Module 6 · Phase 3: Scale & interoperability · Weeks 15–17
MCP & Tool Ecosystems
The Model Context Protocol is the USB-C of agent tooling: one protocol connecting any agent host to any tool server. You'll learn the architecture and JSON-RPC flow, build a real server and client, master the tool-design principles that make agents actually use your tools well, and run agent-generated code safely in a sandbox.
After this module you can
- ▸Draw the MCP host/client/server architecture and explain where credentials live and why
- ▸Trace the JSON-RPC message flow: initialize handshake, capability negotiation, tools/list, tools/call
- ▸Build an MCP server exposing tools, resources, and prompts, and connect it to a real client
- ▸Write a stdio MCP client and choose correctly between stdio and streamable HTTP transports
- ▸Design task-level tools with prompt-quality descriptions, response budgets, and recoverable errors
- ▸Execute agent-generated code in a sandbox (Docker/E2B) with network, memory, and time limits
Lessons
125 min230 min325 min425 min530 min
MCP Architecture & the JSON-RPC Flow
Before MCP, every agent app integrated every tool bespoke — an N×M explosion. MCP standardizes the wire: hosts run clients, clients hold 1:1 connections to servers, and everything speaks JSON-RPC 2.0. Learn the three roles and the message flow cold; both are interview staples.
Building a Server: Tools, Resources & Prompts
The official Python SDK's FastMCP style makes a server almost embarrassingly small: decorate functions and run. The real content of this lesson is the three primitives — tools, resources, prompts — and the question that distinguishes them: who invokes each?
Clients & Transports: stdio and Streamable HTTP
A server nobody can talk to is a file of decorators. Write a minimal client so the protocol stops being abstract, then choose transports deliberately: stdio for local single-user tools, streamable HTTP for anything remote or shared.
Designing Tools Agents Can Actually Use
The interview-gold lesson: most MCP servers fail not at the protocol layer but at the design layer — twelve thin CRUD wrappers, novel-length responses, and errors that read like stack traces. Few good tools beat many thin ones; here's what 'good' means concretely.
Auth, Sandboxed Execution & A2A
The safety lesson: where secrets live, how destructive tools get gated, and how to run code an agent wrote — which you must treat as untrusted input executing on your machine. Plus the one paragraph you need about A2A.
Module quiz
12 questions · pass ≥ 80%
Lab: Production-Quality MCP Serverportfolio
Wrap a real API you actually use (Pacvue-adjacent, GitHub, Jira, or similar) in a Python MCP server with task-level tools, a resource, and a prompt — tested at three layers, hardened against bad inputs, with a sandboxed run_python tool. This is the artifact Gate G3's practical test attacks live. Starter code lives in labs/lab06-mcp-server/.
Best external resources
Curated reading, docs, and tools that pair with this module.
MCP official docs
Spec, concepts, and the build-a-server tutorial (Python SDK) Lab 06 follows.
DocsAnthropic — Writing effective tools for agents
The tool-design principles above, from the source, with eval methodology.
EssayE2B docs
Managed sandboxes — the alternative to rolling your own Docker jail.
DocsMCP Python SDK
The library Lab 06 is built on — examples folder has working servers to crib from.
Repo