Skip to content
Infragate Logo Infragate Logo Infragate Docs

What is MCP?

Model Context Protocol (MCP) is an open, transport-agnostic way for AI clients (chat apps, IDEs, agents) to discover and safely use external tools, data, and prompts at runtime. It standardizes how models access context beyond their prompt.

Why it matters

Section titled “Why it matters”
  • Unifies tool and data access across models and apps
  • Improves safety with explicit capability negotiation and consent
  • Encourages reuse: one server can serve many clients
  • Keeps tools isolated in separate processes

Core concepts

Section titled “Core concepts”
  • Client: The app hosting the model that speaks MCP on the model’s behalf.
  • Server: A process exposing capabilities to the client.
  • Transport: stdio, pipes, or WebSocket carrying JSON-RPC 2.0 messages.
  • Session: Initialization and capability exchange for each connection.
  • Capabilities: Features a server provides (resources, tools, prompts, events).
  • Resources: Read-only data endpoints (files, APIs, DB queries).
  • Tools: Side-effectful operations with JSON Schema parameters.
  • Prompts: Server-provided prompt templates and inputs.
  • Events: Server-pushed updates (e.g., resource changes) the client can subscribe to.

How it works (high level)

Section titled “How it works (high level)”
  1. Connect transport and initialize session.
  2. Exchange capabilities (what the server offers; what the client supports).
  3. Discover resources, tools, and prompts.
  4. The model requests context or actions; the client issues MCP calls.
  5. Results stream back, updating the model’s context.
  6. Optional subscriptions deliver events for live updates.

Typical methods (by role)

Section titled “Typical methods (by role)”
  • Discovery: listResources, readResource, subscribe, listTools, callTool, listPrompts, getPrompt
  • Session: initialize, ping/health, shutdown
  • Events: notifications for resource changes or server status

Example use cases

Section titled “Example use cases”
  • IDE assistant: read project files, run linters, open pull requests
  • Data assistant: query warehouses, fetch dashboards, summarize results
  • Ops copilot: tail logs, inspect incidents, trigger rollbacks

Security and safety

Section titled “Security and safety”
  • Least privilege: only enable required servers and capabilities
  • User consent: gate sensitive tool calls and side effects
  • Isolation: run servers out-of-process with minimal OS permissions
  • Auditability: log tool calls, inputs, outputs, and decisions

Interoperability

Section titled “Interoperability”
  • Model- and vendor-neutral; servers avoid model-specific logic
  • Multiple clients can share the same server
  • Works over different transports without changing semantics

Learn more

Section titled “Learn more”