Raviole Labs
LeRaviole

What is MCP? A complete guide to the Model Context Protocol (2026)

MCP (Model Context Protocol) is the open standard that lets any AI agent — Claude, Cursor, Windsurf, Clawbot — call external tools and data sources. Here's how it works, why it matters, and what to build with it.

mcpai agentstool callinganthropicguide

If you build with AI agents in 2026, you have heard the term MCP thrown around constantly. Anthropic published the spec in late 2024, and within a year almost every serious agent framework adopted it. This is the guide we wish existed when we started.

TL;DR

MCP (Model Context Protocol) is an open standard from Anthropic for connecting AI agents to external tools and data sources. An MCP server exposes a capability (read live data, control a browser, query a memory store, send a message) and any MCP-compatible client can invoke it. The model itself does not change. The protocol is the contract.

Clients today: Claude Desktop, Cursor, Windsurf, Clawbot, OpenClaw, and a growing list of frameworks (LangChain, LlamaIndex, plus most production agent stacks).

Servers: anything you build. We ship three at Raviole LabsPredMCP for prediction market data, RoverMCP for real browser control, EngramMCP for local-first semantic memory.

Why MCP exists

Tool-use capable LLMs (Claude 3+, GPT-4+, Gemini, local models with function calling) hit the same wall: their context is small, their training data is months stale, and they have no native way to do things. You patch this with function calling, but every integration becomes a one-off. Your Claude Desktop tools do not transfer to Cursor. Your Cursor MCP setup does not work in your Python agent.

Before MCP:

Build the same “Slack bridge” three times for Claude, GPT, and your internal agent. Maintain three versions of the same tool definitions. Refactor when any of them ships a breaking change.

After MCP:

Build the Slack bridge once as an MCP server. Every MCP client picks it up. Add a new client (Windsurf, Clawbot, anything new) and the tool is already there.

How it works (the 30-second version)

  1. Server publishes a JSON-schema of tools it exposes.
  2. Client (your AI app) connects to one or more servers over stdio or HTTP+SSE.
  3. Model sees the tools listed in its system prompt, decides when to call them, gets the JSON response, reasons about it.
  4. You never write glue code between the model and the tool.

Servers can also expose resources (files, URLs, structured data) and prompts (templated user-side workflows). Most production servers focus on tools; resources and prompts are useful but secondary.

Tool, resource, prompt — what is the difference?

What it isWhen to use
ToolA function the model decides to callVerbs: fetch, compute, send, navigate
ResourceA document the client reads into contextStatic-ish data: docs, schemas, fixtures
PromptA user-side templated workflow”Slash commands” the human triggers

In practice, 80% of MCP servers in the wild are tool-only. Start with tools. Add resources if you find yourself stuffing large static blobs into every tool response.

Architecture, in one diagram

┌──────────────────┐         ┌──────────────────────────┐
│   AI client      │         │   MCP server (yours)     │
│ (Claude Desktop, │ ◄────► │  - exposes tools         │
│  Cursor,         │  stdio  │  - validates schemas     │
│  Windsurf, ...)  │  or SSE │  - holds the auth        │
└─────────▲────────┘         └────────────▲─────────────┘
          │                               │
          │ user prompt                   │ external API,
          │ + tool results                │ database, browser, etc.
          ▼                               ▼
        Model                       Real world

The model never talks to your external API directly. The MCP server is the trust boundary: you keep credentials there, validate inputs, log calls, rate-limit. The client only sees JSON it can pass to the model.

What MCP is good for

  • Live data: market signals, weather, status of services your agent needs to reason about. PredMCP is exactly this for prediction markets and crypto perps.
  • Stateful operations: anything that mutates real world state (send a Slack message, post a tweet, place an order). MCP gives you a clean place to gate, audit, and confirm.
  • Browser control: filling forms behind auth, scraping JS-heavy sites, automating UIs that have no public API. That is RoverMCP territory.
  • Persistent memory and RAG: long-term context across sessions, semantic search over your private documents. See EngramMCP.
  • Internal tooling: wire your agent into your company stack (Linear, Notion, GitHub, AWS) with one server per surface.

What MCP is not

  • Not a framework. No opinion on how you build the agent, plan, or reason. MCP is the wire protocol between your tool and the model.
  • Not a runtime. You host the server. Cloudflare Workers, a tiny VM, your laptop — anywhere that speaks HTTP works.
  • Not a marketplace. There are public lists of MCP servers, but no central registry, no auth handshake, no store. Each install is direct.
  • Not RAG. RAG can be packaged as an MCP server (we are doing that with EngramMCP), but MCP itself does not impose a retrieval pattern.

Common MCP server categories

After watching the ecosystem grow for a year, the servers that get adopted fall into a few buckets:

  1. Data MCPs. Live market data, weather, news, status pages. The value is the freshness and the cross-source aggregation.
  2. Action MCPs. Send messages, post content, place orders, open tickets. The risk is high so the schema needs to be tight.
  3. Memory MCPs. Vector search, embeddings, semantic retrieval over private docs. The win is owning your data instead of renting it from a vendor.
  4. Browser MCPs. Real or headless browser control for agents that need to operate UIs without APIs.
  5. Dev tool MCPs. Git, GitHub, Linear, Sentry, log search. These tend to ship as part of the editor (Cursor, Windsurf).

Picking a client

ClientBest forCaveats
Claude DesktopPersonal workflows, conversational useSingle-user, manual config edits
Cursor / WindsurfCode-centric workflows, dev MCPsMCP is one capability among many
Clawbot / OpenClawProduction agents, custom UIMore setup, more power
Custom (Anthropic SDK)Anything elseYou wire the loop yourself

Pick the client based on what the agent is for, then the MCP servers it needs follow naturally.

How to start

If you want to consume an MCP server, install one and point your client at it. PredMCP for example: get a free API key at predmcp.com, drop the URL into your Claude Desktop config, ask Claude a market question.

If you want to build one, the Anthropic MCP SDKs (TypeScript and Python) make a “hello world” server a 50-line file. Start with one tool, expose it, hit it from Claude Desktop, iterate. Production-readiness is mostly about auth, rate limiting, observability, and idempotency — the same problems as any HTTP service.

What we publish on MCP

We ship MCP servers as our main product. Every week the Le Raviole newsletter on Medium and the Raviole Labs blog cover what we learn shipping them: specific tool design choices, performance numbers, what breaks, what to avoid.

If you build MCP servers too, come hang out in our Discord or DM @LeRaviole_ on X. We trade notes.

TL;DR repeated for the people who scrolled here first: MCP is the contract between AI agents and the rest of the world. Tools, resources, prompts. Pick a client (Claude Desktop, Cursor, Windsurf, Clawbot, etc.), install or build a server, and your agent can do things it could not do five minutes ago.