Claude & AnthropicTutorialsLLM EngineeringBeginners

MCP for Beginners: Model Context Protocol Explained

Michael Murr··10 min read

Last updated: June 2026

Quick answer

MCP (Model Context Protocol) is an open standard that lets AI assistants like Claude, Cursor, Codex, and Gemini connect to external tools and data sources in the same way. Instead of writing a custom integration for every model, you write one MCP server and any compliant client can use it. In 2026, MCP is the closest thing the AI industry has to a "USB-C for tools." This tutorial walks through writing a minimal MCP server in Python and wiring it to Claude Code on your laptop.

TL;DR

  • MCP is a standard protocol for AI tool use. Write one server, every compliant client can call it.
  • A minimal MCP server in Python takes about 40 lines of code. The official Python SDK handles the protocol; you write the tool logic.
  • MCP matters in 2026 because the tool ecosystem fragmented. Claude, Cursor, Codex, and Gemini all adopting MCP means your custom tools become portable.

Who this is for

This article is for developers, technical product managers, and AI engineers who want to extend AI assistants with their own tools. If you use Claude Code daily and keep wishing it could read from your company's database, query your internal API, or call your custom CLI, MCP is the answer.

If you have not yet built any LLM application, get the foundations first by building your first RAG app and reading the Claude Code tutorial before tackling MCP.

What is MCP, exactly?

MCP stands for Model Context Protocol. Anthropic released it in late 2024 as an open standard. By mid-2026, it has been adopted by Claude (first and most deeply), Cursor, Codex, Gemini, and a growing list of clients.

The pitch in one sentence: MCP gives AI clients a common language for connecting to tools, data, and prompts.

Before MCP, every AI client had its own way of registering a tool. If you wrote a "query our internal database" integration for Claude Code, you had to rewrite it for Cursor, then rewrite it again for Codex. After MCP, you write one MCP server, expose your tool through it, and any MCP-compliant client can use it without code changes on the client side.

The official documentation lives at modelcontextprotocol.io and Anthropic's own MCP docs cover the Claude-specific wiring. The spec is open. Anthropic shepherds it but does not own it. That neutrality is part of why the protocol is gaining ground.

The three things an MCP server can expose

An MCP server can offer three kinds of capability to a client. Beginners only need to focus on the first one. The other two become useful once you have shipped something basic.

CapabilityWhat it isTypical example
ToolsFunctions the AI can call"Run a SQL query on our internal database"
ResourcesRead-only data the AI can fetch"Read this Confluence page"
PromptsPre-built prompt templates the user can invoke"Summarize this PR in our team's style"

For your first MCP server, only tools matter. They are the equivalent of giving Claude a new function it can use, scoped to your laptop or your team.

Why does MCP matter in 2026?

The 2026 AI coding landscape is fragmented in a way that did not exist 18 months ago. The professional-tier coding assistants now include Claude Code, Cursor, Codex (now on token-based pricing as of April 2026), and a wave of others. Each one is competitive on different benchmarks. Many teams use two or three at once.

Without a standard, every tool integration would have to be rewritten three times. With MCP, an integration lives in one server and serves them all. That is why every serious AI assistant vendor has adopted it or announced they will.

There is also a quieter shift: AI clients are no longer competing on what tools they ship. They are competing on how well they can orchestrate your custom MCP servers. The user who has built five MCP servers for their job is meaningfully more productive than the user who is using a vanilla Claude Code subscription.

How MCP connects to a client

The MCP architecture is simple to picture. There is a client (Claude Code, Cursor, etc.) and there is a server (your code). They communicate over JSON-RPC, usually over standard input and output when running locally.

You configure the client to launch your server on startup. The client and server exchange capability descriptions during the handshake. From then on, whenever the LLM decides it wants to use one of your tools, the client sends the request to your server, your server runs the tool, and the result flows back.

You write the server in any language. The official SDKs are Python and TypeScript. There are community implementations in Go, Rust, and others.

Writing a minimal MCP server in Python

Let's build the smallest useful MCP server: one that exposes a single tool to get the current time in any timezone. Trivial in scope, but it teaches the whole pattern.

First install the official Python SDK:

uv init mcp-time-server
cd mcp-time-server
uv add "mcp[cli]"

Write the server:

# server.py
from datetime import datetime
from zoneinfo import ZoneInfo
from mcp.server.fastmcp import FastMCP

mcp = FastMCP("time-server")

@mcp.tool()
def current_time(timezone: str = "UTC") -> str:
    """Return the current time in the given IANA timezone.

    Args:
        timezone: IANA timezone name (e.g. 'America/New_York', 'Europe/Berlin').
    """
    tz = ZoneInfo(timezone)
    now = datetime.now(tz)
    return now.strftime("%Y-%m-%d %H:%M:%S %Z")

if __name__ == "__main__":
    mcp.run()

That is the entire server. The FastMCP helper handles the protocol. The @mcp.tool() decorator turns your Python function into an MCP tool. The docstring and type hints become the tool's description and input schema that the LLM reads to decide when to call it.

Test the server locally before wiring it to a client:

uv run python server.py

If it starts without errors and waits for input on stdin, you are good.

Wiring the server to Claude Code

Claude Code reads MCP server configuration from a JSON file. On macOS and Linux, the user-level config lives at ~/.claude/mcp_servers.json. On Windows it is at %USERPROFILE%\.claude\mcp_servers.json.

Add an entry for your time server:

{
  "mcpServers": {
    "time-server": {
      "command": "uv",
      "args": ["run", "python", "/full/path/to/mcp-time-server/server.py"]
    }
  }
}

Restart Claude Code. The server starts automatically, and a new current_time tool becomes available to Claude. Ask Claude "what time is it in Tokyo right now?" and watch it call your tool.

That is the entire loop: write the tool, register the server, restart the client, use the tool. Once you have done this once, more complex servers (a SQL query tool, a Jira ticket tool, a deployment tool) are the same pattern with more code in the function body.

Where this leads in real work

I had a student earlier this year given a high-budget Claude Code seat at his company to build an internal SaaS dashboard. One non-trivial problem: SQL generation accuracy. Claude was writing its own SQL queries against the company's tables and getting them right about half the time. We worked through how to structure the surrounding context so Claude could reason about the schema correctly. Accuracy jumped from roughly 50% to 100%.

What made it work was treating the schema-aware SQL access as a proper MCP tool, not a freeform prompt. The tool exposed exactly which tables and columns existed, what types they had, and how they joined. Once Claude could see that structured context every time, the failures stopped.

That is the right mental model for "what MCP is for." Not cool demos. Taking the parts of your job where Claude is almost-good-enough and making them reliably-good by giving the LLM the right tools and the right context in a stable way.

Useful public MCP servers

You do not have to build every server yourself. A growing ecosystem of public MCP servers exists you can install in minutes. As of mid-2026, the more useful ones include:

  • A filesystem server (read and write files in scoped directories)
  • A GitHub server (read repos, file issues, create PRs)
  • A PostgreSQL server (run scoped queries against a database)
  • A Slack server (read channels, post messages, with auth controls)
  • A Brave Search or Tavily server (web search inside Claude Code)

The catalog grows monthly. Check the MCP servers directory for the current list. Mix and match the public servers with your own custom ones.

Security considerations you should not skip

MCP gives a model the ability to take real actions on your machine and on your services. That is the whole point and also the risk.

The basics every MCP user should follow:

  • Read the source code of any third-party MCP server before installing it. Treat it like installing a CLI tool with full access to your environment.
  • Scope filesystem servers to specific folders. Never give a server read or write access to your entire home directory.
  • Never put API keys directly in the MCP config. Use environment variables and read them in the server.
  • Require human confirmation for irreversible actions. Deleting files, posting to public channels, sending emails. Build a confirmation prompt into the tool.
  • Audit which servers are running. Check your config periodically. Remove servers you no longer use.

This is the same threat model as installing CLI tools. Apply the same caution.

Common mistakes I see

  1. Writing custom integrations instead of MCP servers. Once you have used MCP, every "let me wire Claude to our internal API" task should produce an MCP server. Portable tools are worth the small extra setup.
  2. Giving the server too many tools. Same lesson as agents. A server with three carefully scoped tools beats a server with twenty general ones. The LLM picks better when there are fewer choices.
  3. Skipping the tool descriptions. The docstring and type hints in your server are what Claude reads to decide when to use the tool. A vague docstring leads to a tool that gets ignored or misused. Write the descriptions like you are writing for a smart new hire.

What to do next

Pick the path that matches your situation.

If you have never written an MCP server, build the time-server example above end-to-end before reading anything else about MCP. Twenty minutes of doing beats a week of reading.

If you have a real workflow where Claude is almost good enough, identify the missing piece (a database query, a CLI call, a third-party API) and turn it into an MCP tool. That is the highest-leverage thing you can do with this skill.

If you want a structured path through Claude Code, MCP, and agentic AI workflows, the Agentic AI course ships 4 portfolio-ready projects, several of which use MCP. Book a free 15-minute Discovery Call and we will map your starting point.

Frequently Asked Questions

Is MCP only for Claude?

No. MCP is an open standard, and as of 2026 it is supported by Claude (Claude Code, Claude desktop apps, the API), Cursor, Codex, Gemini, and a growing number of clients. The whole point of the protocol is portability. Write the server once, use it everywhere.

Do I need to know about JSON-RPC to use MCP?

No. The Python and TypeScript SDKs handle the protocol entirely. You write Python functions decorated with @mcp.tool() and the SDK takes care of JSON-RPC, schemas, and serialization. JSON-RPC knowledge becomes useful only if you debug a low-level protocol issue.

Can MCP servers run remotely instead of on my laptop?

Yes, since the 2025 spec update. Remote MCP servers run over HTTP with proper auth (OAuth or API key). This is how SaaS vendors expose their products to AI clients without making you host anything. For learning, local stdio servers are simpler. For production tools used by a team, remote is usually the right call.

How is MCP different from OpenAI function calling or tool use?

OpenAI function calling and Anthropic tool use are model-level features: how a single API call passes a tool spec to the model. MCP is a higher layer: how an entire AI client connects to a whole pool of tools across multiple servers. You typically use both. The MCP server defines the tool; under the hood the client calls the model with that tool spec via the model's native tool-use mechanism.

Are there security risks with installing third-party MCP servers?

Yes. An MCP server runs as code on your machine, with whatever permissions you grant it. Read the source before installing a third-party server, scope its access (filesystem paths, API keys, database connections), and treat it like any other tool with access to your environment. Anthropic publishes security guidance worth reading before you install anything.

Ready to move from reading to building?

If you are serious about building MCP servers and agentic AI workflows, stop consuming content and start working with a tutor who will hold you accountable through the portfolio-ready projects in the Agentic AI course. Book a free 15-minute Discovery Call. No pitch, just a conversation about your goals.

Book a Free Discovery Call →

Written by AI Tutor Code, private 1-on-1 online tutoring for professionals learning Python, AI, and modern ML tools. 200+ students taught. 3,000+ hours of private tutoring delivered. 4.9/5 average rating.

Related articles

Keep reading on related topics.

Enjoyed this article?

You can master this and more with a dedicated 1-on-1 tutor.

Book a Free Discovery Call