A critical look at MCP

616 点作者 ablekh5 天前

66 条评论

> the documentation is poorly written (all LLM vendors seem to have an internal competition in writing confusing documentation).This is almost certainly because they're all using LLMs to write the documentation, which is still a very bad idea. The MCP spec [0] has LLM fingerprints all over it.In fact, misusing LLMs to build a spec is much worse than misusing them to avoid writing good docs because when it comes to specifications and RFCs the process of writing the spec is half the point. You're not just trying to get a reasonable output document at the end (which they didn't get anyway—just try reading it!), you're trying to figure out all the ways your current thinking is flawed, inadequate, and incomplete. You're reading it critically and identifying edge cases and massaging the spec until it answers every question that the humans designing the spec and the community surrounding it have.Which means in the end the biggest tell that the MCP spec is the product of LLMs isn't that it's somewhat incoherent or that it's composed entirely of bullet lists or that it has that uniquely bland style: it's that it shows every sign of having had very little human thought put into it relative to what we'd expect from a major specification.[0] <a href="https://modelcontextprotocol.io/specification/2025-03-26" rel="nofollow">https://modelcontextprotocol.io/specification/2025-03-26</a>

评论 #43950087 未加载

评论 #43950039 未加载

评论 #43950173 未加载

评论 #43949908 未加载

评论 #43949748 未加载

评论 #43950372 未加载

评论 #43950060 未加载

hirsin5 天前

In the same way that crypto folks speedran "why we have finance regulations and standards", LLM folks are now speedrunning "how to build software paradigms".The concept they're trying to accomplish (expose possibly remote functions to a caller in an interrogable manner) has plenty of existing examples in DLLs, gRPC, SOAP, IDL, dCOM, etc, but they don't seem to have learned from any of them, let alone be aware that they exist.Give it more than a couple months though and I think we'll see it mature some more. We just got their auth patterns to use existing rails and concepts, just have to eat the rest of the camel.

评论 #43948259 未加载

评论 #43948494 未加载

评论 #43952065 未加载

评论 #43948526 未加载

评论 #43947436 未加载

评论 #43949291 未加载

评论 #43953227 未加载

评论 #43952748 未加载

评论 #43947650 未加载

评论 #43947205 未加载

_QrE5 天前

Agreed with basically the entire article. Also happy to hear that someone else was as bewildered as me when they visited the MCP site and they found nothing of substance. RFCs can be a pain to read, but they're much better than 'please just use our SDK library'.

评论 #43947791 未加载

评论 #43948055 未加载

评论 #43950882 未加载

评论 #43947538 未加载

keithwhor4 天前

On MCP's Streamable HTTP launch I posted a issue asking if we should just simplify everything for remote MCP servers to just be HTTP requests.<a href="https://github.com/modelcontextprotocol/modelcontextprotocol/issues/236">https://github.com/modelcontextprotocol/modelcontextprotocol...</a>MCP as a spec is really promising; a universal way to connect LLMs to tools. But in practice you hit a lot of edge cases really quickly. To name a few; auth, streaming of tool responses, custom instructions per tool, verifying tool authenticity (is the server I'm using trustworthy?). It's still not entirely clear (*for remote servers*) to me what you can do with MCP that you can't do with just a REST API, the latter being a much more straightforward integration path.If other vendors do adopt MCP (OpenAI and Gemini have promised to) the problem they're going to run into very quickly is that they want to do things (provide UI elements, interaction layers) that go beyond the MCP spec. And a huge amount of MCP server integrations will just be lackluster at best; perhaps I'm wrong -- but if I'm { OpenAI, Anthropic, Google } I don't want a consumer installing Bob's Homegrown Stripe Integration from a link they found on 10 Best MCP Integrations, sharing their secret key, and getting (A) a broken experience that doesn't match the brand or worse yet, (B) credentials stolen.

评论 #43948421 未加载

评论 #43953568 未加载

评论 #43953254 未加载

评论 #43948424 未加载

mattw18104 天前

MCP should just have been stateless HTTP to begin with. There is no good reason for almost any of the servers I have seen to be stateful at the request/session level —- either the server carries the state globally or it works fine with a session identifier of some sort.

评论 #43949046 未加载

评论 #43949130 未加载

jes51994 天前

I recently wrote an MCP server, in node, after trying and failing to get the official javascript SDK to work. I agree with the criticisms — this is a stunningly bad specification, perhaps the worst I have seen in my career. I don’t think the authors have actually tried to use it.Trying to fix “you must hold a single connection open to receive all responses and notifications” by replacing it with “you must hold open as many connections as you have long-running requests, plus one more for notifications” is downright unhinged, and from reading the spec I’m not even sure they know that’s what they are asking clients to do

aristofun4 天前

This is a part of the bigger problem. Near all of AI is done by mathematicians, (data) scientists, students and amateur enthusiasts. Not by professional software engineers.This is why nearly everything looks like a one weekend pet project by the standards of software engineering.

评论 #43949232 未加载

评论 #43952079 未加载

dend4 天前

Just to add one piece of clarification - the comment around authorization is a bit out-of-date. We've worked closely with Anthropic and the broader security community to update that part of MCP and implement a proper separation between resource server (RS) and authorization server (AS) when it comes to roles. You can see this spec in draft[1] (it will be there until a new protocol version is ratified).[1]: <a href="https://modelcontextprotocol.io/specification/draft/basic/authorization" rel="nofollow">https://modelcontextprotocol.io/specification/draft/basic/au...</a>

评论 #43949392 未加载

评论 #43948495 未加载

评论 #43951770 未加载

jacob0194 天前

The consensus around here seems to be that the protocol itself is fine, but the transport is controversial.Personally, even the stdio transport feels suboptimal. I mostly write python and startup time for a new process is nontrivial. Starting a new process for each request doesn't feel right. It works ok, and I'll admit that there's a certain elegance to it. It would be more practical if I were using a statically compiled language.As far as the SSE / "Streamable HTTP" / websockets discussion, I think it's funny that there is all this controversy over how to implement sockets. I get that this is where we are, because the modern internet only supports a few protocols, but a the network level you can literally just open up a socket and send newline delimited JSON-RPC messages in both directions at full duplex. So simple and no one even thinks about it. Why not support the lowest level primitive first? There are many battle tested solutions for exposing sockets over higher level protocols, websockets being one of them. I like the Unix Philosophy.Thinking further, the main issue with just using TCP is the namespace. It's similar to when you have a bunch of webservers and nginx or whatever takes care of the routing. I use domain sockets for that. People often just pick a random port number, which works fine too as long as you register it with the gateway. This is all really new, and I'm glad that the creators, David and Justin, had the foresight to have a clean separation between transport and protocol. We'll figure this out.

评论 #43954971 未加载

mrcsharp4 天前

> "In HTTP+SSE mode, to achieve full duplex, the client sets up an SSE session to (e.g.) GET /sse for reads. The first read provides a URL where writes can be posted. The client then proceeds to use the given endpoint for writes, e.g., a request to POST /a-endpoint?session-id=1234. The server returns a 202 Accepted with no body, and the response to the request should be read from the pre-existing open SSE connection on /sse."This just seems needlessly complicated. Performing writes on one endpoint and reading the response on another just seems so wrong to me. An alternative could be that the "client" generates a session id and the start of the chat and make http calls to the server passing that ID in a query string or header. Then, the response is sent back normally instead of just sending 202.What benefit is SSE providing here? Let the client decide when a session starts/ends by generating IDs and let the server maintain that session internally.

评论 #43950772 未加载

评论 #43955063 未加载

punkpeye5 天前

I am the founder of one of the MCP registries (<a href="https://glama.ai/mcp/servers" rel="nofollow">https://glama.ai/mcp/servers</a>).I somewhat agree with author’s comments, but also want to note that the protocol is in the extremely early stages of development, and it will likely evolve a lot over the next year.I think that no one (including me) anticipated just how much attention this will get straight out the door. When I started working on the registry, there were fewer than a few dozen servers. Then suddenly a few weeks later there was a thousand, and numbers just kept growing.However, lots and lots of those servers do not work. Majority of my time has gone into trying to identify servers that work (using various automated tests). All of this is in large part because MCP got picked up by the mainstream AI audience before the protocol reached any maturity.Things are starting to look better now though. We have a few frameworks that abstract the hard parts of the protocol. We have a few registries that do a decent job surfacing servers that work vs those that do not. We have a dozen or so clients that support MCPs, etc. All of this in less than half a year is unheard of.So yes, while it is easy to find flaws in MCP, we have to acknowledge that all of it happened in a super short amount of time – I cannot even think of comparisons to make. If the velocity remains the same, MCP future is very bright.For those getting started, I maintain a few resources that could be valuable:* <a href="https://github.com/punkpeye/awesome-mcp-servers/">https://github.com/punkpeye/awesome-mcp-servers/</a>* <a href="https://github.com/punkpeye/awesome-mcp-devtools/">https://github.com/punkpeye/awesome-mcp-devtools/</a>* <a href="https://github.com/punkpeye/awesome-mcp-clients/">https://github.com/punkpeye/awesome-mcp-clients/</a>

评论 #43948058 未加载

评论 #43948020 未加载

评论 #43948056 未加载

评论 #43949643 未加载

评论 #43951234 未加载

justanotheratom5 天前

It is indeed quite baffline why MCP is taking off, but facts are facts. I would love to be enlightened how MCP is better than an OpenAPI Spec of an existing Server.

评论 #43947088 未加载

评论 #43947191 未加载

评论 #43947055 未加载

评论 #43947010 未加载

评论 #43950336 未加载

Scotrix4 天前

Couldn’t agree more, played the whole day today trying to get a HTTP MCP server with Claude running.Absolutely terrible, no clear spec, absolute useless errors and/or just broken behaviour without telling what’s wrong. Reference implementations and frameworks are not working either, so only reverse engineering + trial & error until it runs, yaaay.Feels like the early 2000 over and over again, trying to make something work.

评论 #43949346 未加载

bsenftner4 天前

I'll say it: MPC is immature trash, and will be replaced with... nothing. It is not needed, nor necessary if one has any functional engineering experience. It's yet another poorly considered distraction created by the software industry that cannot tie it's own shoes.

评论 #43952909 未加载

评论 #43954008 未加载

somnium_sn4 天前

Hey, I am one of the MCP authors.We appreciate the criticism and take it very seriously. We know things are not perfect and there is lots of room for improvement. We are trying to balance the needs of the fast paced AI world, and the careful, time consuming needs of writing a spec. We’d love to improve the spec and the language, and would of course appreciate help here. We also work with an increasingly larger community that help us get this right. The most recent Authorization specification changes are just one example.Similarly we are working on the SDKs and other parts of MCP to improve the ecosystem. Again, it’s all very early and we appreciate help from the community.

评论 #43955241 未加载

rvz5 天前

> However, I'm astonished by the apparent lack of mature engineering practices.Exactly.MCP is one of the worst 'standards' that I have seen come out from anywhere since JSON Web Tokens (JWTs) and the author rightfully points out the lack of engineering practices of a 'standard' that is to be widely used like any properly designed standard with industry-wide input.> Increased Attack Surface: The multiple entry points for session creation and SSE connections expand the attack surface. Each entry point represents a potential vulnerability that an attacker could exploit.JWTs have this same issue with multiple algorithms to use including the horrific 'none' algorithm. Now we have a similar issue with MCP with multiple entry points to chose from which is more ways to attack the protocol.This one is the most damning.> Python and JavaScript are probably one of the worst choices of languages for something you want to work on anyone else's computer. The authors seem to realize this since all examples are available as Docker containers.Another precise point and I have to say that our industry is once again embracing the worst technologies to design immature standards like this.The MCP spec appears to be designed without consideration for security or with any input from external companies like a normal RFC proposal should and is quite frankly repeating the same issues like JWTs.

评论 #43947499 未加载

fendy30024 天前

Opinion aside (still reading),> Simply put, it is a JSON-RPC protocol with predefined methods/endpoints designed to be used in conjunction with an LLM.Is a spot on / simplest explanation of MCP, wonder why nobody use that or insist that it's usb-c for AI on their tutorials! Seeing this early can makes me understand MCP in 5 minutes

评论 #43949811 未加载

_pdp_4 天前

We also had to reverse engineer the SDKs because we couldn't find any good source of what Streamable HTTP really supposed to do and our big take away from this experiment was that MCP is an experiment.Why would anyone want to write a non-scalable wrapper around a service that already is well documented using OpenAPI endpoints is beyond me.Anyway, we ended up implementing it just because but I already know it is a mistake and a potential source of many hours wasted by our engineering team.

baalimago4 天前

Personally I don't get why they didn't extend the function calling system [1].This enables practically the same functionality, only with less fuzz. Long term memory can then instead be implemented via RAG, exposed as function calls, instead of keeping it in the context of the MCP.An "agent" is a pre-prompted server which receives external requests, by any API (the AI interface is not exposed, since there's no need for it to be). The server then performs query by announcing which tools the LLM should use via function calling + conversation flow.The only downside of this approach is that you can't have a MCP "marketplace" (but it's perfectly possible to expose standardized structs for different tools [2], which ultimately achieves the same thing).[1]: <a href="https://platform.openai.com/docs/guides/function-calling?api-mode=responses" rel="nofollow">https://platform.openai.com/docs/guides/function-calling?api...</a> [2]: <a href="https://github.com/baalimago/clai/blob/main/internal/tools/bash_tool_cat.go#L10">https://github.com/baalimago/clai/blob/main/internal/tools/b...</a>

hrpnk5 天前

This critical look focuses just on the protocol. The fun starts with the actual MCP server implementations... Seems that providing an MCP server is the to be or not to be for all sorts of vendors. All REST APIs get wrapped into an MCP to make products LLM-compatible and tick checkmarks on newly extended checklists.Many pass REST responses directly to LLMs that quickly leads to token burn. Wish providers took a closer look on the actual engineering practices for the servers.Has someone seen a good implementation of an MCP server with a comprehensive test suite?

schappim4 天前

I’m building an MCP service in Ruby on Rails called ninja.ai [1], which functions as an app store offering one-click installation of MCP servers. Ninja installs Model Context Protocol servers on client devices using Tauri [2], a lightweight framework for building cross-platform desktop apps.I’m also using Rails to host MCP servers in the cloud.I share the criticism of HTTP+SSE and the recent “Streamable HTTP” feature—WebSockets would have been a more appropriate choice for interactive, bidirectional communication. Rails’ native support for SSE via ActionController::Live is limited (blocking) and has led to significant scalability challenges, prompting me to migrate these endpoints to the Falcon web server, which is better suited to concurrent streaming workloads.When I reviewed the pull request for “Streamable HTTP” (which allows streaming a single controller response via server-sent events), I noticed it was largely driven by engineers at Shopify. I’m curious why they opted for this approach instead of WebSockets, especially given that Rails already includes ActionCable for WebSocket support. My assumption is that their choice was informed by specific infrastructure or deployment constraints, possibly related to simplicity or compatibility with existing HTTP/2 tooling.It’s worth noting that the transport layer in the Model Context Protocol is intentionally abstracted. Future implementations could leverage WebSockets or even WebRTC, depending on the needs of the host environment or client capabilities.[1] <a href="https://ninja.ai" rel="nofollow">https://ninja.ai</a>[2] <a href="https://v2.tauri.app" rel="nofollow">https://v2.tauri.app</a>

quantadev5 天前

MCP was invented by some very young LLM experts probably with limited experience in "protocol" design. They'll probably see this article you wrote criticizing it and realize they made a mistake. I bet there's a way to wrap that stdio stuff with WebSockets, like was recommended in the blog/article.Frankly I'm not sure why an ordinary REST service (just HTTP posts) wasn't considered ok, but I haven't used MCP yet myself.What MCP got right was very powerful of course which I'd summarize as giving all AI-related software the ability to call functions that reside on other servers during inference (i.e. tool calls), or get documents and prompt templates in a more organized way where said docs are specifically intended for consumption by AIs residing anywhere in the world (i.e. on other servers). I see MCP as sort of a 'function call' version of the internet where AIs are doing the calling. So MCP is truly like "The Internet for AIs". So it's huge.But just like JavaScript sucks bad, yet we run the entire web on it, it won't be that bad if the MCP protocol is jank, as long as it works. Sure would better to have a clean protocol tho, so I agree with the article.

stuaxo4 天前

There is so much stuff like this right now:I have a similar feeling looming at the converse API.Why, do we have a thing that keeps returning all the text, when something on the other end is just appending to it.Then there is the code inside langchain, some of which feels rushed.I'm unconvinced of the abstraction that everything is a "Document". In an app I'm working on, once we switched to PGVector in Django the need for a lot of things went away.What is great with langchain is the support for lots of things.. but not everything.So, wanting to always use a thin abstraction over native libraries we find ourself using litellm, which covers some bits and langchain for the others (though the code for both of those is not much).And then there's models: we can't even agree on standard names for the same models.And this makes it painful when you support different backends, of course if Bedrock is a backend they have their own models you can't use anywhere else.

thatxliner4 天前

> Be honest... when was the last time you ran pip install and didn't end up in dependency hell?Never? If you use proper encapsulation (e.g. tools such as pipx or using virtual environments), that's a non-issue. It only gets bad when there's Python version incompatibilities

practal5 天前

There isn't much detailed technical spec on MCP on the spec site, but they have a link to a schema [1]. You can add that schema to a Claude project, and then examine it. That's very helpful, although you will quickly run into unsupported things, for example embedded resources in tool call responses in Claude Desktop.I think MCP will be a huge deal for Practal. Implementing Practal as an MCP server, I basically don't need a frontend.[1] <a href="https://github.com/modelcontextprotocol/modelcontextprotocol/blob/main/schema/2025-03-26/schema.ts">https://github.com/modelcontextprotocol/modelcontextprotocol...</a>

angusturner4 天前

I think this is article is too generous about the use of stdio - I have found this extremely buggy so far, especially in the python sdk.Also if you want to wrap any existing code that logs or prints to stdout then it causes heaps of ugly messages and warnings as it interferes with the comms between client and server.I just want a way to integrate tools with Claude Desktop that doesn’t make a tonne of convoluted and weird design choices.

TZubiri5 天前

"Why do I need to implement OAuth2 if I'm using HTTP as transport, while an API key is enough for stdio?"Because one is made for local and the other for connecting through the internet.

评论 #43948041 未加载

yawnxyz4 天前

I’ve been toying with building remote MCPs on Cloudflare workers. I came in with the idea that “you could probably use REST APIs for everything” then implemented both REST, and MCPs side by side. Also built an SSE and a “streamable http” version.For building apps that call the server, using the APIs was way easier.For building an LLM system for figure out what API tool calls to make, it’s quite a bit of work to recreate what the MCP folks did.I think MCPs are a huge time saver for wrapping AI around a bag of tools, without having to hard code every API call and interaction.If anything, I think using MCPs is a massive convenience and time saver for building and prototyping LLM + tool calling apps.Also for SSE vs Streamable HTTP, I don’t think “streamable” uses SSE at all? I think the problem they were solving for was the annoying long lived SSE connections — you can definitely see the difference on Workers though, switching away from SSE makes the workers way faster for multiple connectionsEdit: the experience of building on Cloudflare and Claude is extremely frustrating; Claude is unable to output errors properly, can’t edit config inside the app, and has to be restarted constantly. Cloudflare stops working properly on SSE connections randomly, and throws bizarre errors every now and then.

评论 #43950675 未加载

_heimdall5 天前

I haven't dug too deeply into MCP yet so I may very well be wrong here, but it feels like get another attempt to paper over the fact that we abandoned REST APIs nearly 20 years ago.XML is ugly and building APIs that describe both the data and available actions is tough.Instead we picked JSON RPCs that we still call REST, and we inevitably run into situations like Alexa or LLMs where we want a machine to understand what actions are supported in an API and what the data schema is.

评论 #43952786 未加载

notepad0x904 天前

What are arguments for involving HTTP/streaming at all in the context of MCP?As I understand, the agent sdk/ADK can simply start a child process and use STDIO to execute MCP commands. Why not always use that approach? if some REST api needs to be queried, the child process can abstract that interaction and expose it by the same consistent MCP interface. That way, devs are free to use REST,SOAP,*RPC,etc.. or whatever they want.

grogenaut5 天前

I find the discussing of the quality of the MCP protocol funny. This space is constantly evolving very quickly. I consider MCP completely throw away, and I'm willing to deal with it as unimportant in that rapidly evolving space. I'm sure there will be a different implementation and approach in 6-12 months, or not. From the speed I'm able to turn on MCP integrations I don't think it'll take that long to swap to another protocol. We're in the sone age here. MCP may be crappy but it's a flint and steel versus a bowstring. Eventually we'll get to central or zoned heating.I'm using MCP locally on my laptop, the security requirements are different there than on a server. Logging can be done at the actual integration with external api level if you have standard clients and logging, which I do and push for.To me what is important right now is to glue my apis, data sources, and tools, to the AI tools my people are using. MCP seems to do that easily. Honestly I don't care about the protocol, at the end of the day, protocols are just ways for things to talk to each other, if they're interesting in and of themselves to you you're focusing on other things than I am. My goal is delivering power with the integration.MCP may be messy, but the AI tools I'm using them with seem just fine and dealing with that mess to help me build more power into the AI tools. That, at the end of the day is what I care about, can I get the info and power into the tools so that my employees can do stuff they couldn't do before. MCP seems to do that just fine. If we move to some other protocol in 6 months, I'm assuming I can do that with AI tools on a pretty quick basis, as fast as I'm building it right now.

efitz2 天前

This article really hit home for me. I am trying to integrate an MCP interface into a server application only to realize that Anthropic didn't seem to have considered server side use cases at all; to them everything looks like an electron app. Then they added JSON-RPC support as an afterthought with only browser-like transports. It is either arrogance or ignorance to fail to exclude something basic like a RESTful API or gRPC or even just websockets.

fullstackchris4 天前

Well... if the author wants websockets, why doesn't the author just do it? They state clearly in pull request the community is totally free to make their own.My guess is one will crop up within the next few months...Speaking from the TypeScript side of things...I will say the documentation is indeed garbage - it still includes code snippets of APIs / source code examples that don't exist anymore. Also, the choice to use zod types is also in my opinion, way over the top... the fact that I need to import a third party library to write a MCP server is wild - when you're already writing in a typed language (TypeScript)... (and yes I know the other advantages zod provides)Otherwise it's simple enough to get started, if just tinkering around.

theturtle324 天前

Regarding the WebSocket critiques specifically, as the author of <a href="https://www.npmjs.com/package/websocket" rel="nofollow">https://www.npmjs.com/package/websocket</a>, and having participated in the IETF working group that defined the WebSocket protocol, I completely agree with this blog post's author.The WebSocket protocol is the most ideal choice for a bi-directional streaming communication channel, and the arguments listed in <a href="https://github.com/modelcontextprotocol/modelcontextprotocol/pull/206">https://github.com/modelcontextprotocol/modelcontextprotocol...</a> for "Why Not WebSockets" are honestly bewildering. They are at best thin, irrelevant and misleading. It seems as though they were written by people who don't really understand the WebSocket protocol, and have never actually used it.The comment farther down the PR makes a solid rebuttal. <a href="https://github.com/modelcontextprotocol/modelcontextprotocol/pull/206#issuecomment-2766559523">https://github.com/modelcontextprotocol/modelcontextprotocol...</a>Here are the stated arguments against using the WebSocket protocol, and my responses.---Argument 1: Wanting to use MCP in an "RPC-like" way (e.g., a stateless MCP server that just exposes basic tools) would incur a lot of unnecessary operational and network overhead if a WebSocket is required for each call.Response 1: There are multiple better ways to address this.Option A.) Define a plain HTTP, non-streaming request/response transport for these basic use cases. That would be both DRAMATICALLY simpler than the "Streaming HTTP" HTTP+SSE transport they did actually define, while not clouding the waters around streaming responses and bi-directional communications.Option B.) Just leave the WebSocket connection open for the duration of the session instead of tearing it down and re-connecting it for every request. Conceptualizing a WebSocket connection as an ephemeral resource that needs to be torn down and reconstructed for every request is wrong.---Argument 2: From a browser, there is no way to attach headers (like Authorization), and unlike SSE, third-party libraries cannot reimplement WebSocket from scratch in the browser.Response 2: The assertion is true. You cannot attach arbitrary headers to the initial HTTP GET request that initiates a WebSocket connection, not because of the WebSocket protocol's design, but because the design of the browser API doesn't expose the capability. However, such a limitation is totally irrelevant, as there are plenty of other ways that you could decide to convey that information from client to server:- You can pass arbitrary values via standard HTTP GET query parameters to be interpreted during the WebSocket handshake. Since we're initiating a WebSocket connection and not actually performing a GET operation on an HTTP resource, this does not create issues with caching infrastructure, and does not violate standard HTTP GET semantics. The HTTP GET that initiates a WebSocket connection is HTTP GET in name only, as the response in a successful WebSocket handshake is to switch protocols and no longer speak HTTP for the remainder of the connection's lifetime.- Cookies are automatically sent just as with any other HTTP request. This is the standard web primitive for correllating session state across connections. I'll grant, however, that it may be a less relevant mechanism if we're talking about cross-origin connections.- Your subprotocol definition (what messages are sent and received over the WebSocket connection) could simply require that the client sends any such headers, e.g. Authorization, as part of the first message it sends to the server once the underlying WebSocket connection is established. If this is sent pipelined along with the first normal message over the connection, it wouldn't even introduce an additional round-trip and therefore would have no impact on connection setup time or latency.These are not strange, onerous workarounds.---Argument 3: Only GET requests can be transparently upgraded to WebSocket (other HTTP methods are not supported for upgrading), meaning that some kind of two-step upgrade process would be required on a POST endpoint, introducing complexity and latency.Response 3: Unless I'm missing something, this argument seems totally bewildering, nonsensical, and irrelevant. It suggests a lack of familiarity with what the WebSocket protocol is for. The semantics of a WebSocket connection are orthoganal to the semantics of HTTP GET or HTTP POST. There is no logical concept of upgrading a POST request to a WebSocket connection, nor is there a need for such a concept. MCP is a new protocol that can function however it needs to. There is no benefit to trying to constrain your conceptualization of its theoretical use of WebSockets to fit within the semantics of any other HTTP verbs. In fact, the only relationship between WebSockets and HTTP is that WebSockets utilizes standard HTTP only to bootstrap a connection, after which point it stops speaking HTTP over the wire and starts speaking a totally distinct binary protocol instead. It should be conceptualized as more analogous to a TCP connection than an HTTP connection. If you are thinking of WebSockets in terms of REST semantics, you have not properly understood how WebSockets differs, nor how to utilize it architecturally.Since the logical semantics of communication over a WebSocket connection in an MCP server are functionally identical to how the MCP protocol would function over STDIN/STDOUT, the assertion that you would need some kind of two-step upgrade process on a POST endpoint is just false, because there would not exist any POST endpoint for you to have interacted with in the first place, and if one did exist, it would serve some other purpose unrelated to the actual WebSocket connection.---In my view, the right way to conceptualize WebSocket in MCP is as a drop-in, mostly transparent alternative to STDIO. Once the WebSocket connection is established, the MCP client/server should be able to speak literally EXACTLY the same protocol with each other as they do over STDIO.

评论 #43948922 未加载

cheriot4 天前

The hub bub about MCP buries the lede. The amazing thing is how effectively LLMs use tools.Who cares which client side protocol turns a structured message into a function call? There will be as many of them as there are RPC protocols because that's effectively what it is.

kgeist4 天前

Why can't it just be an OpenAPI spec and standard HTTP requests? Can't AI already figure out which endpoints to call on its own? The whole Streamable HTTP approach feels like premature optimization. Is there something else to it?

maCDzP4 天前

The comments are mostly negative, so I’ll add my experience as a non coder.I wanted to let Claude search an open data source. It’s my counties version of library of congress.So I pointed Claude to the MCP docs and the API spec for the open data. 5 minutes later I had a working MCP client so I can connect Claude to my data set.Building that would have taken me days, now I can just start searching for the data that I want.Sure, I have to proof read everything that the LLM turn out. It I believe that’s better than reading and searching though the library.

评论 #43954059 未加载

jsight4 天前

Wow, this is really incredible and timely analysis. I was just looking at the MCP "spec" the other day. I didn't really understood it, and assumed that I must have been missing something.I tried asking some LLMs for from-scratch implementations of MCP hosts and clients, and they did a terrible job of it. This seemed odd to me.It turns out that both of these problems likely have the same cause. The spec (if you can even call it that) really is horrendous. It doesn't really spell out the protocol properly at all!

shivawu4 天前

Obviously the article is making valid points. But a recent epiphany I had is, things by default are just mediocre but works. Of course the first shot at this problem is not going to be very good, very much like the first version of JavaScript is a shitshow and we’ll take years to pay down the technical debts. In order to force a beautiful creation, significant effort and will power needs to be put in place. So Id say I’m not surprised at all and this is just how the world works, in most cases.

评论 #43948827 未加载

traviscline4 天前

Thanks for this, I’ve been feeling similarly.I’m working on some Go programs/tools with the explicit goal of describing existing servers in a language neutral manner to try to get some sanity into the mix.I was reenergized to pick this back up because Google is working on a version so I want to get these tools ready.Open to ideas and input, have been noodling on it for a bit now, lots not in form to share but figured I’d share early:<a href="https://github.com/tmc/mcp">https://github.com/tmc/mcp</a>

评论 #43948563 未加载

评论 #43948547 未加载

noor_z4 天前

One advantage of MCP being "inspired by" LSP, at least to people like myself who work on LSP tools, is that a decent chunk of existing LSP code can be reused and repurposed. For example, most editors already ship with code for managing local server sidecars over stdio. There are a few annoying differences though like the lack of a header section in MCP.

DGAP4 天前

I assume the docs, code, and design were done mostly by AI.

stevev5 天前

One major obstacle to grasping high-level abstractions and their implementations lies in poorly designed systems or language limitations. At this stage, any human-produced effort—be it documentation, explanations, or naming—should be reviewed by AI. Language models often excel at crafting clearer analogies and selecting more meaningful or intuitive naming conventions than we do. In short, let LLMs handle the documentation.— written by ai

ghoshbishakh4 天前

The "Why not WebSocket?" arguments in the PR ar hilarious. Also, these arguments look AI generated which tells something.

dboreham4 天前

People love to invent new stuff, even when said stuff already exists. Other people love to embrace said unnecessary new stuff without question.

nyclounge4 天前

> “RPC-like use of WebSocket adds overhead” – Actually, WebSocket reduces overhead in high-frequency RPC-like interactions by keeping a persistent connection.Is this really true? Thought the whole reason to use SSE is that it is more lightweight than WebSocket?

punnerud5 天前

I don’t agree with MCP being a bad standard, remember it’s supposed to be as simple and easy as possible to not take up a lot of tokens and for the LLM to use.More complex stuff you can build on the “outside”. So keeping it local seems ok, because it’s just the LLM facing part.

sensanaty4 天前

Man I thought I was crazy for a bit there. At work I've had some people hyping up their MCP stuff, and after looking at the docs I was bewildered by what I was reading, it was clear AI slop with 0 thought put to it.Glad to see the sentiment isn't as rare as I thought.

quasarj4 天前

> Be honest... when was the last time you ran pip install and didn't end up in dependency hell?Hasn't been in issue in at least 5 years. Maybe 10. Doubly so now that we're all using uv. You _are_ using, uv, right?

ethical_source5 天前

You must understand that when you deal with AI people, you deal with children. Imagine the author of the spec you're trying to implement is a new grad in San Francisco (Mission, not Mission Street, thanks).He feels infallible because he's smart enough to get into a hot AI startup and hasn't ever failed. He's read TCP 973 and 822 and 2126 and admitted the vibe or rigor but can't tell you why we have SYN and Message-ID or what the world might have been had alternatives one.He has strong opinions about package managers for the world's most important programming languages. (Both of them.) But he doesn't understand that implementation is incidental. He's the sort of person to stick "built in MyFavoriteFramework" above the food on his B2B SaaS burrito site. He doesn't appreciate that he's not the customer and customers don't give a fuck. Maybe he doesn't care, because he's never had to turn a real profit in his life.This is the sort of person building perhaps the most important human infrastructure since the power grid and the Internet itself. You can't argue with them in the way the author of the MCP evaluation article does. They don't comprehend. They CANNOT comprehend. Their brains do not have a theory of mind sufficient for writing a spec robust to implementation by other minds.That's why they ship SDKs. It's the only thing they can. Their specs might as well be "Servers SHOULD do the right thing. They MUST have good vibes." Pathetic.God help us.

评论 #43947901 未加载

评论 #43948626 未加载

mountainriver4 天前

MCP is in a race to be valuable at all. Smarter agents will have no use for it

评论 #43949329 未加载

vmaurin5 天前

It will probably never work. Companies have spend probably the last decade(s?) closing everything on Internet: * no more RSS feed * paywall * the need to have an "app" to access a service * killing open protocolsAnd all of the sudden, everyone will expose their data through simple API calls ?

评论 #43948003 未加载

评论 #43974690 未加载

评论 #43948573 未加载

stalfosknight5 天前

I thought this was about the Master Control Program at first.

评论 #43947144 未加载

neuroelectron5 天前

MCP is the moat to keep small players outside of the AI market. Not only does implementing it require a team, it is a tarpit of sabotage, where logging and state are almost impossible to track.

评论 #43947485 未加载

评论 #43951013 未加载

评论 #43948129 未加载

artursapek4 天前

It sounds like they vibe coded their protocol

moralestapia5 天前

Context is stdin and stdio."It kind of breaks the Unix/Linux piping paradigm using these streams for bidirectional communication."Uhm ... no? They were meant for that.But the rest of the critique is well founded. "Streamable HTTP" is quite an amateurish move.

评论 #43947923 未加载

评论 #43946945 未加载

Aperocky5 天前

MCP is a microcosm of LLM.Everything looks great works snappy and fast, until you look deeper inside or try to get it to do more complex stuff.

bosky1014 天前

I drew a cartoon/satire on mcp titled zombie prompting. You can find the original here <a href="https://x.com/0xBosky/status/1906356379486679521" rel="nofollow">https://x.com/0xBosky/status/1906356379486679521</a>Tldr; it's json array passed to llms. Swagger would have sufficed. How and why youcome up with the array shouldn't matter. We shouldn't need 10000 redundant servers.

huqedato4 天前

MCP is emerging technology. The mess is unavoidable for at least one year or so.

dvorka4 天前

"In the good old days, it was a good practice to run a new protocol proposal through some standards bodies like W3C or OASIS, which was mostly a useful exercise. Is the world somewhere else already, or would it be a waste of time?"

qldp4 天前

first off, very well done. this article captures exactly the uneasiness i've felt as an mcp implementer.doing seemingly in-the-box, mundane things like asking the server to dynamically register a new resource after a tool call yields new local files is met with surprising errors like "resources cannot be registered after transport connection."i reached for the official kotlin sdk, found it did not work (mcp clients refused stdio comms), looked at the source and saw that the transport layer had recently been converted to a proprietary implementation, leaving commented-out code in-place that showed the previous transport details. reimplementing the former, assumedly-functional interface yielded the same broken stdio behavior, and everything being package-private meant i couldn't easily modify sdk components to fiddle with a solution without rewriting the entire transport mechanism. i wasn't willing to do this on a lark and hope the rest of the sdk behaved as promised, so my team is now stuck with a typescript mcp server that no one is comfortable maintaining.what's really concerning is that openai threw in the towel on a competing standard, so we're now being corraled into accepting mcp as the only reliable tool interface, because every llm (frontier, and derivatives trained on these models) will end up conforming to mcp whether they intend to or not.i haven't yet mentioned that there's an implicit hierarchy in the three capabilities exposed to mcp clients/servers -- tools above resources and resources above prompts, the latter of which is flat-out ignored by clients. the instructions aspect of server initialization was the only reliable way to bootstrap context with actionable exemplars, and that's just a big, inlined markdown document.all of that said, the mcp contract is not pretty, but it works. in ~200 lines of code, i can spin up a wrapper over existing APIs (web and/or local binaries) and provide a workable plugin that adds real value to my team's day-to-day activities. mcp hasn't really promised more than that, and what it's promised, it's delivered.

nicomt5 天前

The post misses the mark on why a stateless protocol like MCP actually makes sense today. Most modern devs aren’t spinning up custom servers or fiddling with sticky sessions—they’re using serverless platforms like AWS Lambda or Cloudflare Workers because they’re cheaper, easier to scale, and less of a headache to manage. MCP’s statelessness fits right into that model and makes life simpler, not harder.Sure, if you’re running your own infrastructure, you’ve got other problems to worry about—and MCP won’t be the thing holding you back. Complaining that it doesn’t cater to old-school setups kind of misses the point. It’s built for the way things work now, not the way they used to.

评论 #43948220 未加载

DanHulton4 天前

This is honestly kind of hilarious. I fell briefly in love with SSE last summer and started to write a chat/game web server using them, only to step on every rake the author describes and attempt nearly every band-aid solution the MCP protocol implements, only to throw my hands up at the end, disgusted with the mess I made, and embrace WebSockets instead. After about a day's refactor, I had about three-quarters less code that was _much_ easier to reason about, and didn't have several key limitations I was uneasy about in my SSE implementation.

elesbao5 天前

my dude really got angry but forgot almost all cloud message queue offerings over HTTP works like this (minus SSE). Eventually MCP will take the same route as WS which started clunky with the http upgrade thing being standard but not often used and evolved. Then it will migrate to any other way of doing remote interface, as GRPC, REST and so on.

评论 #43948185 未加载

doug_durham4 天前

Meanwhile I'm happily writing MCP servers that meet my personal needs and installing complex packages over pip. The author seems to have a very narrow concept of what makes acceptable software.

评论 #43949259 未加载

petesergeant5 天前

This all sounds valid, but it’s also the least interesting part of the whole thing. As a developer I’m expecting to be able to reach for a framework that’ll just abstract away all the weird design decisions that he mentions.

评论 #43947934 未加载