MCP
The Model Context Protocol layer — building MCP servers and clients, defining tools, auth and permission boundaries, private MCP deployment, and the security model for exposing internal systems to AI agents.
All Articles
Video Probe MCP Build Log
A build log for video-probe-mcp, a narrow MCP server that lets agents inspect local video and audio files with ffprobe.
AWS MCP Server for Production Agents: The Build-or-Boundary Rule
Use AWS MCP Server for AWS-native agent access, then add custom approval, tenant policy, evals, and run logs where production risk starts.
MCP Sampling vs Elicitation for Production Servers
Use MCP sampling for client-owned model calls and elicitation for user input. Set the production boundary, approval flow, and logging rules.
MCP Resources vs Tools: The Production Server Rule
Use resources for client-controlled context, tools for model-invoked actions, and prompts for reusable user-selected workflows.
MCP Authorization for Production Servers
Build MCP authorization with OAuth, Protected Resource Metadata, token audience checks, consent, approvals, logs, and production release gates.
MCP Security Best Practices for Production Servers
Ship MCP servers with per-client consent, audience-bound tokens, strict schemas, approval gates, isolation, and logs that catch tool abuse.
MCP vs Function Calling: The Production Decision Rule
Use function calling for app-local tools. Build MCP when a capability must be shared, discovered, approved, logged, and reused across agents.
One letter, every week. Working systems — not hot takes.
Build logs, agentic engineering decisions, agent failures, evals, and what survives real users. Sent weekly, never more.