Start with the job: understand MCP architecture and decide when to use it
Model Context Protocol is an interoperability layer, not a permission system. It gives a host a standard way to establish client connections, discover server capabilities and exchange structured messages, while the host still owns consent, policy and the user experience.
Use MCP when several hosts or tools need the same capability contract, or when a maintained server already exposes the exact system you need. A single private function call can remain simpler when there is no interoperability requirement.
Keep this page's decision boundary canonical
Keep the protocol version visible throughout the decision. This pillar owns the shared mental model—roles, capability negotiation, primitives, transports and trust boundaries—while the linked implementation pages own server selection, building and specific controls. That split prevents a generic definition from swallowing operational questions. It also lets a reader decide first whether interoperability is useful, then move to the narrower evidence needed for a connection or build.
Make the operating boundary visible
A host coordinates the application and creates a client connection for each server. Initialization negotiates protocol capabilities before resources, tools or prompts are used. The transport carries messages; it does not decide which data may leave the system or which action deserves approval.
The MCP responsibility boundary
Build a reproducible path
For Model Context Protocol: Architecture, Servers, and Risk, use a small fixture that another developer can repeat without privileged production data. Change one boundary at a time and preserve the exact configuration needed to explain how the page's decision was reached.
- Write the user job and the smallest required capability.
- Choose the primitive that represents that capability without hidden side effects.
- Choose local stdio or remote Streamable HTTP from the deployment boundary.
- Exercise an allowed path, a denied path and a clean disconnect against one pinned specification version.
Keep secrets outside the model context protocol artifact. Record variable names, scopes and owners, then verify the relevant system of record whenever this tool or workflow can change external state.
Record evidence that survives a rerun
A defensible integration record ties every behavior to a specification version and every permission to a named owner. Keep protocol evidence separate from the server maintainer's claims and from your own policy decision.
- Negotiated protocol version and advertised capabilities
- Server identity, release or endpoint and maintainer
- Data reachable through each resource or tool
- Credential scope, approval point and observed failure response
Date the Model Context Protocol: Architecture, Servers, and Risk record and keep factual observations separate from inference. If a claim depends on a hosted service, preview feature or moving SDK, name that dependency beside the claim.
Use a decision rule and a stopping rule
Adopt MCP when the standard reduces bespoke integration work without broadening access beyond the task. Reject or redesign the connection when the useful capability cannot be separated from unrelated write access, opaque data transfer or an unowned server lifecycle.
Repeat initialization from a clean client, enumerate the advertised surface and compare it with the approved inventory. Then revoke the credential and confirm that calls fail visibly; a successful happy path alone does not establish an operable boundary.
When MCP earns its complexity
Protect against predictable failure and continue deliberately
For Model Context Protocol: Architecture, Servers, and Risk, the architecture review flags three recurring failure modes: specification versions are mixed; local and remote trust boundaries are conflated; a server is recommended without permission review. Treat them as release checks, not footnotes. This page remains draft when its exact implementation or intent evidence is still research-gated.
Use the MCP server evaluation guide next: it shows how to screen ownership, capabilities and access before connection.
Use the MCP server build path next: it turns one capability into a versioned, inspectable implementation.
Use the MCP architecture map next: it separates host policy, client state, server behavior and transport.
Use the MCP security threat model next: it traces data and tool access to concrete consequences.