc": "2.0",
  "id": 3,
  "error": {
    "code": -32602,
    "message": "Unknown tool: invalid_tool_name. It may be misspelled, or the tool may not exist on this server."
  }
}
{
  "jsonrpc": "2.0",
  "id": 4,
  "result": {
    "content": [
      {
        "type": "text",
        "text": "Failed to fetch weather data: API rate limit exceeded. Wait 15 seconds before calling this tool again."
      }
    ],
    "isError": true
  }
}

Security

  • Explicit allowlist.
  • Package pinning.
  • Secure gateway.
  • Controlled server environment.
  • Prevent naming collisions.
  • Lifecycle hooks.
  • Require human-in-the-loop (HITL): long-running operations, high-risk operations.
  • Input validation.
  • Output sanitization.
  • Separate system prompts.
  • Least privilege.

Best Practices

Build good MCP servers:

  • Outcomes over operations: don't convert REST APIs 1:1 into MCP tools.
  • Flatten arguments.
  • Fewer tools and tighter responses:
    • 5–15 tools per server.
    • One server, one job.
    • Delete unused tools.
    • Split by persona (Admin/user).
  • Name for discovery {service}_{action}_{resource}: e.g. slack_send_message, linear_list_issues.
  • Paginate large results.

Library

SDK

  • FastMCP: Build MCP servers and clients.

API

Browser

Integration

Memory

  • Memory: Automatically captures project context, architecture decisions, and code patterns.

Collections

References