Model Context Protocol (MCP): Connecting Agents to External Tools
Understand MCP, the open protocol for connecting AI agents to external tools and data sources, including its architecture, five transport types, and how to build your first MCP-connected agent.
What Is MCP and Why Does It Matter?
The Model Context Protocol (MCP) is an open standard that defines how AI agents discover and invoke external tools. Think of it as a USB-C port for AI — instead of every agent building custom integrations for every tool, MCP provides a universal interface.
Before MCP, connecting an agent to a database required writing a custom tool function. Connecting to a file system required another. To Slack, another. Each integration was hand-coded, tightly coupled, and impossible to share across frameworks. MCP solves this by defining a standard protocol between MCP clients (your agent) and MCP servers (the tool providers).
The result: a growing ecosystem of MCP servers that any MCP-compatible agent can use out of the box. GitHub, filesystem access, databases, web browsers, Slack, and hundreds more tools are available as MCP servers.
MCP Architecture
MCP follows a client-server model:
flowchart LR
HOST(["MCP host<br/>Claude Desktop or IDE"])
CLIENT["MCP client"]
subgraph SERVERS["MCP Servers"]
S1["Filesystem server"]
S2["GitHub server"]
S3["Postgres server"]
SX["Custom tool server"]
end
LLM["LLM session"]
OUT(["Grounded action"])
HOST <--> CLIENT
CLIENT <-->|stdio or HTTP+SSE| S1
CLIENT <--> S2
CLIENT <--> S3
CLIENT <--> SX
CLIENT --> LLM --> OUT
style HOST fill:#f1f5f9,stroke:#64748b,color:#0f172a
style CLIENT fill:#4f46e5,stroke:#4338ca,color:#fff
style OUT fill:#059669,stroke:#047857,color:#fff
MCP Server — A process or service that exposes tools, prompts, and resources. An MCP server declares what tools it has, what parameters they accept, and handles execution. For example, a filesystem MCP server exposes tools like read_file, write_file, and list_directory.
MCP Client — The agent framework that discovers available tools from MCP servers and calls them as needed. OpenAI's Agents SDK includes a built-in MCP client.
Transport Layer — The communication channel between client and server. MCP supports five transport types, each suited to different deployment scenarios.
Hear it before you finish reading
Talk to a live CallSphere AI voice agent in your browser — 60 seconds, no signup.
The flow works like this:
- The agent starts and connects to one or more MCP servers
- Each server reports its available tools (name, description, parameters)
- These tools are registered with the agent alongside any native tools
- When the LLM decides to use a tool, the Agents SDK routes the call to the appropriate MCP server
- The server executes the tool and returns results
- The agent incorporates the results into its response
The Five Transport Types
MCP defines five transport mechanisms. Choosing the right one depends on where your MCP server runs and how your agent communicates with it.
1. Stdio (Standard I/O)
The agent spawns the MCP server as a subprocess and communicates via stdin/stdout. The simplest transport — no network involved.
Best for: Local tools, development, CLI-based servers, filesystem access.
2. Streamable HTTP
The agent connects to a remote MCP server over HTTP. Supports streaming responses and server-sent events.
Best for: Remote tool servers, cloud-hosted services, production deployments.
3. SSE (Server-Sent Events)
The legacy HTTP transport. Uses SSE for server-to-client messages and HTTP POST for client-to-server messages. Being superseded by Streamable HTTP.
Best for: Backward compatibility with older MCP servers.
4. Hosted MCP
OpenAI hosts the MCP server and executes tools server-side. No client-side infrastructure needed — just point the agent at a URL.
Still reading? Stop comparing — try CallSphere live.
CallSphere ships complete AI voice agents per industry — 14 tools for healthcare, 10 agents for real estate, 4 specialists for salons. See how it actually handles a call before you book a demo.
Best for: Third-party integrations where you do not run the server yourself, GitMCP, DeepWiki.
5. Custom Transport
Build your own transport for specialized environments. Useful when your tools are behind a VPN, use gRPC, or have unique authentication requirements.
Best for: Enterprise environments with custom networking requirements.
When to Use Each Transport
| Scenario | Recommended Transport |
|---|---|
| Local file system access | Stdio |
| Database queries on localhost | Stdio |
| Cloud API integration | Streamable HTTP |
| Third-party SaaS tools | Hosted MCP |
| Development and testing | Stdio |
| Multi-tenant production | Streamable HTTP |
| Open source repo access | Hosted MCP (GitMCP) |
Building Your First MCP-Connected Agent
Let us build an agent that uses the filesystem MCP server to read and manage files:
import asyncio
from agents import Agent, Runner
from agents.mcp import MCPServerStdio
async def main():
# Create an MCP server that provides filesystem tools
fs_server = MCPServerStdio(
name="Filesystem",
params={
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp/workspace"],
},
)
# Start the server and discover its tools
async with fs_server:
# Create an agent that uses the MCP server's tools
agent = Agent(
name="File Manager",
instructions="""You are a file management assistant.
Use the filesystem tools to help users organize,
read, and manage their files in /tmp/workspace.
Always confirm before deleting files.""",
mcp_servers=[fs_server],
)
# Run the agent
result = await Runner.run(
agent,
input="List all files in the workspace and create a summary.txt with a list of them",
)
print(result.final_output)
asyncio.run(main())
When this runs, several things happen behind the scenes:
MCPServerStdiospawns the filesystem server as a subprocess- The
async withblock initializes the server and fetches its tool list - The agent receives these tools (read_file, write_file, list_directory, etc.) alongside any native tools
- The LLM decides which tools to call based on the user's request
- Tool calls are routed through the MCP client to the server subprocess
- Results flow back and the agent formulates its response
Combining Multiple MCP Servers
Agents can connect to multiple MCP servers simultaneously:
async def multi_server_agent():
fs_server = MCPServerStdio(
name="Filesystem",
params={
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp/workspace"],
},
)
git_server = MCPServerStdio(
name="Git",
params={
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-git"],
},
)
async with fs_server, git_server:
agent = Agent(
name="Dev Assistant",
instructions="""You help developers manage their codebase.
You can read/write files and perform git operations.""",
mcp_servers=[fs_server, git_server],
)
result = await Runner.run(
agent,
input="Show me the git log and read the README.md file",
)
print(result.final_output)
MCP Server Discovery
The MCP ecosystem is growing rapidly. Here are some popular MCP servers:
- @modelcontextprotocol/server-filesystem — File read/write/search
- @modelcontextprotocol/server-git — Git operations
- @modelcontextprotocol/server-github — GitHub API (issues, PRs, repos)
- @modelcontextprotocol/server-postgres — PostgreSQL queries
- @modelcontextprotocol/server-sqlite — SQLite database access
- @modelcontextprotocol/server-brave-search — Web search
- @modelcontextprotocol/server-puppeteer — Browser automation
Each of these can be connected to your agent with just a few lines of configuration.
Security Considerations
MCP servers have real capabilities — they can read files, execute queries, and make API calls. Security must be a first-class concern:
- Principle of least privilege — Only give servers access to the directories and resources they need
- Tool filtering — Use allow/block lists to restrict which tools an agent can call (covered in detail in Post 80)
- Approval policies — Require human approval for destructive operations
- Sandboxing — Run MCP servers in containers or restricted environments
- Audit logging — Log all tool invocations for compliance and debugging
MCP transforms how we build agent integrations. Instead of custom code for every tool, you have a standard protocol with a rich ecosystem of pre-built servers. The next four posts dive deep into each transport type and advanced configuration.
Try CallSphere AI Voice Agents
See how AI voice agents work for your industry. Live demo available -- no signup required.