This is almost certainly because they're all using LLMs to write the documentation, which is still a very bad idea. The MCP spec [0] has LLM fingerprints all over it.
In fact, misusing LLMs to build a spec is much worse than misusing them to avoid writing good docs because when it comes to specifications and RFCs the process of writing the spec is half the point. You're not just trying to get a reasonable output document at the end (which they didn't get anyway—just try reading it!), you're trying to figure out all the ways your current thinking is flawed, inadequate, and incomplete. You're reading it critically and identifying edge cases and massaging the spec until it answers every question that the humans designing the spec and the community surrounding it have.
Which means in the end the biggest tell that the MCP spec is the product of LLMs isn't that it's somewhat incoherent or that it's composed entirely of bullet lists or that it has that uniquely bland style: it's that it shows every sign of having had very little human thought put into it relative to what we'd expect from a major specification.
[0] https://modelcontextprotocol.io/specification/2025-03-26
"DeepSeek API does NOT constrain user's rate limit. We will try out best to serve every request. However, please note that when our servers are under high traffic pressure, your requests may take some time to receive a response from the server. During this period, your HTTP request will remain connected, and you may continuously receive contents in the following formats..."
The documentation is still mostly easy to read, so it doesn't *really" matter, but I always thought this was bizarre. I mean, I get the language barrier reading manuals from Chinese products off of Amazon or whatever, but this is a company that does nothing but work with language all day long, and even at one point had the world's leading English-speaking language model. Shouldn't they be able to produce professional-looking documentation without spelling and grammatical errors?
Heck, they could literally pay any native English speaker to take their English-ish translations and regionalize them; you don’t even need to know Chinese to fix those paragraphs. Why is this such a common problem with the English China exports? Is it cultural? Are they so disconnected from the west that they don’t realize?
A great counter-example is NetEase’s Marvel Rivals; their English translations are fantastic, and even their dev interviews with their Chinese development team is fantastically regionalized. They make a real effort to appeal to English audiences.
It's crazy seeing bots posting AITA rage bait on Reddit that always follows the same pattern: some inter-personal conflict that escalates to a wider group: "I told my husband I wasn't into face-sitting and now all my colleagues are saying I should sit on his face to keep the peace."
That is one thing but using the same LLM to drive your tech specs, knowing it can say a whole lot of shit the 'author' isn't aware of, because they're illiterate and that is fucking normal... is worrying.
There's been a trend to post LLM slop about tech subjects and they anger me - I don't know why someone wanted to waste people's time like that.
Even worse - I've come across an AI slop site that masquerades as dev information, with just plain wrong information.
Makes great IPO to tell investor most tour product are already created be averaging out the most likely outcome
AI code as the biggest "lock you in the box" in programming history. That takes rather a lot of the luster out of it....
They'd better be right that they can get to the point that they can fully replace programmers in about two years, otherwise following this siren song will, well, demonstrate why I chose "siren song" as my metaphor. If AI code produces big piles of code that are simply incomprehensible to humans, but then the AIs can't handle it either, they'll crash out their own market by the rather disgusting mechanism of killing all their customers, precisely because the customers consumed their service.
[0] https://github.com/modelcontextprotocol/modelcontextprotocol...
The concept they're trying to accomplish (expose possibly remote functions to a caller in an interrogable manner) has plenty of existing examples in DLLs, gRPC, SOAP, IDL, dCOM, etc, but they don't seem to have learned from any of them, let alone be aware that they exist.
Give it more than a couple months though and I think we'll see it mature some more. We just got their auth patterns to use existing rails and concepts, just have to eat the rest of the camel.
Or like the early Python ecosystem, mistakes will become ossified at the bottom layers of the stack, as people rapidly build higher level tools that depend on them.
Except unlike early Python, the AI ecosystem community has no excuse, BECAUSE THERE ARE ALREADY HISTORICAL EXAMPLES OF THE EXACT MISTAKES THEY'RE MAKING.
And now you will outsource part of the thinking process. Everyone will show you examples when it doesn't work.
Clearly if these things are problems, AI will simply solve them, duhhh.
/s
Let's see how MCP will go.
https://embracethered.com/blog/posts/2025/model-context-prot...
Most users don't care about the implementation. They care about the way that MCP makes it easier to Do Cool Stuff by gluing little boxes of code together with minimal effort.
So this will run ahead because it catches developer imagination and lowers cost of entry.
The implementation could certainly be improved. I'm not convinced websockets are a better option because they're notorious for firewall issues, which can be showstoppers for this kind of work.
If the docs are improved there's no reason a custom implementation in Go or Arm assembler or whatever else takes your fancy shouldn't be possible.
Don't forget you can ask an LLM to do this for you. God only knows what you'll get with the current state of the art, but we are getting to the point where this kind of information can be explored interactively with questions and AI codegen, instead of being kept in a fixed document that has to be updated manually (and usually isn't anyway) and hand coded.
What is it in old dev language?
Since Claude Desktop has MCP support built-in, you can just plug off the shelf MCP endpoints into it. Like you could plug your Gmail account, and your Discord, and your Reddit into Claude Desktop provided that MCP integrations exist for those services. So you can tell Claude "look up my recent activity on reddit and send a summary email to my friend Bob about it" or whatever, and Claude will accomplish that task using the available MCPs. There's like a proliferation of MCP tools and marketplaces being built.
If you know REST / http request:
it's single endpoint-only, partitioned / routed by single "type" or "method" parameter, with some different specification, for AI.
Is it sufficient to put a agents.json file in the root of the /.well-known web folder and let agents just "figure it out" through semantic dialogue?
This forces the default use of HTTP as Agent stdio.
But they should also learn from how NeWS was better than X-Windows because instead of a fixed protocol, it allowed you to send executable PostScript code that runs locally next to the graphics hardware and input devices, interprets efficient custom network protocols, responds to local input events instantly, implements a responsive user interface while minimizing network traffic.
For the same reason the client-side Google Maps via AJAX of 20 years ago was better than the server-side Xerox PARC Map Viewer via http of 32 years ago.
I felt compelled to write "The X-Windows Disaster" comparing X-Windows and NeWS, and I would hate if 37 years from now, when MCP is as old as X11, I had to write about "The MCP-Token-Windows Disaster", comparing it to a more efficient, elegant, underdog solution that got out worse-is-bettered. It doesn't have to be that way!
https://donhopkins.medium.com/the-x-windows-disaster-128d398...
It would be "The World's Second Fully Modular Software Disaster" if we were stuck with MCP for the next 37 years, like we still are to this day with X-Windows.
And you know what they say about X-Windows:
>Even your dog won’t like it. Complex non-solutions to simple non-problems. Garbage at your fingertips. Artificial Ignorance is our most important resource. Don’t get frustrated without it. A mistake carried out to perfection. Dissatisfaction guaranteed. It could be worse, but it’ll take time. Let it get in your way. Power tools for power fools. Putting new limits on productivity. Simplicity made complex. The cutting edge of obsolescence. You’ll envy the dead. [...]
Instead, how about running and exposing sandboxed JavaScript/WASM engines on the GPU servers themselves, that can instantly submit and respond to tokens, cache and procedurally render prompts, and intelligently guide the completion in real time, and orchestrate between multiple models, with no network traffic or latency?
They're probably already doing that anyway, just not exposing Turing-complete extensibility for public consumption.
Ok, so maybe Adobe's compute farm runs PostScript by the GPU instead of JavaScript. I'd be fine with that, I love writing PostScript! ;) And there's a great WASM based Forth called WAForth, too.
https://news.ycombinator.com/item?id=34374057
It really doesn't matter how bad the language is, just look at the success and perseverance of TCL/Tk! It just needs to be extensible at runtime.
NeWS applications were much more responsive than X11 applications, since you download PostScript code into the window server to locally handle input events, provide immediate feedback, translate them to higher level events or even completely handle them locally, using a user interface toolkit that runs in the server, and only sends high level events over the network, using optimized application specific protocols.
You know, just what all web browsers have been doing for decades with JavaScript and calling it AJAX?
Now it's all about rendering and responding to tokens instead of pixels and mouse clicks.
Protocols that fix the shape of interaction (like X11 or MCP) can become ossified, limiting innovation. Extensible, programmable environments allow evolution and responsiveness.
Speed run that!
And yeah, sounds like it's explicitly a choice to follow that model.
It seems like half of it is Sonnet output and it doesn't describe how the protocol actually works.
For all its warts, the GraphQL spec is very well written https://spec.graphql.org/October2021/
https://github.com/modelcontextprotocol/modelcontextprotocol...
MCP as a spec is really promising; a universal way to connect LLMs to tools. But in practice you hit a lot of edge cases really quickly. To name a few; auth, streaming of tool responses, custom instructions per tool, verifying tool authenticity (is the server I'm using trustworthy?). It's still not entirely clear (*for remote servers*) to me what you can do with MCP that you can't do with just a REST API, the latter being a much more straightforward integration path.
If other vendors do adopt MCP (OpenAI and Gemini have promised to) the problem they're going to run into very quickly is that they want to do things (provide UI elements, interaction layers) that go beyond the MCP spec. And a huge amount of MCP server integrations will just be lackluster at best; perhaps I'm wrong -- but if I'm { OpenAI, Anthropic, Google } I don't want a consumer installing Bob's Homegrown Stripe Integration from a link they found on 10 Best MCP Integrations, sharing their secret key, and getting (A) a broken experience that doesn't match the brand or worse yet, (B) credentials stolen.
I anticipate alignment issues as well. Anthropic is building MCP to make the Anthropic experience great. But Anthropic's traffic is fractional compared to ChatGPT - 20M monthly vs 400M weekly. Gemini claims 350M monthly. The incentive structure is all out of whack; how long are OpenAI and Google going to let an Anthropic team (or even a committee?) drive an integration spec?
Consumers have barely interacted with these things yet. They did once, with ChatGPT Plugins, and it failed. It doesn't entirely make sense to me that OpenAI is okay to do this again but let another company lead the charge and define the limitations of the end user experience (because that what the spec ultimately does, dictates how prompts and function responses are transported), when the issue wasn't the engineering effort (ChatGPT's integration model was objectively more elegant) but a consumer experience issue.
The optimistic take on this is the community is strong and motivated enough to solve these problems as an independent group, and the traction is certainly there. I am interested to see how it all plays out!
Nothing, as far as I can tell.
> the latter being a much more straightforward integration path.
The (very) important difference is that the MCP protocol has built in method discovery. You don't have to 'teach' your LLM about what REST endpoints are available and what they do. It's built into the protocol. You write code, then the LLM automatically knows what it does and how to work with it, because you followed the MCP protocol. It's quite powerful in that regard.
But otherwise, yea it's not anything particularly special. In the same way that all of the API design formats prior to REST could do everything a REST API can do.
Like, yeah, we need a standard way to connect LLMs with tools etc, but MCP in its current state is not a solution.
From reading your issue, I'm not holding my breath.
It all kind of seems too important to fuck up
In practice, nobody uses those parts of the protocol (it was overdesigned and hardly any clients support it). The key thing MCP brings right now is a standardized way to discover & invoke tools. This would’ve worked equally well as a plain HTTP-based protocol (certainly for a v1) and it’d have made it 10x easier to implement.
For example, you have a MCP client (let's say it's amazon q cli), a you have a MCP server for executing commands over ssh. If connection is maintained between MCP client and server, then MCP server can keep ssh connection alive.
Replace SSH server with anything else that has state - a browser for example (now your AI assistant also can have 500 open tabs)
Instead we ended up with a protocol that fights with load balancers and can in most cases not just be chucked into say an existing Express/FastAPI app.
That makes everything harder (& cynically, it creates room for providers like Cloudflare to create black box tooling & advertise it as _the_ way to deploy a remote MCP server)
Trying to fix “you must hold a single connection open to receive all responses and notifications” by replacing it with “you must hold open as many connections as you have long-running requests, plus one more for notifications” is downright unhinged, and from reading the spec I’m not even sure they know that’s what they are asking clients to do
[1]: https://modelcontextprotocol.io/specification/draft/basic/au...
It's setting off all kinds of alarm bells for me, and I'm wondering if I'm on to something or if my LLM-detector alarms are miscalibrated.
Regurgitating the OAuth draft don't seem that usefull imho, and why am I forced into it if I'm using http. Seems like there are plenty of usecases where un-attended thing would like to interact over http, where we usually use other things aside from OAuth.
It all probably could have been replaced by
- The Client shall implement OAuth2 - The Server may implement OAuth2
That's also where, with the new spec, you don't actually need to implement anything from scratch. Server issues a 401 with WWW-Authenticate, pointing to metadata for authorization server locations. Client takes that and does discovery, followed by OAuth flow (clients can use many libraries for that). You don't need to implement your own OAuth server.
This is why nearly everything looks like a one weekend pet project by the standards of software engineering.
My claim is supported by the post article and many points there, for example. Another example is my own experience working with python ecosystem and ai/ml libraries in particular. With rare exceptions (like pandas) it is mostly garbage from DevX perspective (in comparison of course).
But I admit my exposure is very limited. I don’t work in ai area professionally (which is another example of my point btw, lol))
A lot of AI work is done by people that "dash-shaped" -- broad, but with no depth anywhere.
Then there's a few I-shaped people that drive research progress, and a few T-shaped people that work on the infrastructure that allows the training runs to go through.
But something like a protocol will certainly be designed by a dash, not an I or a T, because those are needed to keep the matrices multiplying.
I somewhat agree with author’s comments, but also want to note that the protocol is in the extremely early stages of development, and it will likely evolve a lot over the next year.
I think that no one (including me) anticipated just how much attention this will get straight out the door. When I started working on the registry, there were fewer than a few dozen servers. Then suddenly a few weeks later there was a thousand, and numbers just kept growing.
However, lots and lots of those servers do not work. Majority of my time has gone into trying to identify servers that work (using various automated tests). All of this is in large part because MCP got picked up by the mainstream AI audience before the protocol reached any maturity.
Things are starting to look better now though. We have a few frameworks that abstract the hard parts of the protocol. We have a few registries that do a decent job surfacing servers that work vs those that do not. We have a dozen or so clients that support MCPs, etc. All of this in less than half a year is unheard of.
So yes, while it is easy to find flaws in MCP, we have to acknowledge that all of it happened in a super short amount of time – I cannot even think of comparisons to make. If the velocity remains the same, MCP future is very bright.
For those getting started, I maintain a few resources that could be valuable:
* https://github.com/punkpeye/awesome-mcp-servers/
And that's why it's so important to spec with humility. When you make mistakes early in protocol design, you live with them FOREVER. Do you really want to live with a SSE Rube Goldberg machine forever? Who the hell does? Do you think you can YOLO a breaking change to the protocol? That might work in NPM but enterprise customers will scream like banshees if you do, so in practice, you're stuck with your mistakes.
The actual protocol of MCP is…whatever. I’m sure it will continue to evolve and mature. It was never going to be perfect out of the gate, because what is?
But the standardization of agentic tooling APIs is mind bogglingly powerful, regardless of what the standard itself actually looks like.
I can write and deploy code and then the AI just..immediately knows how to use it. Something you have to experience yourself to really get it.
Kind of reminds me of the browser wars during 90s where everyone tried to run the fastest an created splits in standards and browsers what we didn't really det rid of for a good 20 year or more. IE11 was around for far to long
Whatever the transport evolves to, it is easy to create proxies that convert from one transport to another, e.g. https://github.com/punkpeye/mcp-proxy
As an example, every server that you see on Glama MCP registry today is hosted using stdio. However, the proxy makes them available over SSE, and could theoretically make them available over WS, 'streamable HTTP', etc
Glama is just one example of doing this, but I think that other registries/tools will emerge that will effectively make the transport the server chooses to implement irrelevant.
This just seems needlessly complicated. Performing writes on one endpoint and reading the response on another just seems so wrong to me. An alternative could be that the "client" generates a session id and the start of the chat and make http calls to the server passing that ID in a query string or header. Then, the response is sent back normally instead of just sending 202.
What benefit is SSE providing here? Let the client decide when a session starts/ends by generating IDs and let the server maintain that session internally.
The response is generated asynchronously, instead of within the HTTP request/response cycle, and sent over SSE later. But emulating WS with HTTP requests+SSE seems very iffy, indeed.
OpenAI plugins flopped back in 2023 because the LLMs at the time weren't reliable enough for tool usage to be anything more than interesting-but-flawed.
MCP's timing was much better.
Doesn't cover all the use cases, but for information retrieval stuff, the difference is pretty light and day. Not to mention the deterministic context management approach is quite a bit cheaper in terms of tokens.
from mcp.server.fastmcp import FastMCP
mcp = FastMCP("Basic Math Server")
@mcp.tool()
def multiply(a: int, b: int) -> int:
return a * b
mcp.run()
In a literal sense it's easier, safer, faster, etc for an LLM to remember "use server Foo to do X" than "I read a document that talks about calling api z with token q to get data b, and I can combine three or four api calls using this http library to...."
Not that the list of tools and their behavior should be static (which would be much less capable)
* MCP tools can be described simply and without a lot of text. OpenAPI specs are often huge. This is important because the more context you provide an LLM the more expensive it is to run, and the larger model you need to use to be effective. If you provide a lot of tools then using OpenAPI specs could take up way too much for context, while the same tools for MCP will use much less.
* LLMs aren't actually making the calls, it's the engine driving it. What happens when an LLM wants to make a call is it responds directly with a block of text that the engine catches and uses to run the command. This allows LLMs to work like they're used to: figuring out text to output. This has a lot of benefits: less tokens to output than a big JSON blob is going to be cheaper.
* OpenAPI specs are static, but MCP allows for more dynamic tool usage. This can mean that different clients can get different specs, or that tools can be added after the client has connected (possibly in response to something the client sent). OpenAPI specs aren't nearly that flexible.
This isn't to say there aren't problems. I think the transport layer can use some work, as OP sent, but if you play around in their repo you can see websocket examples so I wouldn't be surprised if that was coming. Also the idea that "interns" are the ones making the libraries is an absolute joke, as the FastMCP implementation (which was turned into the official spec) is pretty solid. The mixture of hyperbole with some reasonable points really ruins this article.
Personally I find OpenAPI spec being more practical since it includes not just endpoints with params, but also outputs and authentication.
Know all that from my own experience plugging dozens of APIs to both MCP/Claude and ChatGPT.
This is repeated everywhere, but I don’t get it. OpenAPI specs are served from an HTTP endpoint, there’s nothing stopping you from serving a dynamically rendered spec depending on the client or the rest of the world?
Personally, even the stdio transport feels suboptimal. I mostly write python and startup time for a new process is nontrivial. Starting a new process for each request doesn't feel right. It works ok, and I'll admit that there's a certain elegance to it. It would be more practical if I were using a statically compiled language.
As far as the SSE / "Streamable HTTP" / websockets discussion, I think it's funny that there is all this controversy over how to implement sockets. I get that this is where we are, because the modern internet only supports a few protocols, but a the network level you can literally just open up a socket and send newline delimited JSON-RPC messages in both directions at full duplex. So simple and no one even thinks about it. Why not support the lowest level primitive first? There are many battle tested solutions for exposing sockets over higher level protocols, websockets being one of them. I like the Unix Philosophy.
Thinking further, the main issue with just using TCP is the namespace. It's similar to when you have a bunch of webservers and nginx or whatever takes care of the routing. I use domain sockets for that. People often just pick a random port number, which works fine too as long as you register it with the gateway. This is all really new, and I'm glad that the creators, David and Justin, had the foresight to have a clean separation between transport and protocol. We'll figure this out.
I think there is a misunderstanding of how stdio works. The process can be long running and receive requests via stdio at any time. No need to start one for each request.
Absolutely terrible, no clear spec, absolute useless errors and/or just broken behaviour without telling what’s wrong. Reference implementations and frameworks are not working either, so only reverse engineering + trial & error until it runs, yaaay.
Feels like the early 2000 over and over again, trying to make something work.
Exciting, right? Technology is unpredictable and fun again :)
I'd love to be wrong, but the more I learn about MCP the more I fear that I'm right.
There indeed are people without functional engineering experience. I wrote some software meant to be used by journalists. MCP is a great fit for it, it allows the tool to be expanded and adapted to their needs without having to code the whole thing themselves.
We appreciate the criticism and take it very seriously. We know things are not perfect and there is lots of room for improvement. We are trying to balance the needs of the fast paced AI world, and the careful, time consuming needs of writing a spec. We’d love to improve the spec and the language, and would of course appreciate help here. We also work with an increasingly larger community that help us get this right. The most recent Authorization specification changes are just one example.
Similarly we are working on the SDKs and other parts of MCP to improve the ecosystem. Again, it’s all very early and we appreciate help from the community.
Exactly.
MCP is one of the worst 'standards' that I have seen come out from anywhere since JSON Web Tokens (JWTs) and the author rightfully points out the lack of engineering practices of a 'standard' that is to be widely used like any properly designed standard with industry-wide input.
> Increased Attack Surface: The multiple entry points for session creation and SSE connections expand the attack surface. Each entry point represents a potential vulnerability that an attacker could exploit.
JWTs have this same issue with multiple algorithms to use including the horrific 'none' algorithm. Now we have a similar issue with MCP with multiple entry points to chose from which is more ways to attack the protocol.
This one is the most damning.
> Python and JavaScript are probably one of the worst choices of languages for something you want to work on anyone else's computer. The authors seem to realize this since all examples are available as Docker containers.
Another precise point and I have to say that our industry is once again embracing the worst technologies to design immature standards like this.
The MCP spec appears to be designed without consideration for security or with any input from external companies like a normal RFC proposal should and is quite frankly repeating the same issues like JWTs.
> Simply put, it is a JSON-RPC protocol with predefined methods/endpoints designed to be used in conjunction with an LLM.
Is a spot on / simplest explanation of MCP, wonder why nobody use that or insist that it's usb-c for AI on their tutorials! Seeing this early can makes me understand MCP in 5 minutes
Many pass REST responses directly to LLMs that quickly leads to token burn. Wish providers took a closer look on the actual engineering practices for the servers.
Has someone seen a good implementation of an MCP server with a comprehensive test suite?
Why would anyone want to write a non-scalable wrapper around a service that already is well documented using OpenAPI endpoints is beyond me.
Anyway, we ended up implementing it just because but I already know it is a mistake and a potential source of many hours wasted by our engineering team.
This enables practically the same functionality, only with less fuzz. Long term memory can then instead be implemented via RAG, exposed as function calls, instead of keeping it in the context of the MCP.
An "agent" is a pre-prompted server which receives external requests, by any API (the AI interface is not exposed, since there's no need for it to be). The server then performs query by announcing which tools the LLM should use via function calling + conversation flow.
The only downside of this approach is that you can't have a MCP "marketplace" (but it's perfectly possible to expose standardized structs for different tools [2], which ultimately achieves the same thing).
[1]: https://platform.openai.com/docs/guides/function-calling?api... [2]: https://github.com/baalimago/clai/blob/main/internal/tools/b...
Frankly I'm not sure why an ordinary REST service (just HTTP posts) wasn't considered ok, but I haven't used MCP yet myself.
What MCP got right was very powerful of course which I'd summarize as giving all AI-related software the ability to call functions that reside on other servers during inference (i.e. tool calls), or get documents and prompt templates in a more organized way where said docs are specifically intended for consumption by AIs residing anywhere in the world (i.e. on other servers). I see MCP as sort of a 'function call' version of the internet where AIs are doing the calling. So MCP is truly like "The Internet for AIs". So it's huge.
But just like JavaScript sucks bad, yet we run the entire web on it, it won't be that bad if the MCP protocol is jank, as long as it works. Sure would better to have a clean protocol tho, so I agree with the article.
I’m also using Rails to host MCP servers in the cloud.
I share the criticism of HTTP+SSE and the recent “Streamable HTTP” feature—WebSockets would have been a more appropriate choice for interactive, bidirectional communication. Rails’ native support for SSE via ActionController::Live is limited (blocking) and has led to significant scalability challenges, prompting me to migrate these endpoints to the Falcon web server, which is better suited to concurrent streaming workloads.
When I reviewed the pull request for “Streamable HTTP” (which allows streaming a single controller response via server-sent events), I noticed it was largely driven by engineers at Shopify. I’m curious why they opted for this approach instead of WebSockets, especially given that Rails already includes ActionCable for WebSocket support. My assumption is that their choice was informed by specific infrastructure or deployment constraints, possibly related to simplicity or compatibility with existing HTTP/2 tooling.
It’s worth noting that the transport layer in the Model Context Protocol is intentionally abstracted. Future implementations could leverage WebSockets or even WebRTC, depending on the needs of the host environment or client capabilities.
[1] https://ninja.ai
I have a similar feeling looming at the converse API.
Why, do we have a thing that keeps returning all the text, when something on the other end is just appending to it.
Then there is the code inside langchain, some of which feels rushed.
I'm unconvinced of the abstraction that everything is a "Document". In an app I'm working on, once we switched to PGVector in Django the need for a lot of things went away.
What is great with langchain is the support for lots of things.. but not everything.
So, wanting to always use a thin abstraction over native libraries we find ourself using litellm, which covers some bits and langchain for the others (though the code for both of those is not much).
And then there's models: we can't even agree on standard names for the same models.
And this makes it painful when you support different backends, of course if Bedrock is a backend they have their own models you can't use anywhere else.
Never? If you use proper encapsulation (e.g. tools such as pipx or using virtual environments), that's a non-issue. It only gets bad when there's Python version incompatibilities
I think MCP will be a huge deal for Practal. Implementing Practal as an MCP server, I basically don't need a frontend.
[1] https://github.com/modelcontextprotocol/modelcontextprotocol...
Because one is made for local and the other for connecting through the internet.
- Google for half an hour to find the correct steps
- Install Claude Desktop
- Find the Claude Desktop settings (which are not the same as the Claude settings)
- From there you can open a JSON file that you manually edit
For all the hype around this tech, I can't believe how user-unfriendly this is.
For building apps that call the server, using the APIs was way easier.
For building an LLM system for figure out what API tool calls to make, it’s quite a bit of work to recreate what the MCP folks did.
I think MCPs are a huge time saver for wrapping AI around a bag of tools, without having to hard code every API call and interaction.
If anything, I think using MCPs is a massive convenience and time saver for building and prototyping LLM + tool calling apps.
Also for SSE vs Streamable HTTP, I don’t think “streamable” uses SSE at all? I think the problem they were solving for was the annoying long lived SSE connections — you can definitely see the difference on Workers though, switching away from SSE makes the workers way faster for multiple connections
Edit: the experience of building on Cloudflare and Claude is extremely frustrating; Claude is unable to output errors properly, can’t edit config inside the app, and has to be restarted constantly. Cloudflare stops working properly on SSE connections randomly, and throws bizarre errors every now and then.
XML is ugly and building APIs that describe both the data and available actions is tough.
Instead we picked JSON RPCs that we still call REST, and we inevitably run into situations like Alexa or LLMs where we want a machine to understand what actions are supported in an API and what the data schema is.
Also if you want to wrap any existing code that logs or prints to stdout then it causes heaps of ugly messages and warnings as it interferes with the comms between client and server.
I just want a way to integrate tools with Claude Desktop that doesn’t make a tonne of convoluted and weird design choices.
As I understand, the agent sdk/ADK can simply start a child process and use STDIO to execute MCP commands. Why not always use that approach? if some REST api needs to be queried, the child process can abstract that interaction and expose it by the same consistent MCP interface. That way, devs are free to use REST,SOAP,*RPC,etc.. or whatever they want.
I'm using MCP locally on my laptop, the security requirements are different there than on a server. Logging can be done at the actual integration with external api level if you have standard clients and logging, which I do and push for.
To me what is important right now is to glue my apis, data sources, and tools, to the AI tools my people are using. MCP seems to do that easily. Honestly I don't care about the protocol, at the end of the day, protocols are just ways for things to talk to each other, if they're interesting in and of themselves to you you're focusing on other things than I am. My goal is delivering power with the integration.
MCP may be messy, but the AI tools I'm using them with seem just fine and dealing with that mess to help me build more power into the AI tools. That, at the end of the day is what I care about, can I get the info and power into the tools so that my employees can do stuff they couldn't do before. MCP seems to do that just fine. If we move to some other protocol in 6 months, I'm assuming I can do that with AI tools on a pretty quick basis, as fast as I'm building it right now.
The WebSocket protocol is the most ideal choice for a bi-directional streaming communication channel, and the arguments listed in https://github.com/modelcontextprotocol/modelcontextprotocol... for "Why Not WebSockets" are honestly bewildering. They are at best thin, irrelevant and misleading. It seems as though they were written by people who don't really understand the WebSocket protocol, and have never actually used it.
The comment farther down the PR makes a solid rebuttal. https://github.com/modelcontextprotocol/modelcontextprotocol...
Here are the stated arguments against using the WebSocket protocol, and my responses.
---
Argument 1: Wanting to use MCP in an "RPC-like" way (e.g., a stateless MCP server that just exposes basic tools) would incur a lot of unnecessary operational and network overhead if a WebSocket is required for each call.
Response 1: There are multiple better ways to address this.
Option A.) Define a plain HTTP, non-streaming request/response transport for these basic use cases. That would be both DRAMATICALLY simpler than the "Streaming HTTP" HTTP+SSE transport they did actually define, while not clouding the waters around streaming responses and bi-directional communications.
Option B.) Just leave the WebSocket connection open for the duration of the session instead of tearing it down and re-connecting it for every request. Conceptualizing a WebSocket connection as an ephemeral resource that needs to be torn down and reconstructed for every request is wrong.
---
Argument 2: From a browser, there is no way to attach headers (like Authorization), and unlike SSE, third-party libraries cannot reimplement WebSocket from scratch in the browser.
Response 2: The assertion is true. You cannot attach arbitrary headers to the initial HTTP GET request that initiates a WebSocket connection, not because of the WebSocket protocol's design, but because the design of the browser API doesn't expose the capability. However, such a limitation is totally irrelevant, as there are plenty of other ways that you could decide to convey that information from client to server:
- You can pass arbitrary values via standard HTTP GET query parameters to be interpreted during the WebSocket handshake. Since we're initiating a WebSocket connection and not actually performing a GET operation on an HTTP resource, this does not create issues with caching infrastructure, and does not violate standard HTTP GET semantics. The HTTP GET that initiates a WebSocket connection is HTTP GET in name only, as the response in a successful WebSocket handshake is to switch protocols and no longer speak HTTP for the remainder of the connection's lifetime.
- Cookies are automatically sent just as with any other HTTP request. This is the standard web primitive for correllating session state across connections. I'll grant, however, that it may be a less relevant mechanism if we're talking about cross-origin connections.
- Your subprotocol definition (what messages are sent and received over the WebSocket connection) could simply require that the client sends any such headers, e.g. Authorization, as part of the first message it sends to the server once the underlying WebSocket connection is established. If this is sent pipelined along with the first normal message over the connection, it wouldn't even introduce an additional round-trip and therefore would have no impact on connection setup time or latency.
These are not strange, onerous workarounds.
---
Argument 3: Only GET requests can be transparently upgraded to WebSocket (other HTTP methods are not supported for upgrading), meaning that some kind of two-step upgrade process would be required on a POST endpoint, introducing complexity and latency.
Response 3: Unless I'm missing something, this argument seems totally bewildering, nonsensical, and irrelevant. It suggests a lack of familiarity with what the WebSocket protocol is for. The semantics of a WebSocket connection are orthoganal to the semantics of HTTP GET or HTTP POST. There is no logical concept of upgrading a POST request to a WebSocket connection, nor is there a need for such a concept. MCP is a new protocol that can function however it needs to. There is no benefit to trying to constrain your conceptualization of its theoretical use of WebSockets to fit within the semantics of any other HTTP verbs. In fact, the only relationship between WebSockets and HTTP is that WebSockets utilizes standard HTTP only to bootstrap a connection, after which point it stops speaking HTTP over the wire and starts speaking a totally distinct binary protocol instead. It should be conceptualized as more analogous to a TCP connection than an HTTP connection. If you are thinking of WebSockets in terms of REST semantics, you have not properly understood how WebSockets differs, nor how to utilize it architecturally.
Since the logical semantics of communication over a WebSocket connection in an MCP server are functionally identical to how the MCP protocol would function over STDIN/STDOUT, the assertion that you would need some kind of two-step upgrade process on a POST endpoint is just false, because there would not exist any POST endpoint for you to have interacted with in the first place, and if one did exist, it would serve some other purpose unrelated to the actual WebSocket connection.
---
In my view, the right way to conceptualize WebSocket in MCP is as a drop-in, mostly transparent alternative to STDIO. Once the WebSocket connection is established, the MCP client/server should be able to speak literally EXACTLY the same protocol with each other as they do over STDIO.
My guess is one will crop up within the next few months...
Speaking from the TypeScript side of things...
I will say the documentation is indeed garbage - it still includes code snippets of APIs / source code examples that don't exist anymore. Also, the choice to use zod types is also in my opinion, way over the top... the fact that I need to import a third party library to write a MCP server is wild - when you're already writing in a typed language (TypeScript)... (and yes I know the other advantages zod provides)
Otherwise it's simple enough to get started, if just tinkering around.
Who cares which client side protocol turns a structured message into a function call? There will be as many of them as there are RPC protocols because that's effectively what it is.
He feels infallible because he's smart enough to get into a hot AI startup and hasn't ever failed. He's read TCP 973 and 822 and 2126 and admitted the vibe or rigor but can't tell you why we have SYN and Message-ID or what the world might have been had alternatives one.
He has strong opinions about package managers for the world's most important programming languages. (Both of them.) But he doesn't understand that implementation is incidental. He's the sort of person to stick "built in MyFavoriteFramework" above the food on his B2B SaaS burrito site. He doesn't appreciate that he's not the customer and customers don't give a fuck. Maybe he doesn't care, because he's never had to turn a real profit in his life.
This is the sort of person building perhaps the most important human infrastructure since the power grid and the Internet itself. You can't argue with them in the way the author of the MCP evaluation article does. They don't comprehend. They CANNOT comprehend. Their brains do not have a theory of mind sufficient for writing a spec robust to implementation by other minds.
That's why they ship SDKs. It's the only thing they can. Their specs might as well be "Servers SHOULD do the right thing. They MUST have good vibes." Pathetic.
God help us.
I wanted to let Claude search an open data source. It’s my counties version of library of congress.
So I pointed Claude to the MCP docs and the API spec for the open data. 5 minutes later I had a working MCP client so I can connect Claude to my data set.
Building that would have taken me days, now I can just start searching for the data that I want.
Sure, I have to proof read everything that the LLM turn out. It I believe that’s better than reading and searching though the library.
That it works is in some ways worse because it means we'll be stuck with it. If it didn't work we'd be more likely to be able to throw it away and start over.
I tried asking some LLMs for from-scratch implementations of MCP hosts and clients, and they did a terrible job of it. This seemed odd to me.
It turns out that both of these problems likely have the same cause. The spec (if you can even call it that) really is horrendous. It doesn't really spell out the protocol properly at all!
It was simple and elegant, the timing was just off. So the first shot at this problem actually looked quite good, and we're currently in a regression.
I’m working on some Go programs/tools with the explicit goal of describing existing servers in a language neutral manner to try to get some sanity into the mix.
I was reenergized to pick this back up because Google is working on a version so I want to get these tools ready.
Open to ideas and input, have been noodling on it for a bit now, lots not in form to share but figured I’d share early:
Oh, and most importantly, a vim syntax plugin for the .mcp file format.
This is what the tests look like, for both the tools and to validate the servers.
— written by ai
Is this really true? Thought the whole reason to use SSE is that it is more lightweight than WebSocket?
More complex stuff you can build on the “outside”. So keeping it local seems ok, because it’s just the LLM facing part.
Hasn't been in issue in at least 5 years. Maybe 10. Doubly so now that we're all using uv. You _are_ using, uv, right?
Glad to see the sentiment isn't as rare as I thought.
And all of the sudden, everyone will expose their data through simple API calls ?
I see it working in a B2B context where customers demand that their knowledge management systems (ticketing, docs, etc...) have an MCP interface.
A spec is what I use to write an SDK.
"It kind of breaks the Unix/Linux piping paradigm using these streams for bidirectional communication."
Uhm ... no? They were meant for that.
But the rest of the critique is well founded. "Streamable HTTP" is quite an amateurish move.
No they weren't. If we look at it from the perspective of pipelines (and not interactive programs that take input directly from the user and display output on the screen), stdin is for receiving data from the program in the pipeline before you, and stdout is for sending data to the thing in the pipeline after you. That's not bidirectional, that's a unidirectional flow.
STDIN means Standard INPUT.
STDOUT means Standard OUTPUT.
There is no design/hardware/software limitation to reading and writing to them at the same time. That's your bidirectional channel with that one process.
>stdin is for receiving data from the program in the pipeline before you, and stdout is for sending data to the thing in the pipeline after you
Yes, and you took that from my comment here: https://news.ycombinator.com/item?id=43947777
Did you just wanted to ratify my argument, or is there something else you want to add?
Everything looks great works snappy and fast, until you look deeper inside or try to get it to do more complex stuff.
Tldr; it's json array passed to llms. Swagger would have sufficed. How and why youcome up with the array shouldn't matter. We shouldn't need 10000 redundant servers.
doing seemingly in-the-box, mundane things like asking the server to dynamically register a new resource after a tool call yields new local files is met with surprising errors like "resources cannot be registered after transport connection."
i reached for the official kotlin sdk, found it did not work (mcp clients refused stdio comms), looked at the source and saw that the transport layer had recently been converted to a proprietary implementation, leaving commented-out code in-place that showed the previous transport details. reimplementing the former, assumedly-functional interface yielded the same broken stdio behavior, and everything being package-private meant i couldn't easily modify sdk components to fiddle with a solution without rewriting the entire transport mechanism. i wasn't willing to do this on a lark and hope the rest of the sdk behaved as promised, so my team is now stuck with a typescript mcp server that no one is comfortable maintaining.
what's really concerning is that openai threw in the towel on a competing standard, so we're now being corraled into accepting mcp as the only reliable tool interface, because every llm (frontier, and derivatives trained on these models) will end up conforming to mcp whether they intend to or not.
i haven't yet mentioned that there's an implicit hierarchy in the three capabilities exposed to mcp clients/servers -- tools above resources and resources above prompts, the latter of which is flat-out ignored by clients. the instructions aspect of server initialization was the only reliable way to bootstrap context with actionable exemplars, and that's just a big, inlined markdown document.
all of that said, the mcp contract is not pretty, but it works. in ~200 lines of code, i can spin up a wrapper over existing APIs (web and/or local binaries) and provide a workable plugin that adds real value to my team's day-to-day activities. mcp hasn't really promised more than that, and what it's promised, it's delivered.
Sure, if you’re running your own infrastructure, you’ve got other problems to worry about—and MCP won’t be the thing holding you back. Complaining that it doesn’t cater to old-school setups kind of misses the point. It’s built for the way things work now, not the way they used to.
The protocol is absolute mess both for clients and servers. The whole thing could have been avoided if they picked any sane bidirectional transport, even websocket.
In other words, you can’t emulate a stateful connection on top of stateless RPC—well, you can, but nobody does because it’d be slow and require complicated clients. Instead, they staple a few headers on top of RPC and assert that it’s just as good as a socket. Dear reader: it is not.
This isn’t an endorsement of AMQP 0.9 and the like or anything. The true messaging/streaming protocols have plenty of their own issues. But at least they don’t build on a completely self-sabotaged foundation.
Like, I get it. HTTP is popular and a lot of client ecosystems balk at more complex protocols. But in the case of stateful duplex communication (of which queueing is a subset), you don’t save on complexity by building on HTTP. You just move the complexity into the reliability domain rather than the implementation domain.
You won't be able to fully insulate yourself from those complexities, though. Unnecessary complexity causes user-visible bugs and incompatibilities. You want to reach for a framework that will abstract all this stuff away, but because of poorly-designed protocols like MCP, those frameworks will end up being more unreliable than they need to be, in ways that will leak out to you.