Model Context Protocol: Building Production-Ready AI Integrations

Understanding the Integration Problem

Working with AI integrations revealed a pattern: every new AI model needs custom connections to every data source and tool. The math is brutal; M models multiplied by N tools means M×N custom implementations. I've watched teams spend weeks building bespoke integrations for Slack, GitHub, and databases, only to repeat the entire process when switching AI providers.

Traditional APIs weren't designed for this. REST endpoints expect predictable request patterns, but AI agents generate hundreds of requests per conversation with wildly different latency requirements. GraphQL helps with flexible queries, but lacks built-in support for dynamic tool discovery or session management across multiple invocations.

Model Context Protocol (MCP) addresses this by standardizing the integration layer. Instead of building custom connections between each AI model and service combination, MCP provides a universal protocol; similar to how USB-C standardized device connections.

What MCP Actually Is

MCP is a protocol specification for AI-to-service communication, launched by Anthropic in November 2024. Within its first year, OpenAI, Google DeepMind, and enterprise platforms like SAP, Oracle, and Docker adopted it. The protocol defines how AI systems discover and invoke tools, access resources, and manage sessions.

Here's the architecture:

Core primitives:

Tools: Executable functions the AI can invoke (model-controlled)
Resources: Data sources the application manages (application-controlled)
Prompts: Reusable templates for structuring interactions

Transport options:

stdio: Local subprocess communication via stdin/stdout (development)
Streamable HTTP: Remote HTTP POST with optional SSE streaming (production)

The protocol uses JSON-RPC 2.0 for all message exchange, ensuring consistent communication patterns regardless of transport.

Building Your First MCP Server

Let's build a minimal viable server that exposes filesystem operations. This demonstrates core concepts: server initialization, tool registration, schema validation, and security constraints.

typescript

import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";import { z } from "zod";import { readdir, readFile } from "fs/promises";import { join } from "path";
// Initialize server with metadataconst server = new McpServer({  name: "filesystem-server",  version: "1.0.0",});
// Define a tool for listing directory contentsserver.registerTool(  "list_directory",  {    title: "List Directory",    description: "List contents of a directory",    inputSchema: {      type: "object",      properties: {        path: {          type: "string",          description: "Directory path to list"        }      },      required: ["path"]    }  },  async ({ path }) => {    // Security: Ensure path is within allowed directory    const allowedDir = process.env.HOME || "/";    const fullPath = join(allowedDir, path);
    if (!fullPath.startsWith(allowedDir)) {      throw new Error("Access denied: Path outside allowed directory");    }
    const entries = await readdir(fullPath, { withFileTypes: true });
    return {      content: [        {          type: "text",          text: JSON.stringify(            entries.map(entry => ({              name: entry.name,              type: entry.isDirectory() ? "directory" : "file"            })),            null,            2          ),        },      ],    };  });
// Tool for reading file contentsserver.registerTool(  "read_file",  {    title: "Read File",    description: "Read contents of a file",    inputSchema: {      type: "object",      properties: {        path: {          type: "string",          description: "File path to read"        }      },      required: ["path"]    }  },  async ({ path }) => {    // Validate path - no traversal, must be in home directory    if (path.includes("..") || !path.startsWith(process.env.HOME || "/")) {      throw new Error("Invalid path");    }
    try {      const content = await readFile(path, "utf-8");      return {        content: [          {            type: "text",            text: content,          },        ],      };    } catch (error) {      console.error(`Failed to read file: ${error.message}`);      return {        content: [          {            type: "text",            text: `Error reading file: ${error.message}`,          },        ],        isError: true,      };    }  });
// Start server with stdio transportasync function main() {  const transport = new StdioServerTransport();  await server.connect(transport);  console.error("Filesystem MCP server running on stdio");}
main().catch(console.error);

import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";import { z } from "zod";import { readdir, readFile } from "fs/promises";import { join } from "path";
// Initialize server with metadataconst server = new McpServer({  name: "filesystem-server",  version: "1.0.0",});
// Define a tool for listing directory contentsserver.registerTool(  "list_directory",  {    title: "List Directory",    description: "List contents of a directory",    inputSchema: {      type: "object",      properties: {        path: {          type: "string",          description: "Directory path to list"        }      },      required: ["path"]    }  },  async ({ path }) => {    // Security: Ensure path is within allowed directory    const allowedDir = process.env.HOME || "/";    const fullPath = join(allowedDir, path);
    if (!fullPath.startsWith(allowedDir)) {      throw new Error("Access denied: Path outside allowed directory");    }
    const entries = await readdir(fullPath, { withFileTypes: true });
    return {      content: [        {          type: "text",          text: JSON.stringify(            entries.map(entry => ({              name: entry.name,              type: entry.isDirectory() ? "directory" : "file"            })),            null,            2          ),        },      ],    };  });
// Tool for reading file contentsserver.registerTool(  "read_file",  {    title: "Read File",    description: "Read contents of a file",    inputSchema: {      type: "object",      properties: {        path: {          type: "string",          description: "File path to read"        }      },      required: ["path"]    }  },  async ({ path }) => {    // Validate path - no traversal, must be in home directory    if (path.includes("..") || !path.startsWith(process.env.HOME || "/")) {      throw new Error("Invalid path");    }
    try {      const content = await readFile(path, "utf-8");      return {        content: [          {            type: "text",            text: content,          },        ],      };    } catch (error) {      console.error(`Failed to read file: ${error.message}`);      return {        content: [          {            type: "text",            text: `Error reading file: ${error.message}`,          },        ],        isError: true,      };    }  });
// Start server with stdio transportasync function main() {  const transport = new StdioServerTransport();  await server.connect(transport);  console.error("Filesystem MCP server running on stdio");}
main().catch(console.error);

Critical implementation details:

Logging to stderr: stdout is reserved for JSON-RPC messages. Writing to stdout breaks the protocol.
Zod validation: Every tool parameter needs schema validation. AI-generated inputs cannot be trusted.
Path sandboxing: File operations must enforce security constraints through code, not tool descriptions.
Error handling: Return error content instead of throwing exceptions to keep the server running.

Test this server using the MCP Inspector:

Resources vs Tools: Understanding the Difference

Tools and resources solve different problems. Confusing them leads to inefficient implementations.

Tools (model-controlled):

AI decides when to invoke
Can have side effects (create, update, delete)
Designed for actions and operations
Examples: send_email, create_database, deploy_service

Resources (application-controlled):

Application manages access and discovery
Read-only, no side effects
Designed for data retrieval
Examples: file contents, database records, API documentation

Here's a resource implementation:

typescript

import { ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
// Register a resource template with URI parametersserver.registerResource(  "file-contents",  new ResourceTemplate("file://{filepath}", { list: undefined }),  {    title: "File Contents",    description: "Read contents of a specific file",    mimeType: "text/plain",  },  async (uri, { filepath }) => {    // Validate filepath    const allowedDir = process.env.HOME || "/";    if (!filepath.startsWith(allowedDir)) {      throw new Error("Access denied");    }
    const content = await readFile(filepath, "utf-8");    return {      contents: [        {          uri: uri.href,          mimeType: "text/plain",          text: content,        },      ],    };  });

import { ResourceTemplate } from "@modelcontextprotocol/sdk/server/mcp.js";
// Register a resource template with URI parametersserver.registerResource(  "file-contents",  new ResourceTemplate("file://{filepath}", { list: undefined }),  {    title: "File Contents",    description: "Read contents of a specific file",    mimeType: "text/plain",  },  async (uri, { filepath }) => {    // Validate filepath    const allowedDir = process.env.HOME || "/";    if (!filepath.startsWith(allowedDir)) {      throw new Error("Access denied");    }
    const content = await readFile(filepath, "utf-8");    return {      contents: [        {          uri: uri.href,          mimeType: "text/plain",          text: content,        },      ],    };  });

The key difference: tools appear in the AI's function list and can be invoked based on conversation context. Resources require the application to explicitly request them via URI.

Managing Multiple MCP Servers

Production applications typically connect to multiple MCP servers; one for GitHub operations, another for databases, a third for Slack notifications. This requires careful tool namespacing and connection management.

typescript

import { Client } from "@modelcontextprotocol/sdk/client/index.js";import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
class MultiServerClient {  private clients: Map<string, Client> = new Map();
  async addServer(name: string, command: string, args: string[]) {    const transport = new StdioClientTransport({      command,      args,      stderr: "inherit",    });
    const client = new Client(      {        name: "multi-client",        version: "1.0.0",      },      {        capabilities: {          roots: { listChanged: true },          sampling: {},        },      }    );
    await client.connect(transport);    this.clients.set(name, client);
    console.error(`Connected to ${name} server`);    return client;  }
  async discoverAllTools() {    const allTools = new Map();
    for (const [serverName, client] of this.clients) {      const { tools } = await client.listTools();
      tools.forEach(tool => {        // Namespace tools by server to avoid conflicts        allTools.set(`${serverName}:${tool.name}`, {          ...tool,          server: serverName,        });      });    }
    return allTools;  }
  async callTool(serverName: string, toolName: string, args: any) {    const client = this.clients.get(serverName);    if (!client) {      throw new Error(`Server ${serverName} not found`);    }
    return await client.callTool({ name: toolName, arguments: args });  }}
// Usageconst mcpClient = new MultiServerClient();await mcpClient.addServer("filesystem", "node", ["./filesystem-server.js"]);await mcpClient.addServer("database", "node", ["./database-server.js"]);await mcpClient.addServer("github", "node", ["./github-server.js"]);
const tools = await mcpClient.discoverAllTools();console.log("Available tools:", Array.from(tools.keys()));// Output: ["filesystem:list_directory", "filesystem:read_file",//  "database:query", "github:create_pr", ...]

import { Client } from "@modelcontextprotocol/sdk/client/index.js";import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
class MultiServerClient {  private clients: Map<string, Client> = new Map();
  async addServer(name: string, command: string, args: string[]) {    const transport = new StdioClientTransport({      command,      args,      stderr: "inherit",    });
    const client = new Client(      {        name: "multi-client",        version: "1.0.0",      },      {        capabilities: {          roots: { listChanged: true },          sampling: {},        },      }    );
    await client.connect(transport);    this.clients.set(name, client);
    console.error(`Connected to ${name} server`);    return client;  }
  async discoverAllTools() {    const allTools = new Map();
    for (const [serverName, client] of this.clients) {      const { tools } = await client.listTools();
      tools.forEach(tool => {        // Namespace tools by server to avoid conflicts        allTools.set(`${serverName}:${tool.name}`, {          ...tool,          server: serverName,        });      });    }
    return allTools;  }
  async callTool(serverName: string, toolName: string, args: any) {    const client = this.clients.get(serverName);    if (!client) {      throw new Error(`Server ${serverName} not found`);    }
    return await client.callTool({ name: toolName, arguments: args });  }}
// Usageconst mcpClient = new MultiServerClient();await mcpClient.addServer("filesystem", "node", ["./filesystem-server.js"]);await mcpClient.addServer("database", "node", ["./database-server.js"]);await mcpClient.addServer("github", "node", ["./github-server.js"]);
const tools = await mcpClient.discoverAllTools();console.log("Available tools:", Array.from(tools.keys()));// Output: ["filesystem:list_directory", "filesystem:read_file",//  "database:query", "github:create_pr", ...]

Tool namespacing patterns:

Server prefix prevents conflicts (multiple servers might have get_status tools)
Maintains clear ownership of operations
Simplifies debugging by identifying which server handled a request

Production HTTP Deployment

Stdio works for local development, but production systems need HTTP transport for scalability, monitoring, and multi-client support.

typescript

import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";import express from "express";import crypto from "crypto";
const app = express();
const transport = new StreamableHTTPServerTransport({  enableJsonResponse: true,  sessionIdGenerator: () => crypto.randomUUID(),});
// Allowed origins for CORS and DNS rebinding preventionconst ALLOWED_ORIGINS = [  "http://localhost:3001",  "https://app.example.com",];
function isAllowedOrigin(origin: string | undefined): boolean {  if (!origin) return false;  return ALLOWED_ORIGINS.includes(origin);}
// MCP message endpointapp.post("/mcp/message", async (req, res) => {  // Validate origin to prevent DNS rebinding attacks  const origin = req.headers.origin;  if (origin && !isAllowedOrigin(origin)) {    return res.status(403).json({ error: "Forbidden origin" });  }
  // Session management  const sessionId = req.headers["mcp-session-id"] as string;  console.error(`Processing message for session: ${sessionId}`);
  await transport.handleMessage(req, res);});
// SSE endpoint for server-to-client streamingapp.get("/mcp/events", async (req, res) => {  const origin = req.headers.origin;  if (origin && !isAllowedOrigin(origin)) {    return res.status(403).send("Forbidden");  }
  // Resume from last event if connection dropped  const lastEventId = req.headers["last-event-id"] as string;  if (lastEventId) {    console.error(`Resuming from event ${lastEventId}`);  }
  await transport.handleStream(req, res);});
// Health check endpointapp.get("/health", (req, res) => {  res.json({ status: "healthy", timestamp: new Date().toISOString() });});
// Metrics endpoint (Prometheus format)app.get("/metrics", (req, res) => {  // Implementation depends on monitoring setup  res.send("# MCP server metrics\n");});
app.listen(3000, () => {  console.error("MCP server listening on http://localhost:3000");});

import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";import express from "express";import crypto from "crypto";
const app = express();
const transport = new StreamableHTTPServerTransport({  enableJsonResponse: true,  sessionIdGenerator: () => crypto.randomUUID(),});
// Allowed origins for CORS and DNS rebinding preventionconst ALLOWED_ORIGINS = [  "http://localhost:3001",  "https://app.example.com",];
function isAllowedOrigin(origin: string | undefined): boolean {  if (!origin) return false;  return ALLOWED_ORIGINS.includes(origin);}
// MCP message endpointapp.post("/mcp/message", async (req, res) => {  // Validate origin to prevent DNS rebinding attacks  const origin = req.headers.origin;  if (origin && !isAllowedOrigin(origin)) {    return res.status(403).json({ error: "Forbidden origin" });  }
  // Session management  const sessionId = req.headers["mcp-session-id"] as string;  console.error(`Processing message for session: ${sessionId}`);
  await transport.handleMessage(req, res);});
// SSE endpoint for server-to-client streamingapp.get("/mcp/events", async (req, res) => {  const origin = req.headers.origin;  if (origin && !isAllowedOrigin(origin)) {    return res.status(403).send("Forbidden");  }
  // Resume from last event if connection dropped  const lastEventId = req.headers["last-event-id"] as string;  if (lastEventId) {    console.error(`Resuming from event ${lastEventId}`);  }
  await transport.handleStream(req, res);});
// Health check endpointapp.get("/health", (req, res) => {  res.json({ status: "healthy", timestamp: new Date().toISOString() });});
// Metrics endpoint (Prometheus format)app.get("/metrics", (req, res) => {  // Implementation depends on monitoring setup  res.send("# MCP server metrics\n");});
app.listen(3000, () => {  console.error("MCP server listening on http://localhost:3000");});

Production considerations:

Origin validation: Prevents DNS rebinding attacks where malicious sites connect to localhost servers
Session management: HTTP is stateless; session IDs track conversation context across requests
SSE resumability: Last-Event-ID header allows clients to resume from specific events after connection drops
Health checks: Essential for load balancer health detection and orchestration platforms
Metrics: Observability for latency tracking, error rates, and capacity planning

Security: Beyond Input Validation

MCP security requires defense in depth. Tool descriptions are not security controls; they're hints for the AI model, which can be bypassed through prompt injection.

typescript

// WRONG: Relying on description for securityserver.registerTool(  "delete_database",  {    title: "Delete Database",    description: "Delete entire database - use with extreme caution",    inputSchema: {      type: "object",      properties: {        confirm: { type: "boolean" }      },      required: ["confirm"]    }  },  async ({ confirm }) => {    // Description says "only use when user explicitly requests"    // AI might invoke anyway due to prompt injection!    await dropDatabase();  });
// CORRECT: Implement actual safeguardsserver.registerTool(  "delete_database",  {    title: "Delete Database",    description: "Delete entire database with proper authorization",    inputSchema: {      type: "object",      properties: {        confirm: {          type: "string",          enum: ["DELETE_EVERYTHING"],          description: "Must be exact string DELETE_EVERYTHING"        },        adminToken: {          type: "string",          description: "Admin authorization token"        }      },      required: ["confirm", "adminToken"]    }  },  async ({ confirm, adminToken }) => {    if (!verifyAdminToken(adminToken)) {      throw new Error("Unauthorized");    }
    // Audit logging    auditLog("delete-database", { token: adminToken });
    await dropDatabase();  });

// WRONG: Relying on description for securityserver.registerTool(  "delete_database",  {    title: "Delete Database",    description: "Delete entire database - use with extreme caution",    inputSchema: {      type: "object",      properties: {        confirm: { type: "boolean" }      },      required: ["confirm"]    }  },  async ({ confirm }) => {    // Description says "only use when user explicitly requests"    // AI might invoke anyway due to prompt injection!    await dropDatabase();  });
// CORRECT: Implement actual safeguardsserver.registerTool(  "delete_database",  {    title: "Delete Database",    description: "Delete entire database with proper authorization",    inputSchema: {      type: "object",      properties: {        confirm: {          type: "string",          enum: ["DELETE_EVERYTHING"],          description: "Must be exact string DELETE_EVERYTHING"        },        adminToken: {          type: "string",          description: "Admin authorization token"        }      },      required: ["confirm", "adminToken"]    }  },  async ({ confirm, adminToken }) => {    if (!verifyAdminToken(adminToken)) {      throw new Error("Unauthorized");    }
    // Audit logging    auditLog("delete-database", { token: adminToken });
    await dropDatabase();  });

Security layers to implement:

typescript

// 1. Capability-based access controlclass SecureFileSystem {  private allowedPaths: Set<string>;
  constructor(allowedPaths: string[]) {    this.allowedPaths = new Set(allowedPaths);  }
  async readFile(path: string): Promise<string> {    if (!this.allowedPaths.has(path)) {      throw new Error("Access denied");    }    return await readFile(path, "utf-8");  }}
// 2. Audit logging for compliancefunction auditLog(action: string, params: any, result: any) {  console.error(JSON.stringify({    timestamp: new Date().toISOString(),    action,    params,    result: result.success ? "success" : "failure",    error: result.error,  }));}
// 3. Rate limiting per clientconst rateLimiter = new Map<string, number>();
function checkRateLimit(clientId: string, maxPerSecond: number = 10): boolean {  const now = Date.now();  const key = `${clientId}:${Math.floor(now / 1000)}`;  const count = rateLimiter.get(key) || 0;
  if (count >= maxPerSecond) {    return false;  }
  rateLimiter.set(key, count + 1);
  // Clean up old entries  for (const [k, v] of rateLimiter.entries()) {    const timestamp = parseInt(k.split(':')[1]);    if (timestamp < Math.floor(now / 1000) - 60) {      rateLimiter.delete(k);    }  }
  return true;}
// 4. Input sanitization beyond Zodfunction sanitizePath(path: string): string {  // Remove null bytes, normalize separators  return path    .replace(/\0/g, '')    .replace(/\\/g, '/')    .replace(/\/+/g, '/');}

// 1. Capability-based access controlclass SecureFileSystem {  private allowedPaths: Set<string>;
  constructor(allowedPaths: string[]) {    this.allowedPaths = new Set(allowedPaths);  }
  async readFile(path: string): Promise<string> {    if (!this.allowedPaths.has(path)) {      throw new Error("Access denied");    }    return await readFile(path, "utf-8");  }}
// 2. Audit logging for compliancefunction auditLog(action: string, params: any, result: any) {  console.error(JSON.stringify({    timestamp: new Date().toISOString(),    action,    params,    result: result.success ? "success" : "failure",    error: result.error,  }));}
// 3. Rate limiting per clientconst rateLimiter = new Map<string, number>();
function checkRateLimit(clientId: string, maxPerSecond: number = 10): boolean {  const now = Date.now();  const key = `${clientId}:${Math.floor(now / 1000)}`;  const count = rateLimiter.get(key) || 0;
  if (count >= maxPerSecond) {    return false;  }
  rateLimiter.set(key, count + 1);
  // Clean up old entries  for (const [k, v] of rateLimiter.entries()) {    const timestamp = parseInt(k.split(':')[1]);    if (timestamp < Math.floor(now / 1000) - 60) {      rateLimiter.delete(k);    }  }
  return true;}
// 4. Input sanitization beyond Zodfunction sanitizePath(path: string): string {  // Remove null bytes, normalize separators  return path    .replace(/\0/g, '')    .replace(/\\/g, '/')    .replace(/\/+/g, '/');}

Critical security issues in production:

Prompt injection: Malicious instructions embedded in user input can override tool behavior
Tool permission abuse: Tools granted excessive privileges without proper authorization
Rug pull attacks: Tools that change behavior after installation (verify checksums)
Tool shadowing: One server's tools overriding another's with same names

Use security tools like Invariant Labs MCP-Scan for static analysis and Akto MCP Security for runtime monitoring.

Optimizing for Context Windows

Every byte returned from tools consumes the AI model's context window. With hundreds of tool invocations per conversation, inefficient responses quickly exhaust available tokens.

typescript

// WRONG: Returning entire API responseserver.registerTool("get_user",  {    title: "Get User",    description: "Fetch user information",    inputSchema: {      type: "object",      properties: {        id: { type: "string", description: "User ID" }      },      required: ["id"]    }  },  async ({ id }) => {  const user = await api.getUser(id);  return {    content: [{      type: "text",      text: JSON.stringify(user)    }]  };  // Returns 50+ fields when only 3 are relevant});
// CORRECT: Return only relevant fieldsserver.registerTool("get_user",  {    title: "Get User",    description: "Fetch user information",    inputSchema: {      type: "object",      properties: {        id: { type: "string", description: "User ID" }      },      required: ["id"]    }  },  async ({ id }) => {  const user = await api.getUser(id);  return {    content: [{      type: "text",      text: JSON.stringify({        name: user.name,        email: user.email,        status: user.status      })    }]  };});

// WRONG: Returning entire API responseserver.registerTool("get_user",  {    title: "Get User",    description: "Fetch user information",    inputSchema: {      type: "object",      properties: {        id: { type: "string", description: "User ID" }      },      required: ["id"]    }  },  async ({ id }) => {  const user = await api.getUser(id);  return {    content: [{      type: "text",      text: JSON.stringify(user)    }]  };  // Returns 50+ fields when only 3 are relevant});
// CORRECT: Return only relevant fieldsserver.registerTool("get_user",  {    title: "Get User",    description: "Fetch user information",    inputSchema: {      type: "object",      properties: {        id: { type: "string", description: "User ID" }      },      required: ["id"]    }  },  async ({ id }) => {  const user = await api.getUser(id);  return {    content: [{      type: "text",      text: JSON.stringify({        name: user.name,        email: user.email,        status: user.status      })    }]  };});

Token optimization strategies:

Schema optimization: Concise tool descriptions (every word counts)
Progressive disclosure: Load detailed data only when needed
Resource links: Reference large content instead of embedding

typescript

// Use resource links for large dataserver.registerTool("analyze_repository",  {    title: "Analyze Repository",    description: "Scan repository for files",    inputSchema: {      type: "object",      properties: {        repo: { type: "string", description: "Repository path" }      },      required: ["repo"]    }  },  async ({ repo }) => {  const files = await scanRepository(repo);
  // Instead of embedding all file contents (100K+ tokens),  // return resource links  return {    content: [      {        type: "text",        text: `Found ${files.length} files. Use read_file tool for details.`      },      ...files.map(f => ({        type: "resource",        resource: { uri: `file://${f}` }      }))    ]  };});

// Use resource links for large dataserver.registerTool("analyze_repository",  {    title: "Analyze Repository",    description: "Scan repository for files",    inputSchema: {      type: "object",      properties: {        repo: { type: "string", description: "Repository path" }      },      required: ["repo"]    }  },  async ({ repo }) => {  const files = await scanRepository(repo);
  // Instead of embedding all file contents (100K+ tokens),  // return resource links  return {    content: [      {        type: "text",        text: `Found ${files.length} files. Use read_file tool for details.`      },      ...files.map(f => ({        type: "resource",        resource: { uri: `file://${f}` }      }))    ]  };});

In one case, switching from full API responses to selective field extraction reduced context window usage by 95% and improved response times by 3x.

MCP vs Traditional APIs: When to Use What

MCP is not a replacement for all APIs; it solves a specific problem. Here's the decision framework:

Use MCP when:

Building AI-first applications (agents, assistants)
Need dynamic tool discovery at runtime
Supporting multiple AI providers (avoiding vendor lock-in)
Session-based workflows with persistent context
Rapid integration development (M+N instead of M×N)

Avoid MCP when:

Traditional client-server applications
Real-time streaming data (use WebSockets instead)
Sub-100ms latency requirements
Agent-to-agent communication (not yet supported in spec)

Hybrid patterns work well:

typescript

// MCP server wrapping existing REST APIclass RESTtoMCPAdapter {  constructor(private baseURL: string, private apiKey: string) {}
  createMCPTools(server: McpServer) {    // Generate tools from OpenAPI spec    server.registerTool("create_order",      {        title: "Create Order",        description: "Create a new order",        inputSchema: {          type: "object",          properties: {            items: {              type: "array",              items: {                type: "object",                properties: {                  id: { type: "string" },                  qty: { type: "number" }                }              }            }          },          required: ["items"]        }      },      async ({ items }) => {        const response = await fetch(`${this.baseURL}/orders`, {          method: 'POST',          headers: { 'Authorization': `Bearer ${this.apiKey}` },          body: JSON.stringify({ items })        });
        const data = await response.json();
        // Optimize response for context window        return {          content: [{            type: "text",            text: JSON.stringify({              orderId: data.id,              status: data.status,              total: data.total            })          }]        };      }    );  }}

// MCP server wrapping existing REST APIclass RESTtoMCPAdapter {  constructor(private baseURL: string, private apiKey: string) {}
  createMCPTools(server: McpServer) {    // Generate tools from OpenAPI spec    server.registerTool("create_order",      {        title: "Create Order",        description: "Create a new order",        inputSchema: {          type: "object",          properties: {            items: {              type: "array",              items: {                type: "object",                properties: {                  id: { type: "string" },                  qty: { type: "number" }                }              }            }          },          required: ["items"]        }      },      async ({ items }) => {        const response = await fetch(`${this.baseURL}/orders`, {          method: 'POST',          headers: { 'Authorization': `Bearer ${this.apiKey}` },          body: JSON.stringify({ items })        });
        const data = await response.json();
        // Optimize response for context window        return {          content: [{            type: "text",            text: JSON.stringify({              orderId: data.id,              status: data.status,              total: data.total            })          }]        };      }    );  }}

This pattern lets you maintain existing REST APIs for web/mobile clients while exposing optimized MCP interfaces for AI integrations.

Common Pitfalls and Solutions

Working with MCP revealed patterns that trip up implementations:

1. Protocol Violations

Problem: Writing logs to stdout breaks JSON-RPC parsing.

typescript

// WRONGconsole.log("Starting operation...");
// CORRECTconsole.error("Starting operation...");

// WRONGconsole.log("Starting operation...");
// CORRECTconsole.error("Starting operation...");

2. Stateful stdio vs Stateless HTTP

Problem: In-memory state works with stdio (single process) but fails with HTTP (multiple instances).

typescript

// WRONG - lost between HTTP requestslet sessionState = {};
// CORRECT - use Redis or similarimport { createClient } from "redis";const redis = createClient();
async function getSession(sessionId: string) {  const data = await redis.get(`session:${sessionId}`);  return data ? JSON.parse(data) : {};}

// WRONG - lost between HTTP requestslet sessionState = {};
// CORRECT - use Redis or similarimport { createClient } from "redis";const redis = createClient();
async function getSession(sessionId: string) {  const data = await redis.get(`session:${sessionId}`);  return data ? JSON.parse(data) : {};}

3. Blocking Long Operations

Problem: Synchronous long-running operations block the server.

typescript

// WRONG - blocks for 30 secondsserver.registerTool("process_large_file",  {    title: "Process Large File",    description: "Process a large file",    inputSchema: {      type: "object",      properties: {        path: { type: "string", description: "File path" }      },      required: ["path"]    }  },  async ({ path }) => {  const result = await processFile(path); // Takes 30 seconds  return { content: [{ type: "text", text: result }] };});
// CORRECT - use task pattern (experimental as of Nov 2025)const tasks = new Map<string, { status: string; result?: string }>();
server.registerTool("start_processing",  {    title: "Start Processing",    description: "Start long-running file processing task",    inputSchema: {      type: "object",      properties: {        path: { type: "string", description: "File path to process" }      },      required: ["path"]    }  },  async ({ path }) => {  const taskId = crypto.randomUUID();  tasks.set(taskId, { status: "running" });
  // Process in background  processFile(path).then(result => {    tasks.set(taskId, { status: "completed", result });  });
  return {    content: [{      type: "text",      text: `Started task ${taskId}. Use check_task to monitor progress.`    }]  };});
server.registerTool("check_task",  {    title: "Check Task",    description: "Check status of a processing task",    inputSchema: {      type: "object",      properties: {        taskId: { type: "string", description: "Task ID to check" }      },      required: ["taskId"]    }  },  async ({ taskId }) => {  const task = tasks.get(taskId);  if (!task) {    throw new Error("Task not found");  }  return { content: [{ type: "text", text: JSON.stringify(task) }] };});

// WRONG - blocks for 30 secondsserver.registerTool("process_large_file",  {    title: "Process Large File",    description: "Process a large file",    inputSchema: {      type: "object",      properties: {        path: { type: "string", description: "File path" }      },      required: ["path"]    }  },  async ({ path }) => {  const result = await processFile(path); // Takes 30 seconds  return { content: [{ type: "text", text: result }] };});
// CORRECT - use task pattern (experimental as of Nov 2025)const tasks = new Map<string, { status: string; result?: string }>();
server.registerTool("start_processing",  {    title: "Start Processing",    description: "Start long-running file processing task",    inputSchema: {      type: "object",      properties: {        path: { type: "string", description: "File path to process" }      },      required: ["path"]    }  },  async ({ path }) => {  const taskId = crypto.randomUUID();  tasks.set(taskId, { status: "running" });
  // Process in background  processFile(path).then(result => {    tasks.set(taskId, { status: "completed", result });  });
  return {    content: [{      type: "text",      text: `Started task ${taskId}. Use check_task to monitor progress.`    }]  };});
server.registerTool("check_task",  {    title: "Check Task",    description: "Check status of a processing task",    inputSchema: {      type: "object",      properties: {        taskId: { type: "string", description: "Task ID to check" }      },      required: ["taskId"]    }  },  async ({ taskId }) => {  const task = tasks.get(taskId);  if (!task) {    throw new Error("Task not found");  }  return { content: [{ type: "text", text: JSON.stringify(task) }] };});

4. Insufficient Error Handling

Problem: Unhandled exceptions crash the entire server.

typescript

// WRONG - crashes server on errorserver.registerTool("risky_operation",  {    title: "Risky Operation",    description: "Perform risky operation",    inputSchema: {      type: "object",      properties: {        id: { type: "string", description: "Operation ID" }      },      required: ["id"]    }  },  async ({ id }) => {  const result = await unreliableAPI(id); // Might throw  return { content: [{ type: "text", text: result }] };});
// CORRECT - graceful error responsesserver.registerTool("risky_operation",  {    title: "Risky Operation",    description: "Perform risky operation with error handling",    inputSchema: {      type: "object",      properties: {        id: { type: "string", description: "Operation ID" }      },      required: ["id"]    }  },  async ({ id }) => {  try {    const result = await unreliableAPI(id);    return { content: [{ type: "text", text: result }] };  } catch (error) {    console.error(`Tool failed: ${error.message}`);    return {      content: [{        type: "text",        text: `Operation failed: ${error.message}`      }],      isError: true    };  }});

// WRONG - crashes server on errorserver.registerTool("risky_operation",  {    title: "Risky Operation",    description: "Perform risky operation",    inputSchema: {      type: "object",      properties: {        id: { type: "string", description: "Operation ID" }      },      required: ["id"]    }  },  async ({ id }) => {  const result = await unreliableAPI(id); // Might throw  return { content: [{ type: "text", text: result }] };});
// CORRECT - graceful error responsesserver.registerTool("risky_operation",  {    title: "Risky Operation",    description: "Perform risky operation with error handling",    inputSchema: {      type: "object",      properties: {        id: { type: "string", description: "Operation ID" }      },      required: ["id"]    }  },  async ({ id }) => {  try {    const result = await unreliableAPI(id);    return { content: [{ type: "text", text: result }] };  } catch (error) {    console.error(`Tool failed: ${error.message}`);    return {      content: [{        type: "text",        text: `Operation failed: ${error.message}`      }],      isError: true    };  }});

Performance Patterns

Optimizing MCP servers follows similar patterns to traditional API optimization, with additional considerations for token efficiency.

typescript

// Multi-tier cachingconst memCache = new Map<string, any>(); // L1: In-memory (ms latency)const redisClient = createClient(); // L2: Redis (1-5ms latency)
async function getCachedData(key: string) {  // Try L1  if (memCache.has(key)) {    return memCache.get(key);  }
  // Try L2  const redisData = await redisClient.get(key);  if (redisData) {    const parsed = JSON.parse(redisData);    memCache.set(key, parsed); // Promote to L1    return parsed;  }
  // Fetch from source  const dbData = await db.query(key);  await redisClient.setEx(key, 300, JSON.stringify(dbData)); // 5 min TTL  memCache.set(key, dbData);  return dbData;}

// Multi-tier cachingconst memCache = new Map<string, any>(); // L1: In-memory (ms latency)const redisClient = createClient(); // L2: Redis (1-5ms latency)
async function getCachedData(key: string) {  // Try L1  if (memCache.has(key)) {    return memCache.get(key);  }
  // Try L2  const redisData = await redisClient.get(key);  if (redisData) {    const parsed = JSON.parse(redisData);    memCache.set(key, parsed); // Promote to L1    return parsed;  }
  // Fetch from source  const dbData = await db.query(key);  await redisClient.setEx(key, 300, JSON.stringify(dbData)); // 5 min TTL  memCache.set(key, dbData);  return dbData;}

Performance metrics to track:

Latency: p50, p95, p99 tool invocation duration
Token efficiency: Context window utilization per conversation
Error rates: Success rate by tool type
Geographic impact: US-East hosting typically provides 30-40% lower latency for Anthropic models

In testing, multi-tier caching reduced p95 latency from 200ms to 15ms and decreased database load by 70%.

Real-World Integration Patterns

DevOps Automation

Combining multiple MCP servers creates powerful automation workflows:

typescript

// Multi-server DevOps workflowserver.registerTool("deploy_feature",  {    title: "Deploy Feature",    description: "Deploy a feature branch to an environment",    inputSchema: {      type: "object",      properties: {        branch: { type: "string", description: "Branch to deploy" },        environment: {          type: "string",          enum: ["staging", "production"],          description: "Target environment"        }      },      required: ["branch", "environment"]    }  },  async ({ branch, environment }) => {    // 1. GitHub: Create PR    const pr = await mcpClient.callTool("github", "create_pr", {      branch,      base: "main",      title: `Deploy ${branch} to ${environment}`    });
    // 2. CI: Run tests    const tests = await mcpClient.callTool("ci", "run_tests", {      branch    });
    if (tests.status !== "passed") {      return {        content: [{          type: "text",          text: `Tests failed: ${tests.failures}`        }],        isError: true      };    }
    // 3. Terraform: Apply infrastructure    await mcpClient.callTool("terraform", "apply_plan", {      environment,      autoApprove: environment === "staging"    });
    // 4. Slack: Notify team    await mcpClient.callTool("slack", "send_message", {      channel: "#deployments",      text: `Deployed ${branch} to ${environment}`    });
    return {      content: [{        type: "text",        text: `Successfully deployed to ${environment}`      }]    };  });

// Multi-server DevOps workflowserver.registerTool("deploy_feature",  {    title: "Deploy Feature",    description: "Deploy a feature branch to an environment",    inputSchema: {      type: "object",      properties: {        branch: { type: "string", description: "Branch to deploy" },        environment: {          type: "string",          enum: ["staging", "production"],          description: "Target environment"        }      },      required: ["branch", "environment"]    }  },  async ({ branch, environment }) => {    // 1. GitHub: Create PR    const pr = await mcpClient.callTool("github", "create_pr", {      branch,      base: "main",      title: `Deploy ${branch} to ${environment}`    });
    // 2. CI: Run tests    const tests = await mcpClient.callTool("ci", "run_tests", {      branch    });
    if (tests.status !== "passed") {      return {        content: [{          type: "text",          text: `Tests failed: ${tests.failures}`        }],        isError: true      };    }
    // 3. Terraform: Apply infrastructure    await mcpClient.callTool("terraform", "apply_plan", {      environment,      autoApprove: environment === "staging"    });
    // 4. Slack: Notify team    await mcpClient.callTool("slack", "send_message", {      channel: "#deployments",      text: `Deployed ${branch} to ${environment}`    });
    return {      content: [{        type: "text",        text: `Successfully deployed to ${environment}`      }]    };  });

This pattern reduced deployment time from 45 minutes (manual steps) to 8 minutes (automated via AI agent).

Trade-offs and Decision Framework

MCP is a year old; still maturing. Here's what I've learned about when it makes sense:

Advantages:

Standardization reduces M×N integration problem to M+N
Dynamic discovery eliminates documentation maintenance burden
Growing ecosystem of pre-built servers (filesystem, GitHub, databases)
Session management and resumability built into protocol

Disadvantages:

Specification still evolving (quarterly updates)
Limited production deployment patterns documented
Security concerns require careful implementation
Not designed for agent-to-agent communication yet

Cost considerations:

Initial implementation: 2-5 days per MCP server vs 2-3 weeks for bespoke integration
Infrastructure: stdio is free, HTTP costs ~$50-200/month per service (3 replicas, load balancer)
Learning curve: 1-2 weeks to production-ready expertise

The investment pays off when you need multiple integrations or plan to support multiple AI providers. For single-provider, single-tool scenarios, native function calling might be simpler.

Practical Next Steps

If you're evaluating MCP for your use case:

Start with stdio locally: Build a simple server with 2-3 tools
Test with MCP Inspector: Verify protocol compliance before connecting to AI clients
Implement one production pattern: HTTP transport with proper error handling
Add security layers: Input validation, rate limiting, audit logging
Measure performance: Track latency, token usage, and error rates
Consider hybrid: Wrap existing APIs with MCP adapters rather than rebuilding

The official TypeScript SDK (@modelcontextprotocol/sdk) provides solid foundations. Start there, follow the security guidelines, and optimize based on your actual usage patterns.

MCP solves a real problem; standardizing AI integrations; but it's not magic. Treat it like any production API: validate inputs, handle errors gracefully, monitor performance, and implement defense-in-depth security.

References

spec.modelcontextprotocol.io - Model Context Protocol (MCP) specification.
typescriptlang.org - TypeScript Handbook and language reference.
github.com - TypeScript project wiki (FAQ and design notes).
platform.openai.com - Prompt engineering guide (OpenAI API docs).
developer.mozilla.org - MDN Web Docs (web platform reference).
semver.org - Semantic Versioning specification.

Understanding the Integration Problem#

What MCP Actually Is#

Building Your First MCP Server#

Resources vs Tools: Understanding the Difference#

Managing Multiple MCP Servers#

Production HTTP Deployment#

Security: Beyond Input Validation#

Optimizing for Context Windows#

MCP vs Traditional APIs: When to Use What#

Common Pitfalls and Solutions#

1. Protocol Violations#

2. Stateful stdio vs Stateless HTTP#

3. Blocking Long Operations#

4. Insufficient Error Handling#

Performance Patterns#

Real-World Integration Patterns#

DevOps Automation#

Trade-offs and Decision Framework#

Practical Next Steps#

References#

Related Posts

Understanding the Integration Problem

What MCP Actually Is

Building Your First MCP Server

Resources vs Tools: Understanding the Difference

Managing Multiple MCP Servers

Production HTTP Deployment

Security: Beyond Input Validation

Optimizing for Context Windows

MCP vs Traditional APIs: When to Use What

Common Pitfalls and Solutions

1. Protocol Violations

2. Stateful stdio vs Stateless HTTP

3. Blocking Long Operations

4. Insufficient Error Handling

Performance Patterns

Real-World Integration Patterns

DevOps Automation

Trade-offs and Decision Framework

Practical Next Steps

References