Model Context Protocol
モデル・コンテキスト・プロトコル
Model Context Protocol (MCP) is an open protocol for connecting AI applications to external data, tools, and workflows. It gives agents and AI apps a common integration layer.
What it means
Model Context Protocol is a standard protocol for connecting LLM applications with external data sources, tools, and workflows. It separates hosts, clients, and servers, and servers can expose resources, prompts, and tools. MCP reduces the need for one-off integrations between each AI application and each external system. It does not remove the need for authorization, user confirmation, visible tool exposure, logging, and data-scope design. Those controls become more important as tools move from read-only context to write or action capabilities.
How to calculate it
MCP is not a metric. Evaluate adoption by integration reuse, tool reliability, and safe operation. Integration reuse | Reduction in one-off connectors | Shows whether a shared layer helps Tool success rate | Successful tool calls / tool calls | Measures operational reliability Approval compliance | Confirmed high-impact calls / high-impact calls | Checks the safety boundary
| Lens | Formula / treatment | When to use it |
|---|---|---|
| Integration reuse | Reduction in one-off connectors | Shows whether a shared layer helps |
| Tool success rate | Successful tool calls / tool calls | Measures operational reliability |
| Approval compliance | Confirmed high-impact calls / high-impact calls | Checks the safety boundary |
What counts / what does not
MCP is a connection standard. It does not automatically solve security, governance, or business approval. Include | Context sharing, resources, prompts, tools, standardized connections | Aligns AI integration surfaces Exclude | Business authorization, data classification, final approval, audit ownership | Must be designed by the application Make explicit | Server capabilities, input schemas, authorization, user confirmation, logs | Required for production use
| Item | Treatment | Why it matters |
|---|---|---|
| Include | Context sharing, resources, prompts, tools, standardized connections | Aligns AI integration surfaces |
| Exclude | Business authorization, data classification, final approval, audit ownership | Must be designed by the application |
| Make explicit | Server capabilities, input schemas, authorization, user confirmation, logs | Required for production use |
What moves the number
MCP is more valuable when many AI applications can reuse a connection and tool boundaries are clear. Standardization | Shared connection patterns reduce maintenance Tool design | Clear schemas and descriptions reduce miscalls Authorization | User and action scope must be separated Observability | Tool-call logs support audit and improvement
| Driver | Metric impact |
|---|---|
| Standardization | Shared connection patterns reduce maintenance |
| Tool design | Clear schemas and descriptions reduce miscalls |
| Authorization | User and action scope must be separated |
| Observability | Tool-call logs support audit and improvement |
When it helps
Teams can decide whether to connect internal systems through one-off APIs or through a shared protocol layer. Before building an MCP server, teams can define resources, prompts, tools, authorization, and logs. Developer experience may improve, but tool safety and human confirmation still need explicit design.
- Teams can decide whether to connect internal systems through one-off APIs or through a shared protocol layer.
- Before building an MCP server, teams can define resources, prompts, tools, authorization, and logs.
- Developer experience may improve, but tool safety and human confirmation still need explicit design.
How to use it
- MCP is a standard protocol connecting AI apps to external systems.
- Its roles include hosts, clients, and servers.
- Servers can expose resources, prompts, and tools.
- More tool capability requires stronger authorization, confirmation UI, logging, and permission separation.
- MCP standardizes connection; it does not automatically guarantee safe business decisions.
Decision cautions
Decide what should be connected before celebrating that it can be connected. Separate read-only tools from write or action tools, and require confirmation for high-impact actions. Limit exposed data to what the user and task are allowed to see. Log tool calls, inputs, outputs, and approval state for auditability.
- Separate read-only tools from write or action tools, and require confirmation for high-impact actions.
- Limit exposed data to what the user and task are allowed to see.
- Log tool calls, inputs, outputs, and approval state for auditability.
Read with
MCP should be read with AI agents, tool use, and API design. AI Agent | A common MCP consumer | Needs scoped permissions Tool Use | Model calls external capabilities | A core MCP use case API | General system interface | Often sits behind MCP server tools
| Metric | Role | Why read together |
|---|---|---|
| AI Agent | A common MCP consumer | Needs scoped permissions |
| Tool Use | Model calls external capabilities | A core MCP use case |
| API | General system interface | Often sits behind MCP server tools |
Example
A company wants an internal AI assistant to search documentation and inspect support tickets. The team builds an MCP server and starts with read-only search tools. Ticket updates, comments, and status changes are not exposed at first. Each tool has an input schema, description, returned fields, and log policy. The pilot improves search success, but confidential projects appear in some results, so the team adds permission-aware filtering and user confirmation. MCP reduces integration complexity, but authorization and audit design decide whether the system is production-ready.
Compare with
MCP | AI-oriented connection protocol | Standardizes context and tool integration API | General system interface | Broader than AI use cases Plugin | App-specific extension | Portability depends on the host ecosystem
| Metric | Difference | Why read together |
|---|---|---|
| MCP | AI-oriented connection protocol | Standardizes context and tool integration |
| API | General system interface | Broader than AI use cases |
| Plugin | App-specific extension | Portability depends on the host ecosystem |
Common mistakes
- MCP does not automatically make a system safe. Authorization, confirmation, logs, and permission design are still required.
- MCP is not merely an API replacement. It models AI-facing resources, prompts, and tools.
- Not every tool should be exposed. Least privilege and use-case-specific exposure are the default.
Frequently asked questions
What does MCP stand for?
Model Context Protocol, a protocol for connecting AI applications to external systems.
Is MCP the same as an API?
No. MCP is an AI-oriented protocol for context, resources, prompts, and tools. It may use ordinary APIs behind the server implementation.
Can MCP be used in production immediately?
Only with proper authorization, confirmation UI, logs, data scoping, and tool permission design.