Next-Generation AI Agent Tools: How MCP Enables Autonomous Database/Browser/API Operations

In-depth analysis of the Anthropic MCP protocol: redefining the interaction between AI and data (complete revised version)

1. What is MCP?

2. Core Uses of MCP

1. 1. Data Security and Privacy ProtectionMCP establishes a bidirectional connection between local servers and data sources, avoiding sensitive data uploads to third-party platforms. For example, users can directly let Claude analyze financial data in a local SQLite database without uploading files to the cloud.
2. 2. Expanding AI Capability BoundariesMCP supports AI in calling external tools to perform complex operations, such as automatically generating charts, scraping web content, and operating browsers. For example, with the Fetch tool, users can have Claude scrape web content and convert it to Markdown format.
3. 3. Simplifying Development ProcessesDevelopers do not need to write separate integration code for each data source. For instance, configuring a single MCP server allows AI to access local files, GitHub repositories, and PostgreSQL databases simultaneously.
4. 4. Context Awareness and Dynamic InteractionMCP allows AI models to generate more accurate responses based on real-time data. For example, when analyzing Stanford University’s simulated admissions database, Claude can not only query results but also provide admission strategy recommendations based on background knowledge.

3. Technical Principles of MCP

Technical Principles Layered Architecture










Protocol Layer
Transport Layer
Function Layer
Security Layer
Message Serialization
State Machine Management
Resource Registration
Stdio Pipeline
SSE Long Connection
SQL Query
API Call
Dynamic Context
Three-Level Authorization
TLS Encryption
Data Masking

1. Layered Architecture Design

MCP adopts afour-layer architecture model, with clear responsibilities for each layer:

• • Protocol Layer: Responsible for message formatting and routing, core components include:
• • Protocol: Defines message serialization rules (based on JSON-RPC 2.0)
• • Client: Manages client state machine, handles request/response lifecycle
• • Server: Implements registration and scheduling of resources, tools, and prompts
• • Transport Layer: Supports two communication modes:
• • Stdio (Standard Input/Output): Achieves inter-process communication through pipes, typical application scenario is local SQLite database connection (like the server started by<span>uvx mcp-server-sqlite</span>)
• • SSE (Server-Sent Events): Bidirectional communication based on HTTP long connections, supporting real-time data push during remote service calls

2. Session Lifecycle Management

• • Initialization Phase:

1. 1. The client sends<span>initialize</span> request, carrying the protocol version (like<span>2024-11-05</span>) and capability declarations (like supporting resource subscriptions, tool calls, etc.)
2. 2. The server returns a list of capabilities (like<span>resources.subscribe=true</span> indicating support for dynamic resource updates)
3. 3. The client sends<span>initialized</span> notification to confirm handshake completion

• • Request-Response Mode: Used for precisely controlled operations (like database queries)
• • Notification Mode: Used for state synchronization (like the server actively pushing resource change events)

3. Core Communication Protocol

MCP is based on an enhanced version ofJSON-RPC 2.0 protocol, supporting extended fields:

// Tool call request example
{
"jsonrpc":"2.0",
"id":"req_01",
"method":"tools/call",
"params":{
    "tool":"sqlite_query",
    "input":{"query":"SELECT * FROM products"}
}
}

• • Extended Features:
• • <span>progressToken</span>: Tracks progress of long operations (like large file transfers)
• • <span>error.data</span>: Carries debugging information (like the specific location of SQL syntax errors)

4. Security and Permission Control

• • Three-Level Authorization Mechanism:

1. 1. Connection-Level Authorization: The host (like Claude Desktop) controls which servers can connect
2. 2. Operation-Level Authorization: Each sensitive operation (like file deletion) requires real-time user confirmation
3. 3. Data-Level Authorization: Configures a whitelist through<span>allowed_resources</span><span> (like only allowing access to</span><code><span>~/data/</span> directory)

• • Stdio mode relies on process isolation for security
• • SSE mode enforces TLS 1.3 encryption and uses OAuth 2.0 for service authentication

4. How to Use MCP

1. Basic Scenario: Connecting to Local Database

Step Breakdown:

1. 1. Environment Preparation:

   # Install SQLite server components
   uv install mcp-server-sqlite
   # Create test database
   sqlite3 ~/sales.db "CREATE TABLE orders (id INTEGER PRIMARY KEY, product TEXT, price REAL)"

2. 2. Configure Claude Desktop:Modify<span>claude_desktop_config.json</span><span>:</span><pre><code class="language-plaintext">{
"mcpServers":{
"sales_db":{
"command":"uvx mcp-server-sqlite",
"args":["--database","/Users/alice/sales.db"],
"allowed_operations":["SELECT"]
}
}
}
3. 3. Interaction Example:

   # User asks
   "Analyze orders with a unit price over $100 in the last three months, categorized by product."
   
   # Claude executes the process through MCP:
   1. Parses natural language to generate SQL: SELECT product, SUM(price) FROM orders WHERE date > '2024-10-26' AND price > 100 GROUP BY product
   2. Sends query request through MCP client
   3. Receives results in JSON format and converts to natural language report

2. Advanced Development: Building Custom Tool Server

Python Example (File Operation Server):

from mcp import Server, Tool
import os

class FileServer(Server):
    @Tool(
        name="file_search",
        description="Search files by keyword",
        input_schema={
            "type": "object",
            "properties": {
                "directory": {"type": "string"},
                "keyword": {"type": "string"}
            }
        }
    )
    async def search_files(self, directory: str, keyword: str):
        results = []
        for root, _, files in os.walk(directory):
            for file in files:
                if keyword in file:
                    results.append(os.path.join(root, file))
        return {"matches": results}

if __name__ == "__main__":
    server = FileServer()
    server.run_transport("stdio")  # Can also switch to "sse" mode

Call Process:

# Start server
python file_server.py
# Client call
curl -X POST http://localhost:8080/mcp -d '{
  "jsonrpc": "2.0",
  "method": "tools/call",
  "params": {
    "tool": "file_search",
    "input": {"directory": "/docs", "keyword": "report"}
  }
}'

3. Enterprise Application: CRM System Integration

Architecture Design:

• • MCP Server: Deployed in the enterprise intranet, connects to Salesforce API via OAuth 2.0
• • Permission Configuration:

  # mcp_permissions.yaml
  - resource: salesforce
    allowed_actions:
      - get_contact
      - update_opportunity
    field_restrictions:
      contact: ["name", "email"]  # Hide sensitive fields like phone numbers

• • Typical Workflow:

1. 1. User asks: “Find customers in East China with sales exceeding 5 million this quarter”
2. 2. Claude generates SOQL query:<span>SELECT Name FROM Account WHERE Region__c = 'East' AND AnnualRevenue > 5000000</span>
3. 3. Executes query through MCP secure gateway, returns masked results

4. Debugging and Monitoring

• • Log Analysis:

  # Enable debug mode
  MCP_LOG_LEVEL=debug claude-desktop
  # View communication logs
  tail -f ~/.claude/mcp_debug.log

• • Performance Optimization:
• • Use<span>progressToken</span><span> to show progress bar for large file transfers</span>
• • Control database query pagination loading through<span>batch_size</span><span> parameter</span>

5. Cross-Model Compatibility of MCP

1. Openness of Protocol Design

Although MCP was developed by Anthropic and initially implemented in Claude, its design goal is toserve as an open universal standard:

• • Cross-Model Compatibility:MCP is based on the JSON-RPC 2.0 standard, independent of the underlying AI models. Developers can buildMCP clients that adapt to different models, supporting various LLMs including GPT-4, Gemini, etc. For example:
• • Open-source project 5ire has successfully integrated GPT-4 and Gemini models, calling external tools via MCP protocol;
• • Community developers are developing MCP clients for models like Qwen and Llama.
• • Advantages of Standardized Interfaces:MCP defines a unified management interface for resources (Resources), tools (Tools), and prompts (Prompts), allowing different models to share the same set of data sources and toolchains. For example, a SQL query tool server developed for Claude can be called by GPT-4 with slight configuration.

2. Practical Application Cases

• • Multi-Model Ecosystem Support:
• • Enterprise Applications: Companies like Block and Apollo have integrated MCP into their AI systems, supporting internally developed custom models;
• • Developer Tools: Platforms like Replit and Codeium provide developers with cross-model code generation and data analysis capabilities via MCP protocol.
• • Open Source Community Practices:Developers can quickly build clients for any model throughMCP SDK, for example:

# Example: Build MCP client for custom model
from mcp import ClientSession
class CustomModelClient:
    async def call_tool(self, tool_name: str, params: dict):
        # Call model API and integrate MCP protocol
        response = await self.model_api.generate(tool_prompt)
        return self._parse_mcp_response(response)

Open-source MCP servers on GitHub (like weather services, CRM integrations) have supported multi-model calls.