How does an MCP server connect with an AI agent? What is the workflow?
#gen-ai#mcp#agents
Answer
How Does an MCP Server Connect with an AI Agent?
MCP uses a client-server architecture over a local protocol (stdio or HTTP/SSE). Here's the complete connection and workflow.
Architecture Overview
textāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā AI Client ā ā (Claude Desktop / Claude Code / Cursor / IDE) ā ā ā ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā ā ā MCP Client (built-in) ā ā ā āāāāāāāāāāāāāāāā¬āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā āāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā stdio (stdin/stdout) or HTTP/SSE ā āāāāāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā ā MCP Server ā ā āāāāāāāāāāāāāāāā¼āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā ā ā Exposes: Tools | Resources | Prompts ā ā ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā ā ā ā calls ā ā External services (DB, API, filesystem, browser) ā āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
Connection Protocol (Step by Step)
text1. AI client reads MCP config (e.g., ~/.claude.json) 2. Client launches MCP server process (e.g., npx @mcp/filesystem) 3. Client sends: initialize request 4. Server responds: capabilities (tools list, resource list) 5. Client sends: initialized notification 6. Connection established ā ready for tool calls
JSON-RPC Message Format
MCP uses JSON-RPC 2.0 over stdio:
json// Client ā Server: List available tools { "jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {} } // Server ā Client: Tool definitions { "jsonrpc": "2.0", "id": 1, "result": { "tools": [ { "name": "read_file", "description": "Read a file from the filesystem", "inputSchema": {"type": "object", "properties": {"path": {"type": "string"}}} } ] } } // Client ā Server: Call a tool { "jsonrpc": "2.0", "id": 2, "method": "tools/call", "params": { "name": "read_file", "arguments": {"path": "/Users/me/document.txt"} } } // Server ā Client: Tool result { "jsonrpc": "2.0", "id": 2, "result": { "content": [{"type": "text", "text": "Document contents here..."}] } }
Complete Agent Workflow
textUser: "Read my config.py and check for security issues" ā [AI Agent/Claude] ā 1. Agent decides: use filesystem MCP to read file ā 2. MCP tool call: read_file({path: "config.py"}) ā [Filesystem MCP Server] ā reads file ā returns content ā 3. Agent receives file content ā 4. Agent analyzes: "I see hardcoded credentials on line 15" ā 5. Agent responds to user with security findings
Configuration
json// ~/.claude.json ā MCP server registration { "mcpServers": { "filesystem": { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-filesystem", "/Users/me"], "env": {} }, "postgres": { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-postgres"], "env": {"DATABASE_URL": "postgresql://localhost/mydb"} } } }
Transport Types
| Transport | How | Use Case |
|---|---|---|
| stdio | stdin/stdout pipes | Local MCP servers (most common) |
| HTTP/SSE | HTTP + Server-Sent Events | Remote MCP servers |
Security Model
- MCP servers only expose what they explicitly define as tools/resources
- Each server runs as its own process with its own permissions
- Claude cannot directly access anything not exposed through MCP
- Users control which servers are connected via config