Tool Protocols
Agents are only as useful as the tools they can reach. The agentic ecosystem has converged on a layered protocol stack that separates tool access, agent-to-agent communication, and web connectivity into distinct, composable concerns.
MCP Won
Model Context Protocol (MCP) is the de facto standard for connecting agents to tools:
- 97M+ monthly SDK downloads across Python, TypeScript, Java, and Kotlin packages.
- Donated to the Linux Foundation in December 2025 for vendor-neutral governance.
- Adopted by every major platform: Anthropic (originator), OpenAI, Google, Microsoft, Amazon, and dozens of smaller vendors.
- Write once, run anywhere: a tool built as an MCP server works with Claude Code, OpenAI Codex CLI, Gemini CLI, and any other MCP-compatible client without modification.
The Three-Layer Protocol Stack
| Layer | Protocol | Scope | Status |
|---|---|---|---|
| 1 | MCP | Agent-to-Tool | Stable. Linux Foundation stewardship. |
| 2 | A2A | Agent-to-Agent | Emerging. Google-led, Linux Foundation stewardship. |
| 3 | WebMCP | Agent-to-Web | Draft specification. Standardizing web access patterns. |
MCP Architecture
MCP uses a client-server architecture with a JSON-RPC 2.0 wire format.
sequenceDiagram
participant A as Agent (MCP Client)
participant S as MCP Server (e.g. GitHub)
A->>S: initialize (capabilities negotiation)
S-->>A: serverInfo, capabilities
A->>S: tools/list
S-->>A: [{name: "create_issue", inputSchema: {...}}, ...]
A->>S: tools/call {name: "create_issue", arguments: {repo: "org/app", title: "Fix login bug"}}
S-->>A: {content: [{type: "text", text: "Created issue #42"}]}- Client: Embedded in the agent runtime. Discovers tools, sends invocations, receives results.
- Server: Standalone process or remote service exposing tools via a JSON Schema.
- Wire format: JSON-RPC 2.0 —
method,params,idon requests;resultorerroron responses.
Configuration: .mcp.json
Projects declare MCP server dependencies in a .mcp.json file at the repository root, checked into version control so every developer and agent gets the same tool configuration.
{
"mcpServers": {
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_TOKEN}"
}
},
"postgres": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-postgres"],
"env": {
"POSTGRES_CONNECTION_STRING": "${DATABASE_URL}"
}
}
}
}The ${ENV_VAR} syntax is resolved at runtime by the MCP client. Secrets never appear in the config file — only references to environment variables.
Tool Discovery
When an MCP client connects to a server, it calls tools/list. The server responds with a JSON Schema for each tool:
{
"tools": [
{
"name": "create_issue",
"description": "Create a new GitHub issue in a repository.",
"inputSchema": {
"type": "object",
"properties": {
"repo": { "type": "string", "description": "owner/repo" },
"title": { "type": "string" },
"body": { "type": "string" }
},
"required": ["repo", "title"]
}
}
]
}The protocol is self-describing — no hardcoded tool knowledge required.
Popular MCP Servers
| Server | Package | Use Cases |
|---|---|---|
| GitHub | @modelcontextprotocol/server-github | PR creation and review, issue triage, code search |
| Slack | @modelcontextprotocol/server-slack | Notifications, message search, channel management |
| PostgreSQL | @modelcontextprotocol/server-postgres | SQL queries, schema inspection, data analysis |
| Playwright | @anthropic/mcp-playwright | Browser automation, E2E testing, web scraping |
| JIRA | mcp-jira | Ticket management, sprint workflows, automation |
| Filesystem | @modelcontextprotocol/server-filesystem | Scoped file read/write, directory listing, file search |
Any of these can be added to .mcp.json and immediately become available to any MCP-compatible agent.
A2A Protocol
Agent-to-Agent (A2A) addresses multi-agent coordination: how agents discover, authenticate with, and delegate work to other agents. Each A2A-compatible agent publishes an Agent Card at /.well-known/agent.json advertising its skills, auth requirements (standard OAuth 2.0 / OIDC), and endpoint. A2A defines a stateful task lifecycle (submitted, working, completed, failed) for tracking long-running delegations. The protocol is Google-led and now under Linux Foundation stewardship. MCP and A2A are complementary — MCP connects agents to tools, A2A connects agents to agents.
Security
- Never hardcode secrets. Use
${ENV_VAR}references in.mcp.json— the file is committed to version control, so inline secrets end up in Git history. - Scope permissions tightly. Grant each MCP server minimum access: scope filesystem servers to specific directories, use read-only database connection strings where possible, use fine-grained tokens with only required scopes.
- Enforce tool-level access control. MCP-compatible agents support permission allow/deny lists (e.g.,
mcp__github__create_issueallowed,mcp__postgres__execute_ddldenied). Use glob patterns for broader rules.
Cross-Platform Adoption
| Platform | MCP Support | Config Location | Transport | Notes |
|---|---|---|---|---|
| Claude Code | Native, first-party | .mcp.json, ~/.claude/settings.json | stdio, SSE, HTTP | Deepest integration. Built-in permission model. |
| OpenAI Codex CLI | Native | codex-config.json | stdio, HTTP | Supports remote MCP servers. Tool approval flow. |
| Gemini CLI | Native | .mcp.json | stdio, SSE | Direct MCP support. Google Cloud auth integration. |
| Google ADK | Via MCPToolset | Python code | stdio, SSE, HTTP | MCPToolset.from_server() wraps any MCP server. |
| LangGraph | Via adapter | Python code | stdio, SSE | langchain-mcp-adapters converts MCP to LangChain tools. |
| CrewAI | Via adapter | Python code | stdio, SSE | MCP tools integrate through CrewAI’s tool interface. |
Further Reading
-
MCP Specification — Full protocol documentation and server registry.
-
MCP Server Registry — Official and community MCP server implementations.